diff --git a/hydra.c b/hydra.c index 33c4047..9fced14 100644 --- a/hydra.c +++ b/hydra.c @@ -155,7 +155,7 @@ char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]- #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v8.0-dev" +#define VERSION "v8.1-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" diff --git a/web/CHANGES b/web/CHANGES index 61ee56a..0a903f3 100755 --- a/web/CHANGES +++ b/web/CHANGES @@ -1,6 +1,27 @@ Changelog for hydra ------------------- +Release 8.0 +! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra +* Added module for redis (submitted by Alejandro Ramos, thanks!) +* Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach) +* Added initial interactive password authentication test for ssh (thanks to Joshua Houghton) +* Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev) +* Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24 +* with -M , you can now specify a port for each entry (use "target:port" per line) +* Verified that hydra compiles cleanly on QNX / Blackberry 10 :-) +* Bugfixes for -x option: + - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) + - fixed crash when used together with -e option +* Fixed a bug that hydra would not compile without libssh (introduced in v7.6) +* Various bugfixes if many targets where attacked in parallel +* Cygwin's Postgresql is working again, hence configure detection re-enabled +* Added gcc compilation security options (if detected to be supported by configure script) +* Enhancements to the secure compilation options +* Checked code with cppcheck and fixed some minor issues. +* Checked code with Coverity. Fixed a lot of small and medium issues. + + Release 7.6 * Added a wizard script for hydra based on a script by Shivang Desai * Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) diff --git a/web/index.html b/web/index.html index 0545f59..dd32d7e 100755 --- a/web/index.html +++ b/web/index.html @@ -16,8 +16,8 @@ A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa

- Current Version: 7.6 - Last update 2014-02-xx + Current Version: 8.0 + Last update 2014-05-12

@@ -28,26 +28,31 @@ [0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) - + Development just moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra + There is a new section below for online tutorials. Read below for Linux compilation notes. - And there is a new section below for online tutorials. - CHANGELOG for 7.6 + CHANGELOG for 8.0 =================== - * Added a wizard script for hydra based on a script by Shivang Desai - * Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) - * HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon) - * SMTP Enum: HELO is now always sent, better 500 error detection - * hydra main: - - fixed a bug in the IPv6 address parsing when a port was supplied - - added info message for pop3, imap and smtp protocol usage - * hydra GTK: missed some services, added - * dpl4hydra.sh: - - added Siemens S7-300 common passwords to default password list - - more broad searching in the list - * Performed code indention on all C files :-) - * Makefile patch to ensure .../etc directory is there (thanks to vonnyfly) + ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra + * Added module for redis (submitted by Alejandro Ramos, thanks!) + * Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach) + * Added initial interactive password authentication test for ssh (thanks to Joshua Houghton) + * Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev) + * Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24 + * with "-M targetfile", you can now specify a port for each entry (use "target:port" per line) + * Verified that hydra compiles cleanly on QNX / Blackberry 10 :-) + * Bugfixes for -x option: + - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) + - fixed crash when used together with -e option + * Fixed a bug that hydra would not compile without libssh (introduced in v7.6) + * Various bugfixes if many targets where attacked in parallel + * Cygwin's Postgresql is working again, hence configure detection re-enabled + * Added gcc compilation security options (if detected to be supported by configure script) + * Enhancements to the secure compilation options + * Checked code with cppcheck and fixed some minor issues. + * Checked code with Coverity. Fixed a lot of small and medium issues. You can also take a look at the full CHANGES file @@ -60,8 +65,8 @@ Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. - Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and - is made available under GPLv3 with a special OpenSSL license expansion. + Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX, + QNX/Blackberry, and is made available under GPLv3 with a special OpenSSL license expansion. Currently this tool supports: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, @@ -75,10 +80,22 @@ This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system. - The program is maintained by van Hauser and David Maciejak. + The program was written van Hauser and is additiionally supported by David Maciejak. - [0x02] Documentation + [0x02] Screenshots + + + (1) Target selection + + + (2) Login/Password setup + + + (3) Hydra start and output + + + [0x03] Documentation Hydra comes with a rather long README file that describes the details about the usage and special options. @@ -110,7 +127,41 @@ If you find other good ones, just email them in ( vh(at)thc(dot)org ). - [0x03] Compilation Help + [0x04] Disclaimer + + 1. Please do not use in military or secret service organizations or for illegal purposes. + 2. The Affero General Public License Version 3 (AGPLv3) applies to this code. + 3. A special license expansion for OpenSSL is included which is required for the Debian people + + + [0x05] The Art of Downloading: Source and Binaries + + 1. PRODUCTION/RELEASE VERSION: + The source code of state-of-the-art Hydra: hydra-8.0.tar.gz + (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, iPhone, Blackberry 10, etc.) + + 2. DEVELOPMENT VERSION: + You can download and compile the current development version of hydra always in its public GITHUB repository: + https://github.com/vanhauser-thc/thc-hydra by either + svn co https://github.com/vanhauser-thc/thc-hydra + or + git clone https://github.com/vanhauser-thc/thc-hydra.git + Note that this is the development state! New features - and new bugs. Things might not work! + + 3. The source code of an old, deprecated version of Hydra ONLY in case v7.x gives you problems on unusual and old platforms: + hydra-5.9.1-src.tar.gz + + 4. The Win32/Cywin binary release: --- not anymore --- + Install cygwin from http://www.cygwin.com + and compile it yourself. If you do not have cygwin installed - how + do you think you will do proper securiy testing? duh ... + + 5. ARM and Palm binaries here are old and not longer maintained: + ARM: hydra-5.0-arm.tar.gz + Palm: hydra-4.6-palm.zip + + + [0x06] Compilation Help Hydry compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc. It should even compile on historical SunOS, Ultrix etc. platforms :-) @@ -134,14 +185,7 @@ the configure script output tells you what is missing and where to get it from. - [0x04] Disclaimer - - 1. This tool is for legal purposes only! - 2. The Affero General Public License Version 3 (AGPLv3) applies to this code. - 3. A special license expansion for OpenSSL is included which is required for the Debian people - - - [0x05] Development & Contributions + [0x07] Development & Contributions Your contributions are more than welcomed! @@ -151,38 +195,10 @@ Interesting attack modules would be: OSPF, BGP, PIM, PPTP, ... (or anything else you might be able to do (and is not there yet)) + + Please note that you can also download and commit via github: https://github.com/vanhauser-thc/thc-hydra - [0x06] Screenshots - - - (1) Target selection - - - (2) Login/Password setup - - - (3) Hydra start and output - - - [0x07] The Art of Downloading: Source and Binaries - - 1. The source code of state-of-the-art Hydra: hydra-7.6.tar.gz - (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, etc.) - - 2. The source code of an old, deprecated version of Hydra ONLY in case v7.x gives you problems on unusual and old platforms: - hydra-5.9.1-src.tar.gz - - 3. The Win32/Cywin binary release: --- not anymore --- - Install cygwin from http://www.cygwin.com - and compile it yourself. If you do not have cygwin installed - how - do you think you will do proper securiy testing? duh ... - - 4. ARM and Palm binaries here are old and not longer maintained: - ARM: hydra-5.0-arm.tar.gz - Palm: hydra-4.6-palm.zip - - Comments and suggestions are welcome. Yours sincerly,