github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 20:41:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

code indent

Browse source
This commit is contained in:
van Hauser 2020-02-01 11:47:13 +01:00
parent 531ee7734b
commit 720bdb3f96
83 changed files with 6377 additions and 6240 deletions
Download patch file Download diff file Expand all files Collapse all files

223
hydra-snmp.c
View file

@ -1,10 +1,10 @@
#include "hydra-mod.h"
#ifdef LIBOPENSSL
#include <openssl/aes.h>
#include <openssl/des.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/aes.h>
#endif
extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec);
@ -15,31 +15,13 @@ extern int32_t child_head_no;
char snmpv3buf[1024], *snmpv3info = NULL;
int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0;
unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00,
0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03,
0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01,
0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00,
0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00,
0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc,
0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00
};
unsigned char snmpv3_init[] = {0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00};
unsigned char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02,
0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00,
0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03
};
unsigned char snmpv3_get1[] = {0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03};
unsigned char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00,
0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82,
0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f,
0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01,
0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b,
0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05,
0x00
};
unsigned char snmpv3_get2[] = {0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, 0x00};
unsigned char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 };
unsigned char snmpv3_nouser[] = {0x04, 0x00, 0x04, 0x00, 0x04, 0x00};
struct SNMPV1_A {
char ID;
@ -49,13 +31,11 @@ struct SNMPV1_A {
char comlen;
};
struct SNMPV1_A snmpv1_a = {
.ID = '\x30',
.len = '\x00',
.ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
.comid = '\x04',
.comlen = '\x00'
};
struct SNMPV1_A snmpv1_a = {.ID = '\x30',
.len = '\x00',
.ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */
.comid = '\x04',
.comlen = '\x00'};
struct SNMPV1_R {
unsigned char type[2];
@ -67,12 +47,14 @@ struct SNMPV1_R {
unsigned char object[11];
unsigned char value[3];
} snmpv1_r = {
.type = "\xa0\x1b", /* GET */
.identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
.value = "\x05\x00" /* we just read, so value = 0 */
.type = "\xa0\x1b", /* GET */
.identid = "\x02\x04",
.ident = "\x1a\x5e\x97\x00", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x0d",
.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */
.value = "\x05\x00" /* we just read, so value = 0 */
};
struct SNMPV1_W {
@ -85,20 +67,22 @@ struct SNMPV1_W {
unsigned char object[12];
unsigned char value[8];
} snmpv1_w = {
.type = "\xa3\x21", /* SET */
.identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x13", /* string */
.object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */
.type = "\xa3\x21", /* SET */
.identid = "\x02\x04",
.ident = "\x1a\x5e\x97\x22", /* random crap :) */
.errstat = "\x02\x01\x00", /* no error */
.errind = "\x02\x01\x00", /* error index 0 */
.objectid = "\x30\x13", /* string */
.object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",
.value = "\x04\x05Hydra" /* writing hydra :-) */
};
#ifdef LIBOPENSSL
void password_to_key_md5(u_char * password, /* IN */
u_int passwordlen, /* IN */
u_char * engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char * key) { /* OUT - pointer to caller 16-octet buffer */
void password_to_key_md5(u_char *password, /* IN */
u_int passwordlen, /* IN */
u_char *engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char *key) { /* OUT - pointer to caller 16-octet buffer */
MD5_CTX MD;
u_char *cp, password_buf[80], *mypass = password, bpass[17];
u_long password_index = 0, count = 0, i, mylen, myelen = engineLength;
@ -121,7 +105,7 @@ void password_to_key_md5(u_char * password, /* IN */
if (myelen > 32)
myelen = 32;
MD5_Init(&MD); /* initialize MD5 */
MD5_Init(&MD); /* initialize MD5 */
/* Use while loop until we've done 1 Megabyte */
while (count < 1048576) {
cp = password_buf;
@ -133,7 +117,7 @@ void password_to_key_md5(u_char * password, /* IN */
MD5_Update(&MD, password_buf, 64);
count += 64;
}
MD5_Final(key, &MD); /* tell MD5 we're done */
MD5_Final(key, &MD); /* tell MD5 we're done */
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
/* May want to ensure that engineLength <= 32, */
@ -147,11 +131,11 @@ void password_to_key_md5(u_char * password, /* IN */
return;
}
void password_to_key_sha(u_char * password, /* IN */
u_int passwordlen, /* IN */
u_char * engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char * key) { /* OUT - pointer to caller 20-octet buffer */
void password_to_key_sha(u_char *password, /* IN */
u_int passwordlen, /* IN */
u_char *engineID, /* IN - pointer to snmpEngineID */
u_int engineLength, /* IN - length of snmpEngineID */
u_char *key) { /* OUT - pointer to caller 20-octet buffer */
SHA_CTX SH;
u_char *cp, password_buf[80], *mypass = password, bpass[17];
u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength;
@ -169,7 +153,7 @@ void password_to_key_sha(u_char * password, /* IN */
if (myelen > 32)
myelen = 32;
SHA1_Init(&SH); /* initialize SHA */
SHA1_Init(&SH); /* initialize SHA */
/* Use while loop until we've done 1 Megabyte */
while (count < 1048576) {
cp = password_buf;
@ -181,7 +165,7 @@ void password_to_key_sha(u_char * password, /* IN */
SHA1_Update(&SH, password_buf, 64);
count += 64;
}
SHA1_Final(key, &SH); /* tell SHA we're done */
SHA1_Final(key, &SH); /* tell SHA we're done */
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
/* May want to ensure that engineLength <= 32, */
@ -196,7 +180,7 @@ void password_to_key_sha(u_char * password, /* IN */
}
#endif
int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) {
char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = "";
int32_t i, j, k, size, off = 0, off2 = 0;
unsigned char initVect[8], privacy_params[8];
@ -223,7 +207,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
size = sizeof(snmpv1_w);
}
snmpv1_a.comlen = (char) strlen(pass);
snmpv1_a.comlen = (char)strlen(pass);
snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3;
i = sizeof(snmpv1_a);
@ -238,7 +222,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
memcpy(buffer + i, &snmpv1_w, size);
i += sizeof(snmpv1_w);
}
} else { // snmpv3
} else { // snmpv3
if (enctype == 0) {
memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1));
i = sizeof(snmpv3_get1);
@ -277,7 +261,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (enctype == 0)
buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1];
i += snmpv3infolen;
//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]);
// printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login),
// buffer[1]);
buffer[i] = 0x04;
buffer[i + 1] = strlen(login);
@ -301,7 +286,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
i += 2;
} else {
buffer[i + 1] = 8;
memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care
memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care
i += 10;
}
@ -314,49 +299,49 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
#ifdef LIBOPENSSL
/*
//PrivDES::encrypt(const unsigned char *key,
// const uint32_t key_len,
// const unsigned char *buffer,
// const uint32_t buffer_len,
// unsigned char *out_buffer,
// uint32_t *out_buffer_len,
// unsigned char *privacy_params,
// uint32_t *privacy_params_len,
// const unsigned long engine_boots,
// const unsigned long engine_time)
// last 8 bytes of key are used as base for initialization vector */
/*
//PrivDES::encrypt(const unsigned char *key,
// const uint32_t key_len,
// const unsigned char *buffer,
// const uint32_t buffer_len,
// unsigned char *out_buffer,
// uint32_t *out_buffer_len,
// unsigned char *privacy_params,
// uint32_t *privacy_params_len,
// const unsigned long engine_boots,
// const unsigned long engine_time)
// last 8 bytes of key are used as base for initialization vector */
k = 0;
memcpy((char *) initVect, key + 8, 8);
memcpy((char *)initVect, key + 8, 8);
// put salt in privacy_params
j = htonl(engine_boots);
memcpy(privacy_params, (char *) &j, 4);
memcpy(privacy_params + 4, salt, 4); // ??? correct?
// xor initVect with salt
memcpy(privacy_params, (char *)&j, 4);
memcpy(privacy_params + 4, salt, 4); // ??? correct?
// xor initVect with salt
for (i = 0; i < 8; i++)
initVect[i] ^= privacy_params[i];
DES_key_sched((const_DES_cblock *) key, &symcbc);
DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *) (initVect), DES_ENCRYPT);
DES_key_sched((const_DES_cblock *)key, &symcbc);
DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *)(initVect), DES_ENCRYPT);
#endif
/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) {
DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (const_DES_cblock*)(initVect), DES_ENCRYPT);
}
// last part of buffer
if (buffer_len % 8) {
unsigned char tmp_buf[8];
unsigned char *tmp_buf_ptr = tmp_buf;
int32_t start = buffer_len - (buffer_len % 8);
memset(tmp_buf, 0, 8);
for (uint32_t l = start; l < buffer_len; l++)
*tmp_buf_ptr++ = buffer[l];
DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, (const_DES_cblock*)(initVect), DES_ENCRYPT);
*out_buffer_len = buffer_len + 8 - (buffer_len % 8);
} else
*out_buffer_len = buffer_len;
*/
//dummy
/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) {
DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8,
(const_DES_cblock*)(initVect), DES_ENCRYPT);
}
// last part of buffer
if (buffer_len % 8) {
unsigned char tmp_buf[8];
unsigned char *tmp_buf_ptr = tmp_buf;
int32_t start = buffer_len - (buffer_len % 8);
memset(tmp_buf, 0, 8);
for (uint32_t l = start; l < buffer_len; l++)
*tmp_buf_ptr++ = buffer[l];
DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc,
(const_DES_cblock*)(initVect), DES_ENCRYPT); *out_buffer_len =
buffer_len + 8 - (buffer_len % 8); } else *out_buffer_len = buffer_len;
*/
// dummy
k = ((sizeof(snmpv3_get2) - 2) / 8);
if ((sizeof(snmpv3_get2) - 2) % 8 != 0)
k++;
@ -364,13 +349,13 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
i += k * 8 + 2;
}
i++; // just to conform with the snmpv1/2 code
i++; // just to conform with the snmpv1/2 code
#ifdef LIBOPENSSL
if (hashtype == 1) {
HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL);
HMAC((EVP_MD *)EVP_md5(), key, 16, buffer, i - 1, hash, NULL);
memcpy(buffer + off, hash, 12);
} else if (hashtype == 2) {
HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL);
HMAC((EVP_MD *)EVP_sha1(), key, 20, buffer, i - 1, hash, NULL);
memcpy(buffer + off, hash, 12);
}
#endif
@ -384,19 +369,19 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
} while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3);
if (hydra_data_ready_timed(s, 5, 0) > 0) {
i = hydra_recv(s, (char *) buf, sizeof(buf));
i = hydra_recv(s, (char *)buf, sizeof(buf));
if (snmpversion < 3) {
/* stolen from ADMsnmp... :P */
for (j = 0; j < i; j++) {
if (buf[j] == '\x04') { /* community name */
for (j = j + buf[j + 1]; j + 2 < i; j++) {
if (buf[j] == '\xa2') { /* PDU Response */
if (buf[j] == '\xa2') { /* PDU Response */
for (; j + 2 < i; j++) {
if (buf[j] == '\x02') { /* ID */
for (j = j + (buf[j + 1]); j + 2 < i; j++) {
if (buf[j] == '\x02') {
if (buf[j + 1] == '\x01') { /* good ! */
if (buf[j + 1] == '\x01') { /* good ! */
hydra_report_found_host(port, ip, "snmp", fp);
hydra_completed_pair_found();
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
@ -411,7 +396,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
}
}
}
} else { // snmpv3 reply
} else { // snmpv3 reply
off = 0;
if (buf[0] == 0x30) {
if (buf[4] == 0x03 && buf[5] == 0x30)
@ -453,7 +438,8 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3;
return 1;
} else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist
} else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser,
sizeof(snmpv3_nouser)) >= 0) { // user does not exist
if (verbose)
printf("[INFO] user %s does not exist, skipping\n", login);
hydra_completed_pair_skip();
@ -470,7 +456,7 @@ int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, cha
return 1;
}
void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
int32_t run = 1, next_run = 1, sock = -1, i = 0;
int32_t myport = PORT_SNMP;
char *lptr;
@ -519,7 +505,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
hydra_register_socket(sp);
if (sock < 0) {
hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t) getpid());
hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t)getpid());
hydra_child_exit(1);
}
@ -528,7 +514,7 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
while (snmpv3info == NULL && next_run < 3) {
hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0);
if (hydra_data_ready_timed(sock, 5, 0) > 0) {
if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) {
if ((i = hydra_recv(sock, (char *)snmpv3buf, sizeof(snmpv3buf))) > 30) {
if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) {
snmpv3info = snmpv3buf + 7 + snmpv3buf[6];
snmpv3infolen = snmpv3info[3] + 4;
@ -538,8 +524,9 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
if (debug)
hydra_dump_asciihex(snmpv3info, snmpv3infolen);
if (snmpv3info[10] == 3 && child_head_no == 0)
printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13],
(unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]);
printf("[INFO] Remote device MAC address is "
"%02x:%02x:%02x:%02x:%02x:%02x\n",
(unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]);
}
}
}
@ -557,10 +544,10 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
while (1) {
switch (run) {
case 1: /* connect and service init function */
case 1: /* connect and service init function */
next_run = start_snmp(sock, ip, port, options, miscptr, fp);
break;
case 3: /* clean exit */
case 3: /* clean exit */
if (sock >= 0)
sock = hydra_disconnect(sock);
hydra_child_exit(2);
@ -573,13 +560,13 @@ void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
}
}
int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.
//
// fill if needed.
//
//
// return codes:
// 0 all OK
// -1 error, hydra will exit, so print a good error message here
@ -587,20 +574,22 @@ int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *mis
return 0;
}
void usage_snmp(const char* service) {
void usage_snmp(const char *service) {
printf("Module snmp is optionally taking the following parameters:\n"
" READ perform read requests (default)\n"
" WRITE perform write requests\n"
" 1 use SNMP version 1 (default)\n"
" 2 use SNMP version 2\n"
" 3 use SNMP version 3\n"
" Note that SNMP version 3 usually uses both login and passwords!\n"
" Note that SNMP version 3 usually uses both login and "
"passwords!\n"
" SNMP version 3 has the following optional sub parameters:\n"
" MD5 use MD5 authentication (default)\n"
" SHA use SHA authentication\n"
" DES use DES encryption\n"
" AES use AES encryption\n"
" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"
" if no -p/-P parameter is given, SNMPv3 noauth is performed, "
"which\n"
" only requires a password (or username) not both.\n"
"To combine the options, use colons (\":\"), e.g.:\n"
" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"