From 570e56b1151e42cf7dc5b795d71ba907f9d59524 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 17 Feb 2015 11:24:46 +0100 Subject: [PATCH 01/33] configure --disable-xhydra fix --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index d5b27ef..c9b97aa 100755 --- a/configure +++ b/configure @@ -1122,7 +1122,7 @@ if [ "X" = "X$PREFIX" ]; then PREFIX="/usr/local" fi -if [ "X" = "X$XHYDRA_SUPPORT" ]; then +if [ "X" = "X$XHYDRA_SUPPORT" -o "Xdisable" = "X$XHYDRA_SUPPORT" ]; then XHYDRA_SUPPORT="" else XHYDRA_SUPPORT="xhydra" From d4af858c7dbc4fc2d77523ce71342fcffc1afa5b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 19 Feb 2015 16:29:24 +0100 Subject: [PATCH 02/33] bugfix for endless cookies --- hydra-http-form.c | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 9388b26..6c619b1 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -52,9 +52,10 @@ Added fail or success condition, getting cookies, and allow 5 redirections by da #include "hydra-mod.h" /* HTTP Header Types */ -#define HEADER_TYPE_USERHEADER 'h' -#define HEADER_TYPE_USERHEADER_REPL 'H' -#define HEADER_TYPE_DEFAULT 'D' +#define HEADER_TYPE_USERHEADER 'h' +#define HEADER_TYPE_USERHEADER_REPL 'H' +#define HEADER_TYPE_DEFAULT 'D' +#define HEADER_TYPE_DEFAULT_REPL 'd' extern char *HYDRA_EXIT; char *buf; @@ -129,7 +130,9 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) if (new_header && new_value) { if ((type == HEADER_TYPE_USERHEADER) || (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || - (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { + (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || + (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) + ) { /* * We are in one of the following scenarios: * 1. A default header with no user-supplied headers that replace it. @@ -153,7 +156,7 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) // head is NULL, so the list is empty *ptr_head = new_ptr; } - } else if (type == HEADER_TYPE_USERHEADER_REPL && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { + } else if ((type == HEADER_TYPE_DEFAULT_REPL || type == HEADER_TYPE_USERHEADER_REPL) && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) != NULL) { // It's a user-supplied header that must replace a default one // Replace the default header's value with this new value free(existing_hdr->value); @@ -207,10 +210,10 @@ void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) { } } -void cleanup(ptr_header_node * ptr_head) { +void cleanup(ptr_header_node *ptr_head) { ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr; - while (next_ptr) { + while (next_ptr != NULL) { free(cur_ptr->header); free(cur_ptr->value); next_ptr = cur_ptr->next; @@ -472,7 +475,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request @@ -508,7 +511,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request @@ -540,8 +543,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) { - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + if (strlen(cookie) > 0) { + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); normal_request = stringify_headers(&ptr_head); } hydra_reconnect(s, ip, port, options); @@ -579,8 +582,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 4; } - if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + if (strlen(cookie) > 0) + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); //if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; @@ -694,8 +697,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; found = analyze_server_response(s); - if (strlen(cookie) > 0 && !header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT); + if (strlen(cookie) > 0) + add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); } } @@ -843,10 +846,11 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { miscptr = slash; /* to make things easier to user */ } else if ((ptr2 = index(webtarget, '/')) != NULL) { if (freemischttpform == 0) { - freemischttpform = 1; - miscptr = malloc(strlen(ptr2) + 1); - strcpy(miscptr, ptr2); - *ptr2 = 0; + if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) { + freemischttpform = 1; + strcpy(miscptr, ptr2); + *ptr2 = 0; + } } } else webtarget = NULL; From d16ee557bdcdaec4fa09bcc4e7650f5f85d4f94d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ux=C3=ADo?= Date: Thu, 26 Feb 2015 16:14:04 +0100 Subject: [PATCH 03/33] Fixed segfault checking command line arguments With inputs like ./hydra -l admin -P passwords/dictionary.txt hydra gives a segmentation fault. Now checks if index < argc after trying to access to argv[index] --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 9472fa8..33dfa8e 100644 --- a/hydra.c +++ b/hydra.c @@ -2382,7 +2382,7 @@ int main(int argc, char *argv[]) { hydra_options.service = argv[optind]; if (optind + 2 == argc) hydra_options.miscptr = argv[optind + 1]; - } else if (optind + 2 != argc && optind + 3 != argc) { + } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { // check if targetdef follow syntax ://[:][/] or it's a syntax error char *targetdef = strdup(argv[optind]); char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; From 470aa85ccbd889ebc2be3f0f2d5c186f5df676be Mon Sep 17 00:00:00 2001 From: strunk Date: Fri, 27 Feb 2015 21:29:21 +0100 Subject: [PATCH 04/33] Doubly-linked list for cookies. --- hydra-http-form.c | 114 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 101 insertions(+), 13 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 6c619b1..3946af1 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -68,6 +68,13 @@ typedef struct header_node { struct header_node *next; } t_header_node, *ptr_header_node; +typedef struct cookie_node { + char *name; + char *value; + struct cookie_node *prev; + struct cookie_node *next; +} t_cookie_node, *ptr_cookie_node; + int success_cond = 0; int getcookie = 1; int auth_flag = 0; @@ -107,6 +114,82 @@ ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, cha return found_header; } +int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) +{ + ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node)); + if (!new_ptr) + return 0; + new_ptr->name = name; + new_ptr->value = value; + new_ptr->next = NULL; + new_ptr->prev = NULL; + + if (*last_cookie == NULL) + *last_cookie = new_ptr; + else + (*last_cookie)->next = new_ptr; + + return 1; +} + +void traverse_cookies(ptr_cookie_node ptr_cookie) +{ + printf("-- COOKIES START --\n"); + ptr_cookie_node cur_ptr = NULL; + for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) + printf("Cookie: %s=%s\n", cur_ptr->name, cur_ptr->value); + printf("-- COOKIES END --\n"); +} + +/* + * Cookie list layout: + * +----------+ +--------+ +------+ + * | ptr_head | --> | next | --> | NULL | + * +----------+ | header | +------+ + * | value | + * +--------+ + * Returns 1 if success, or 0 otherwise. + */ +int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) +{ +// printf("[DEBUG] Added cookie: %s\n", cookie_expr); + ptr_cookie_node cur_ptr = NULL, new_ptr = NULL; + char * cookie_name = NULL, + * cookie_value = strstr(cookie_expr, "="); + if (cookie_value) { + cookie_name = strndup(cookie_expr, cookie_value - cookie_expr); + cookie_value = strdup(cookie_value + 1); +// printf("\t[DEBUG] Name: %s\n", cookie_name); +// printf("\t[DEBUG] Value: %s\n", cookie_value); + + // we've got the cookie's name and value, now it's time to insert or update the list + if (*ptr_cookie == NULL) { + // no cookies + append_cookie(cookie_name, cookie_value, ptr_cookie); +// if (append_cookie(cookie_name, cookie_value, ptr_cookie)) +// printf("New cookie: %s=%s\n", (*ptr_cookie)->name, (*ptr_cookie)->value); + } else { + for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { + if (strcmp(cur_ptr->name, cookie_name) == 0) { +// printf("Cookie %s already exists. Replacing.\n", cookie_name); + free(cur_ptr->value); + cur_ptr->value = cookie_value; + break; + } + if (cur_ptr->next == NULL) { +// printf("Cookie %s does not exist. Adding.\n", cookie_name); + append_cookie(cookie_name, cookie_value, &cur_ptr); + break; + } + } + } + + traverse_cookies(*ptr_cookie); + } else + return 0; + return 1; +} + /* * List layout: * +----------+ +--------+ +--------+ +--------+ @@ -163,6 +246,9 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) existing_hdr->value = new_value; existing_hdr->type = type; } + // DEBUG + printf("[DEBUG] Added header: %s = %s\n", header, value); + // END DEBUG } else { // we're out of memory, so forcefully end return 0; @@ -438,7 +524,7 @@ void hydra_reconnect(int s, char *ip, int port, unsigned char options) { } } -int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) { +int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256]; char header[8096], *upd3variables; @@ -475,7 +561,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); + add_or_update_cookie(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request @@ -511,7 +597,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); + add_or_update_cookie(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request @@ -544,7 +630,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) { - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); + add_or_update_cookie(&ptr_cookie, cookie); normal_request = stringify_headers(&ptr_head); } hydra_reconnect(s, ip, port, options); @@ -583,7 +669,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc } if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); + add_or_update_cookie(&ptr_cookie, cookie); //if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; @@ -697,8 +783,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; found = analyze_server_response(s); - if (strlen(cookie) > 0) - add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); +// if (strlen(cookie) > 0) +// add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); } } @@ -713,7 +799,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; } -void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type, ptr_header_node * ptr_head) { +void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type, ptr_header_node * ptr_head, ptr_cookie_node * ptr_cookie) { int run = 1, next_run = 1, sock = -1; int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; @@ -763,7 +849,7 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F break; } case 2: /* run the cracking function */ - next_run = start_http_form(sock, ip, port, options, miscptr, fp, type, *ptr_head); + next_run = start_http_form(sock, ip, port, options, miscptr, fp, type, *ptr_head, *ptr_cookie); break; case 3: /* clean exit */ if (sock >= 0) @@ -795,10 +881,11 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F } void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - ptr_header_node ptr_head = initialize(ip, options, miscptr); + ptr_cookie_node ptr_cookie = NULL; + ptr_header_node ptr_head = initialize(ip, options, miscptr); if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, "GET", &ptr_head); + service_http_form(ip, sp, options, miscptr, fp, port, "GET", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); hydra_child_exit(1); @@ -806,10 +893,11 @@ void service_http_get_form(char *ip, int sp, unsigned char options, char *miscpt } void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - ptr_header_node ptr_head = initialize(ip, options, miscptr); + ptr_cookie_node ptr_cookie = NULL; + ptr_header_node ptr_head = initialize(ip, options, miscptr); if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, "POST", &ptr_head); + service_http_form(ip, sp, options, miscptr, fp, port, "POST", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); hydra_child_exit(1); From ae324d6544e36251dedda0c5e20049d04eab776e Mon Sep 17 00:00:00 2001 From: Bernard Spil Date: Thu, 12 Mar 2015 08:57:57 +0100 Subject: [PATCH 05/33] Replace deprecated des_ and fix LibreSSL build uses deprecated des_ methods and types that were marked deprecated by OpenSSL 0.9.7 and will be removed in OpenSSL 1.1.0 . This patch replaces the des_ methods and types with their new DES_ counterparts. This enables building with LibreSSL as OpenSSL library. --- hydra-oracle-listener.c | 10 +++++----- hydra-smb.c | 10 +++++----- hydra-snmp.c | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 242bd61..6636705 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -106,7 +106,7 @@ int convert_byteorder(unsigned char **result, int size) { int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { int i = 0; char lastkey[8]; - des_key_schedule ks1; + DES_key_schedule ks1; unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; unsigned char *desresult; @@ -116,17 +116,17 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } - des_key_sched((C_Block *) key1, ks1); - des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + DES_key_sched((DES_cblock *) key1, ks1); + DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); for (i = 0; i < 8; i++) { lastkey[i] = desresult[siz - 8 + i]; } - des_key_sched((C_Block *) lastkey, ks1); + DES_key_sched((DES_cblock *) lastkey, ks1); memset(desresult, 0, siz); memset(ivec1, 0, sizeof(ivec1)); - des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); if ((*rs = malloc(siz)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); diff --git a/hydra-smb.c b/hydra-smb.c index 0d6fb2e..2d9ee7f 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -176,17 +176,17 @@ static void MakeKey(unsigned char *key, unsigned char *des_key) { des_key[6] = Get7Bits(key, 42); des_key[7] = Get7Bits(key, 49); - des_set_odd_parity((des_cblock *) des_key); + DES_set_odd_parity((DES_cblock *) des_key); } /* Do the DesEncryption */ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { - des_cblock des_key; - des_key_schedule key_schedule; + DES_cblock des_key; + DES_key_schedule key_schedule; MakeKey(key, des_key); - des_set_key(&des_key, key_schedule); - des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); + DES_set_key(&des_key, &key_schedule); + DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cipher, &key_schedule, 1); } /* diff --git a/hydra-snmp.c b/hydra-snmp.c index 5649bb7..21ada7f 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -335,8 +335,8 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, // xor initVect with salt for (i = 0; i < 8; i++) initVect[i] ^= privacy_params[i]; - des_key_sched((C_Block *) key, symcbc); - des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT); + DES_key_sched((DES_cblock *) key, &symcbc); + DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (DES_cblock *) (initVect), DES_ENCRYPT); #endif From 97b30df66321734bc1dd8dac22058e3ac46e3a93 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 12 Mar 2015 09:55:12 +0100 Subject: [PATCH 06/33] changelog update --- CHANGES | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES b/CHANGES index 385e4ee..c86bf2f 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 8.2-pre +* Replaced deprecated des_ and fix LibreSSL build, thanks to Bernard Spil for the patch * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Better library finding in ./configure for SVN + support for Darwin Homebrew * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! From e0759aba690ab8e495d64a34965dbe610700d1a7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 18 Mar 2015 16:45:33 +0100 Subject: [PATCH 07/33] reverted openssl des_ => DES_ renamin patch as this does not compile and fixed the cisco-enable module --- CHANGES | 2 +- hydra-oracle-listener.c | 10 +++++----- hydra-smb.c | 10 +++++----- hydra-snmp.c | 4 ++-- hydra.c | 10 ++++------ 5 files changed, 17 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index c86bf2f..29b5d7f 100644 --- a/CHANGES +++ b/CHANGES @@ -2,12 +2,12 @@ Changelog for hydra ------------------- Release 8.2-pre -* Replaced deprecated des_ and fix LibreSSL build, thanks to Bernard Spil for the patch * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Better library finding in ./configure for SVN + support for Darwin Homebrew * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! * Fixed for SSL connection to support TLSv1.2 etc. * Support for different RSA keylengths, thanks to fann95 for the patch +* Fixed a bug where the cisco-enable module was not working with the password-only logon mode * ... your patch? diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 6636705..242bd61 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -106,7 +106,7 @@ int convert_byteorder(unsigned char **result, int size) { int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { int i = 0; char lastkey[8]; - DES_key_schedule ks1; + des_key_schedule ks1; unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; unsigned char *desresult; @@ -116,17 +116,17 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } - DES_key_sched((DES_cblock *) key1, ks1); - DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); + des_key_sched((C_Block *) key1, ks1); + des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); for (i = 0; i < 8; i++) { lastkey[i] = desresult[siz - 8 + i]; } - DES_key_sched((DES_cblock *) lastkey, ks1); + des_key_sched((C_Block *) lastkey, ks1); memset(desresult, 0, siz); memset(ivec1, 0, sizeof(ivec1)); - DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); + des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); if ((*rs = malloc(siz)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); diff --git a/hydra-smb.c b/hydra-smb.c index 2d9ee7f..0d6fb2e 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -176,17 +176,17 @@ static void MakeKey(unsigned char *key, unsigned char *des_key) { des_key[6] = Get7Bits(key, 42); des_key[7] = Get7Bits(key, 49); - DES_set_odd_parity((DES_cblock *) des_key); + des_set_odd_parity((des_cblock *) des_key); } /* Do the DesEncryption */ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { - DES_cblock des_key; - DES_key_schedule key_schedule; + des_cblock des_key; + des_key_schedule key_schedule; MakeKey(key, des_key); - DES_set_key(&des_key, &key_schedule); - DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cipher, &key_schedule, 1); + des_set_key(&des_key, key_schedule); + des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); } /* diff --git a/hydra-snmp.c b/hydra-snmp.c index 21ada7f..5649bb7 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -335,8 +335,8 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, // xor initVect with salt for (i = 0; i < 8; i++) initVect[i] ^= privacy_params[i]; - DES_key_sched((DES_cblock *) key, &symcbc); - DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (DES_cblock *) (initVect), DES_ENCRYPT); + des_key_sched((C_Block *) key, symcbc); + des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT); #endif diff --git a/hydra.c b/hydra.c index 33dfa8e..629b319 100644 --- a/hydra.c +++ b/hydra.c @@ -2799,14 +2799,12 @@ int main(int argc, char *argv[]) { i = 2; } if (strcmp(hydra_options.service, "cisco-enable") == 0) { - i = 2; - if (hydra_options.login == NULL) { - //hydra_options.login = empty_login; + if (hydra_options.login != NULL || hydra_options.loginfile != NULL) i = 1; // login will be the initial Username: login, or line Password: - } - if (hydra_options.miscptr == NULL) { + else + i = 2; + if (hydra_options.miscptr == NULL) fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); - } if (hydra_options.tasks > 4) fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); } From a4edb11bb3f5015345749b4444bfdb284d1d0584 Mon Sep 17 00:00:00 2001 From: ajuaristi Date: Wed, 18 Mar 2015 22:30:37 +0100 Subject: [PATCH 08/33] Fixed issue with multiple cookies. --- hydra-http-form.c | 89 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 73 insertions(+), 16 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 3946af1..86c19cd 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -132,13 +132,37 @@ int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) return 1; } -void traverse_cookies(ptr_cookie_node ptr_cookie) +char * stringify_cookies(ptr_cookie_node ptr_cookie) { - printf("-- COOKIES START --\n"); ptr_cookie_node cur_ptr = NULL; - for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) - printf("Cookie: %s=%s\n", cur_ptr->name, cur_ptr->value); - printf("-- COOKIES END --\n"); + unsigned int length = 1; + char *cookie_hdr = (char *) malloc(length); + + if (cookie_hdr) { + memset(cookie_hdr, 0, length); + for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { + length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value); + cookie_hdr = (char *) realloc(cookie_hdr, length); + if (cookie_hdr) { + strcat(cookie_hdr, cur_ptr->name); + strcat(cookie_hdr, "="); + strcat(cookie_hdr, cur_ptr->value); + if (cur_ptr->next) + strcat(cookie_hdr, ";"); + } else + goto bail; + } + goto success; + } + +bail: + if (cookie_hdr) { + free(cookie_hdr); + cookie_hdr = NULL; + } + +success: + return cookie_hdr; } /* @@ -154,6 +178,7 @@ int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) { // printf("[DEBUG] Added cookie: %s\n", cookie_expr); ptr_cookie_node cur_ptr = NULL, new_ptr = NULL; + char * cookie = strdup(cookie_expr); char * cookie_name = NULL, * cookie_value = strstr(cookie_expr, "="); if (cookie_value) { @@ -183,13 +208,31 @@ int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) } } } - - traverse_cookies(*ptr_cookie); } else return 0; return 1; } +int process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr) +{ + char *tok = NULL; + char *expr = strdup(cookie_expr); + int res = 0; + + if (strstr(cookie_expr, ";")) { + tok = strtok(expr, ";"); + while (tok) { + res = add_or_update_cookie(ptr_cookie, tok); + if (!res) + return res; + tok = strtok(NULL, ";"); + } + return res; + } else { + return add_or_update_cookie(ptr_cookie, expr); + } +} + /* * List layout: * +----------+ +--------+ +--------+ +--------+ @@ -528,6 +571,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc char *empty = ""; char *login, *pass, clogin[256], cpass[256]; char header[8096], *upd3variables; + char *cookie_header = NULL; char *http_request; int found = !success_cond, i, j; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; @@ -561,7 +605,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) - add_or_update_cookie(&ptr_cookie, cookie); + process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request @@ -575,12 +619,16 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + cookie_header = stringify_cookies(ptr_cookie); + printf("[DEBUG] %s", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { - normal_request = stringify_headers(&ptr_head); + cookie_header = stringify_cookies(ptr_cookie); + printf("[DEBUG] %s", cookie_header); + normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; @@ -597,7 +645,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) - add_or_update_cookie(&ptr_cookie, cookie); + process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options); } // now prepare for the "real" request @@ -611,12 +659,16 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + cookie_header = stringify_cookies(ptr_cookie); + printf("[DEBUG] %s", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { - normal_request = stringify_headers(&ptr_head); + cookie_header = stringify_cookies(ptr_cookie); + printf("[DEBUG] %s", cookie_header); + normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; @@ -630,7 +682,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) { - add_or_update_cookie(&ptr_cookie, cookie); + //printf("[DEBUG] Got cookie: %s\n", cookie); + process_cookies(&ptr_cookie, cookie); normal_request = stringify_headers(&ptr_head); } hydra_reconnect(s, ip, port, options); @@ -644,12 +697,16 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + cookie_header = stringify_cookies(ptr_cookie); + printf("[DEBUG] %s\n", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { - normal_request = stringify_headers(&ptr_head); + cookie_header = stringify_cookies(ptr_cookie); + printf("[DEBUG] %s\n", cookie_header); + normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; @@ -669,7 +726,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc } if (strlen(cookie) > 0) - add_or_update_cookie(&ptr_cookie, cookie); + process_cookies(&ptr_cookie, cookie); //if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; @@ -783,8 +840,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; found = analyze_server_response(s); -// if (strlen(cookie) > 0) -// add_header(&ptr_head, "Cookie", cookie, HEADER_TYPE_DEFAULT_REPL); + if (strlen(cookie) > 0) + process_cookies(ptr_cookie, cookie); } } From 7001f487d028f528e214586d82acb83c52033a19 Mon Sep 17 00:00:00 2001 From: strunk Date: Thu, 19 Mar 2015 01:27:43 +0100 Subject: [PATCH 09/33] Fixed #41 --- hydra-http-form.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 86c19cd..85215cf 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -289,9 +289,6 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) existing_hdr->value = new_value; existing_hdr->type = type; } - // DEBUG - printf("[DEBUG] Added header: %s = %s\n", header, value); - // END DEBUG } else { // we're out of memory, so forcefully end return 0; @@ -620,14 +617,20 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); cookie_header = stringify_cookies(ptr_cookie); - printf("[DEBUG] %s", cookie_header); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { cookie_header = stringify_cookies(ptr_cookie); - printf("[DEBUG] %s", cookie_header); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) @@ -660,14 +663,20 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); cookie_header = stringify_cookies(ptr_cookie); - printf("[DEBUG] %s", cookie_header); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { cookie_header = stringify_cookies(ptr_cookie); - printf("[DEBUG] %s", cookie_header); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) @@ -698,14 +707,20 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); cookie_header = stringify_cookies(ptr_cookie); - printf("[DEBUG] %s\n", cookie_header); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("POST", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { cookie_header = stringify_cookies(ptr_cookie); - printf("[DEBUG] %s\n", cookie_header); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); normal_request = stringify_headers(&ptr_head); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) @@ -841,7 +856,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc found = analyze_server_response(s); if (strlen(cookie) > 0) - process_cookies(ptr_cookie, cookie); + process_cookies(ptr_cookie, cookie); } } From d1328eee8f5bc4e8b8721ee7aa17ea7ac01e1ae9 Mon Sep 17 00:00:00 2001 From: strunk Date: Thu, 19 Mar 2015 01:30:06 +0100 Subject: [PATCH 10/33] Removed comments --- hydra-http-form.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 85215cf..be350da 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -176,7 +176,6 @@ success: */ int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) { -// printf("[DEBUG] Added cookie: %s\n", cookie_expr); ptr_cookie_node cur_ptr = NULL, new_ptr = NULL; char * cookie = strdup(cookie_expr); char * cookie_name = NULL, @@ -184,25 +183,19 @@ int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) if (cookie_value) { cookie_name = strndup(cookie_expr, cookie_value - cookie_expr); cookie_value = strdup(cookie_value + 1); -// printf("\t[DEBUG] Name: %s\n", cookie_name); -// printf("\t[DEBUG] Value: %s\n", cookie_value); // we've got the cookie's name and value, now it's time to insert or update the list if (*ptr_cookie == NULL) { // no cookies append_cookie(cookie_name, cookie_value, ptr_cookie); -// if (append_cookie(cookie_name, cookie_value, ptr_cookie)) -// printf("New cookie: %s=%s\n", (*ptr_cookie)->name, (*ptr_cookie)->value); } else { for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { if (strcmp(cur_ptr->name, cookie_name) == 0) { -// printf("Cookie %s already exists. Replacing.\n", cookie_name); free(cur_ptr->value); cur_ptr->value = cookie_value; break; } if (cur_ptr->next == NULL) { -// printf("Cookie %s does not exist. Adding.\n", cookie_name); append_cookie(cookie_name, cookie_value, &cur_ptr); break; } From 1965e69d9203437c6b148b449b304015c7d5cc81 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 27 Mar 2015 14:45:03 +0100 Subject: [PATCH 11/33] fix xmpp for servers that send multiple lines --- hydra-xmpp.c | 93 ++++++++++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 47 deletions(-) diff --git a/hydra-xmpp.c b/hydra-xmpp.c index c800f57..1557d18 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -96,6 +96,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, /* server now would ask for the password */ if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { char *ptr = strstr(buf, CHALLENGE_STR); + if (!ptr) ptr = strstr(buf, CHALLENGE_STR2); char *ptr_end = strstr(ptr, CHALLENGE_END_STR); @@ -334,56 +335,54 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m } //some server is longer to answer usleep(300000); - buf = hydra_receive_line(sock); + do { + if ((buf = hydra_receive_line(sock)) == NULL) { + /* no auth method identified */ + hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); + free(buf); + hydra_child_exit(1); + } - if (buf == NULL) - hydra_child_exit(1); + if (strstr(buf, "SCRAM-SHA-1") != NULL) { + xmpp_auth_mechanism = AUTH_SCRAMSHA1; + } + if (strstr(buf, "CRAM-MD5") != NULL) { + xmpp_auth_mechanism = AUTH_CRAMMD5; + } + if (strstr(buf, "DIGEST-MD5") != NULL) { + xmpp_auth_mechanism = AUTH_DIGESTMD5; + } + if (strstr(buf, "PLAIN") != NULL) { + xmpp_auth_mechanism = AUTH_PLAIN; + } + if (strstr(buf, "LOGIN") != NULL) { + xmpp_auth_mechanism = AUTH_LOGIN; + } + } free(buf); - hydra_child_exit(1); - } - - if (strstr(buf, "SCRAM-SHA-1") != NULL) { - xmpp_auth_mechanism = AUTH_SCRAMSHA1; - } - if (strstr(buf, "CRAM-MD5") != NULL) { - xmpp_auth_mechanism = AUTH_CRAMMD5; - } - if (strstr(buf, "DIGEST-MD5") != NULL) { - xmpp_auth_mechanism = AUTH_DIGESTMD5; - } - if (strstr(buf, "PLAIN") != NULL) { - xmpp_auth_mechanism = AUTH_PLAIN; - } - if (strstr(buf, "LOGIN") != NULL) { - xmpp_auth_mechanism = AUTH_LOGIN; - } - } - if (xmpp_auth_mechanism == AUTH_ERROR) { - /* no auth method identified */ - hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); - free(buf); - hydra_child_exit(1); - } - free(buf); + } while (xmpp_auth_mechanism == AUTH_ERROR); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { int i; From 3cde13d4f363e11f1e14a1765b7637baa409f430 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 29 Mar 2015 13:43:40 +0200 Subject: [PATCH 12/33] added -O option to support SSL servers that are SSLv3 only --- CHANGES | 1 + hydra-mod.c | 23 +++++++++++++++++------ hydra.c | 12 +++++++++--- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 29b5d7f..8774450 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 8.2-pre +* Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Better library finding in ./configure for SVN + support for Darwin Homebrew * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! diff --git a/hydra-mod.c b/hydra-mod.c index b2a25db..38369b4 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -47,6 +47,7 @@ int __first_connect = 1; char ipstring[64]; unsigned int colored_output = 1; char quiet = 0; +int old_ssl = 0; #ifdef LIBOPENSSL SSL *ssl = NULL; @@ -468,13 +469,23 @@ int internal__hydra_connect_to_ssl(int socket) { if (sslContext == NULL) { /* context: ssl2 + ssl3 is allowed, whatever the server demands */ -// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { - if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { - if (verbose) { - err = ERR_get_error(); - fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + if (old_ssl) { + if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + } + return -1; + } + } else { +// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { + if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + } + return -1; } - return -1; } /* set the compatbility mode */ SSL_CTX_set_options(sslContext, SSL_OP_ALL); diff --git a/hydra.c b/hydra.c index 629b319..ea7a203 100644 --- a/hydra.c +++ b/hydra.c @@ -170,6 +170,7 @@ extern char *hydra_address2string(char *address); extern int colored_output; extern char quiet; extern int do_retry; +extern int old_ssl; void hydra_kill_head(int head_no, int killit, int fail); @@ -310,7 +311,7 @@ void help(int ext) { #ifdef HAVE_MATH_H " [-x MIN:MAX:CHARSET]" #endif - " [-SuvVd46] " + " [-SOuvVd46] " //"[server service [OPT]]|" "[service://server[:PORT][/OPT]]\n"); printf("\nOptions:\n"); @@ -346,7 +347,9 @@ void help(int ext) { if (ext) printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); if (ext) - printf(" -q do not print messages about connection erros\n"); + printf(" -O use old SSL v2 and v3\n"); + if (ext) + printf(" -q do not print messages about connection errors\n"); printf(" -U service module usage details\n"); if (ext == 0) printf(" -h more command line options (COMPLETE HELP)\n"); @@ -2186,7 +2189,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { + while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { switch (i) { case 'h': help(1); @@ -2194,6 +2197,9 @@ int main(int argc, char *argv[]) { case 'q': quiet = 1; break; + case 'O': + old_ssl = 1; + break; case 'u': hydra_options.loop_mode = 1; break; From 242d8f1ba0e9494c1535f35c067fe142c9e26945 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 2 Apr 2015 13:07:03 +0200 Subject: [PATCH 13/33] script kiddie warning --- Makefile | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++-- hydra-smtp.c | 2 +- hydra.c | 6 +++- 3 files changed, 90 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..f83bbe5 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,87 @@ -all: - @echo Error: you must run "./configure" first +CC=gcc +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBSVN -DLIBSSH -DHAVE_MYSQL_MYSQL_H -DHAVE_MATH_H +XLIBS= -lcurses -lssl -lidn -lpcre -lmysqlclient -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib +XIPATHS= -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 -I/usr/include/mysql +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO=hydra-logo.o +PWI_LOGO=pw-inspector-logo.o +SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 + +# +# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC +# +OPTS=-I. -O3 +# -Wall -g -pedantic +LIBS=-lm +DIR=/bin + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ + hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ + hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ + hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ + hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-rdp.c hydra-s7-300.c hydra-redis.c \ + crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ + hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ + hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ + hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ + hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ + hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ + hydra-rdp.o hydra-s7-300.c \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(PREFIX)$(DIR) + cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh + -chmod 755 $(PREFIX)/bin/dpl4hydra.sh + -mkdir -p $(PREFIX)/etc/ + -cp -f *.csv $(PREFIX)/etc/ + -mkdir -p $(PREFIX)/man/man1 + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/hydra-smtp.c b/hydra-smtp.c index 6e65578..d268fbf 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -180,7 +180,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, /* 504 5.7.4 Unrecognized authentication type */ if (strstr(buf, "334") == NULL) { - hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled\nor server is not using auth: %s\n", buf); + hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: %s\n", buf); free(buf); return 3; } diff --git a/hydra.c b/hydra.c index ea7a203..dcd6817 100644 --- a/hydra.c +++ b/hydra.c @@ -2458,7 +2458,7 @@ int main(int argc, char *argv[]) { if (optind + 3 == argc) hydra_options.miscptr = argv[optind + 2]; } - + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { hydra_options.ssl = 1; @@ -3027,6 +3027,10 @@ int main(int argc, char *argv[]) { hydra_options.max_use = MAXTASKS; } + // script kiddie patch + if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) + fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); + if (hydra_options.colonfile == NULL) { if (hydra_options.loginfile != NULL) { if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { From a49568f803dd59a11b06b8eb5c47508e6a280bb1 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 2 Apr 2015 13:07:21 +0200 Subject: [PATCH 14/33] fix --- Makefile | 86 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 84 deletions(-) diff --git a/Makefile b/Makefile index f83bbe5..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,87 +1,5 @@ -CC=gcc -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBSVN -DLIBSSH -DHAVE_MYSQL_MYSQL_H -DHAVE_MATH_H -XLIBS= -lcurses -lssl -lidn -lpcre -lmysqlclient -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib -XIPATHS= -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 -I/usr/include/mysql -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO=hydra-logo.o -PWI_LOGO=pw-inspector-logo.o -SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 - -# -# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC -# -OPTS=-I. -O3 -# -Wall -g -pedantic -LIBS=-lm -DIR=/bin - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ - hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ - hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ - hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ - hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-rdp.c hydra-s7-300.c hydra-redis.c \ - crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ - hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ - hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ - hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ - hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ - hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ - hydra-rdp.o hydra-s7-300.c \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(PREFIX)$(DIR) - cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh - -chmod 755 $(PREFIX)/bin/dpl4hydra.sh - -mkdir -p $(PREFIX)/etc/ - -cp -f *.csv $(PREFIX)/etc/ - -mkdir -p $(PREFIX)/man/man1 - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 8a9792a7b7c5efa8ecb607486908febf67a0bbf5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 4 Apr 2015 19:06:04 +0200 Subject: [PATCH 15/33] configure fixes and enhancements --- CHANGES | 2 +- configure | 47 ++++++++++++++++++++++++++++++++++------------- 2 files changed, 35 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 8774450..efc0558 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,7 @@ Changelog for hydra Release 8.2-pre * Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames -* Better library finding in ./configure for SVN + support for Darwin Homebrew +* Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! * Fixed for SSL connection to support TLSv1.2 etc. * Support for different RSA keylengths, thanks to fann95 for the patch diff --git a/configure b/configure index c9b97aa..dd3f35f 100755 --- a/configure +++ b/configure @@ -968,6 +968,14 @@ XIPATHS="" if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" ]; then XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" fi +if [ -n "$MYSQL_IPATH" ]; then + XIPATHS="$XIPATHS -I$MYSQL_IPATH" + if [ -n "$MYSQLINSUBDIR" ]; then + XDEFINES="$XDEFINES -DHAVE_MYSQL_MYSQL_H" + else + XDEFINES="$XDEFINES -DHAVE_MYSQL_H" + fi +fi if [ -n "$SSL_PATH" ]; then if [ -n "$SSLNEW" ]; then XDEFINES="$XDEFINES -DLIBOPENSSL" @@ -1016,7 +1024,7 @@ if [ -n "$RSA" ]; then XDEFINES="$XDEFINES -DNO_RSA_LEGACY" fi OLDPATH="" -for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH; do +for i in $SSL_PATH $FIREBIRD_PATH $WORACLE_LIB_PATH $PCRE_PATH $IDN_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH; do if [ "$OLDPATH" = "$i" ]; then OLDPATH="$i" else @@ -1024,11 +1032,29 @@ for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $S OLDPATH="$i" fi done -if [ -n "$SSL_IPATH" ]; then - XIPATHS="-I$SSL_IPATH" +if [ -n "$CURSES_IPATH" ]; then + XIPATHS="$XIPATHS -I$CURSES_IPATH" fi -if [ -n "$CURSES_PATH" ]; then - XLIBS="$XLIBS -lcurses" +if [ -n "$FIREBIRD_IPATH" ]; then + XIPATHS="$XIPATHS -I$FIREBIRD_IPATH" +fi +if [ -n "$IDN_IPATH" ]; then + XIPATHS="$XIPATHS -I$IDN_IPATH" +fi +if [ -n "$NCP_IPATH" ]; then + XIPATHS="$XIPATHS -I$NCP_IPATH" +fi +if [ -n "$PCRE_IPATH" ]; then + XIPATHS="$XIPATHS -I$PCRE_IPATH" +fi +if [ -n "$POSTGRES_IPATH" ]; then + XIPATHS="$XIPATHS -I$POSTGRES_IPATH" +fi +if [ -n "$PR29_IPATH" ]; then + XIPATHS="$XIPATHS -I$PR29_IPATH" +fi +if [ -n "$SSL_IPATH" ]; then + XIPATHS="$XIPATHS -I$SSL_IPATH" fi if [ -n "$SAPR3_IPATH" ]; then XIPATHS="$XIPATHS -I$SAPR3_IPATH" @@ -1045,20 +1071,15 @@ fi if [ -n "$SVN_IPATH" ]; then XIPATHS="$XIPATHS -I$SVN_IPATH" fi -if [ -n "$MYSQL_IPATH" ]; then - XIPATHS="$XIPATHS -I$MYSQL_IPATH" - if [ -n "$MYSQLINSUBDIR" ]; then - XDEFINES="$XDEFINES -DHAVE_MYSQL_MYSQL_H" - else - XDEFINES="$XDEFINES -DHAVE_MYSQL_H" - fi -fi if [ -n "$AFP_IPATH" ]; then XIPATHS="$XIPATHS -I$AFP_IPATH" fi if [ -n "$ORACLE_IPATH" ]; then XIPATHS="$XIPATHS -I$ORACLE_IPATH" fi +if [ -n "$CURSES_PATH" ]; then + XLIBS="$XLIBS -lcurses" +fi if [ -n "$SSL_PATH" ]; then XLIBS="$XLIBS -lssl" fi From 577e365cd9e39536a4c8a7926535a66bea96ef38 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 10 Apr 2015 15:26:16 +0200 Subject: [PATCH 16/33] warning fix --- hydra-http.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hydra-http.c b/hydra-http.c index def4419..cb8c989 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -189,7 +189,9 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, if (debug) hydra_report(stderr, "S:%s\n", http_buf); - ptr = ((char *) index(http_buf, ' ')) + 1; + ptr = ((char *) index(http_buf, ' ')); + if (ptr != NULL) + ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { hydra_report_found_host(port, ip, "www", fp); hydra_completed_pair_found(); @@ -199,7 +201,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, } } else { if (ptr != NULL && *ptr != '4') - fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass); + fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char) *ptr, ' ') + 1), login, pass); //the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { From 37ebc352813dfb8fd49e59cb32d0fd55448343c8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 11 Apr 2015 00:04:19 +0200 Subject: [PATCH 17/33] fix --- hydra-http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http.c b/hydra-http.c index cb8c989..821ba88 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -201,7 +201,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, } } else { if (ptr != NULL && *ptr != '4') - fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char) *ptr, ' ') + 1), login, pass); + fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char) *ptr, login, pass); //the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { From 08fedd85837d34683c5389ef32c0354014a4e634 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 21 Apr 2015 10:59:34 +0200 Subject: [PATCH 18/33] added redis initial service test --- CHANGES | 1 + hydra-redis.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 69 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index efc0558..43cbe38 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,7 @@ Changelog for hydra Release 8.2-pre * Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames +* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! * Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! * Fixed for SSL connection to support TLSv1.2 etc. diff --git a/hydra-redis.c b/hydra-redis.c index 87fb432..b38d3e7 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -88,16 +88,79 @@ void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE service_redis_core(ip, sp, options, miscptr, fp, port, 0); } +/* +* Initial password authentication test and response test for the redis server, +* added by Petar Kaleychev +* The service_redis_init function is generating ping request as redis-cli (command line interface). +* You can use redis-cli to connect with Redis. After start of the redis-server in another terminal the following: +* % ./redis-cli +* redis> ping +* when the server do not require password, leads to: +* PONG +* when the server requires password, leads to: +* (error) NOAUTH Authentication required. +* That is used for initial password authentication and redis server response tests in service_redis_init +*/ int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. - // - // fill if needed. - // // return codes: - // 0 all OK - // -1 error, hydra will exit, so print a good error message here + // 0 - when the server is redis and it requires password + // 1 - when the server is not redis or when the server do not require password + int sock = -1; + int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; + char buffer[] = "\x2a\x31\x0d\x0a\x24\x34\x0d\x0a\x70\x69\x6e\x67\x0d\x0a"; + + hydra_register_socket(sp); + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (verbose) + printf("[VERBOSE] Initial redis password authentication test and response test ...\n"); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport); + hydra_child_exit(1); + } + // generating ping request as redis-cli + if (debug) + printf("[DEBUG] buffer = %s\n", buffer); + // [debug mode]: buffer is: + // *1 + // $4 + // ping + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(sock); + if (debug) + printf("[DEBUG] buf = %s\n", buf); + // authentication test + if (strstr(buf, "+PONG") != NULL) { // the server do not require password + hydra_report(stderr, "[!] The server do not require password.\n"); + free(buf); + return 1; + } + // server response test + if (strstr(buf, "-NOAUTH Authentication required") == NULL) { + hydra_report(stderr, "[ERROR] The server is not redis, exit.\n"); + free(buf); + return 1; + } + if (verbose) + printf("[VERBOSE] The redis server requires password.\n"); + free(buf); + sock = hydra_disconnect(sock); return 0; } From b6f3e73b65f474f55beab8d60f4d86c68612682a Mon Sep 17 00:00:00 2001 From: root Date: Tue, 5 May 2015 01:44:10 +0200 Subject: [PATCH 19/33] rtsp --- Makefile.am | 4 +- hydra-rtsp.c | 247 ++ hydra.c | 6844 +++++++++++++++++++++++++------------------------- hydra.h | 2 + sasl.c | 1202 ++++----- 5 files changed, 4231 insertions(+), 4068 deletions(-) create mode 100644 hydra-rtsp.c diff --git a/Makefile.am b/Makefile.am index 89fb354..142d683 100644 --- a/Makefile.am +++ b/Makefile.am @@ -16,7 +16,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ hydra-rdp.c hydra-s7-300.c hydra-redis.c \ - crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c + crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ @@ -27,7 +27,7 @@ OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ hydra-rdp.o hydra-s7-300.c \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o BINS = hydra pw-inspector EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ diff --git a/hydra-rtsp.c b/hydra-rtsp.c new file mode 100644 index 0000000..e5d2487 --- /dev/null +++ b/hydra-rtsp.c @@ -0,0 +1,247 @@ +// +// hydra-rtsp.c +// hydra-rtsp +// +// Created by Javier Sánchez on 18/04/15. +// +// + +#include +#include "hydra-mod.h" +#include +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; +char packet[500]; +char packet2[500]; + +int is_Unauthorized(char * s){ + + if (strstr(s,"401 Unauthorized")!= NULL){ + return 1; + }else{ + return 0; + } +} + +int is_NotFound(char * s){ + + if (strstr(s,"404 Stream Not Found")!= NULL){ + return 1; + }else{ + return 0; + } +} + +int is_Authorized(char * s){ + + if (strstr(s,"200 OK")!= NULL){ + return 1; + }else{ + return 0; + } +} + +int use_Basic_Auth(char * s){ + + if(strstr(s,"WWW-Authenticate: Basic")!=NULL){ + return 1; + }else{ + return 0; + } +} + +int use_Digest_Auth(char * s){ + + if(strstr(s,"WWW-Authenticate: Digest")!=NULL){ + return 1; + }else{ + return 0; + } +} + + + +void create_core_packet(int control,char* ip, int port){ + + char buffer[500]; + char * target=hydra_address2string(ip); + if (control==0){ + if (strlen(packet) <= 0){ + sprintf(packet, "DESCRIBE rtsp://%s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n",target,port); + + } + }else{ + if (strlen(packet2) <= 0){ + sprintf(packet2, "DESCRIBE rtsp://%s:%i RTSP/1.0\r\nCSeq: 3\r\n",target,port); + } + } +} +int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) +{ + char *empty = ""; + char *login, *pass, buffer[500],buffer2[500]; + + char * lresp; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + + create_core_packet(0,ip,port); + + if (hydra_send(s, packet, strlen(packet), 0) < 0) { + return 1; + } + lresp = hydra_receive_line(s); + + if (lresp == NULL){ + printf("null"); + return 1; + } + + if (is_NotFound(lresp)){ + printf("Server dont need credentials\r\n"); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ + return 3; + } + return 1; + } else { + + create_core_packet(1,ip, port); + + if (use_Basic_Auth(lresp)==1) { + + sprintf(buffer2,"%s:%s",login,pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%sAuthorization: : Basic %s\r\n\r\n",packet2,buffer2); + + if (debug){ + hydra_report(stderr, "C:%s\n", buffer); + } + } + + if(use_Digest_Auth(lresp)==1){ + + char dbuffer[500]; + char aux[500]; + + + char *pbuffer = hydra_strcasestr(lresp,"WWW-Authenticate: Digest "); + strncpy(aux,pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); + aux[sizeof(aux)-1]='\0'; + +#ifdef LIBOPENSSL + + sasl_digest_md5(&dbuffer, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); +#endif + + if (dbuffer==NULL) { + printf("digest fail, dbuffer null\r\n"); + return 3; + } + sprintf(buffer, "%sAuthorization: Digest %s\r\n\r\n", packet2, dbuffer); + + if (debug){ + hydra_report(stderr, "C:%s\n", buffer); + } + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + + lresp = NULL; + + lresp = hydra_receive_line(s); + + if ((is_NotFound(lresp))){ + + hydra_completed_pair_found(); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ + return 3; + } + return 1; + + + } + hydra_completed_pair(); + } + + if(memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + +//not rechead + return 2; +} + +void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_RTSP, mysslport = PORT_RTSP_SSL; + char *ptr, *ptr2; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0){ + sock = hydra_disconnect(sock); + } + if ((options & OPTION_SSL) == 0) { + if (port != 0){ + myport = port; + } + sock = hydra_connect_tcp(ip, myport); + port = myport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run=2; + break; + case 2: /* run the cracking function */ + next_run = start_rtsp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + printf("end"); + return; + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_rtsp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + return 0; +} + diff --git a/hydra.c b/hydra.c index dcd6817..cb97ad0 100644 --- a/hydra.c +++ b/hydra.c @@ -51,6 +51,10 @@ extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscpt // ADD NEW SERVICES HERE +extern void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); + +// ADD NEW SERVICES HERE + #ifdef HAVE_MATH_H extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); @@ -137,10 +141,11 @@ extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *mi // ADD NEW SERVICES HERE +extern int service_rtsp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); // ADD NEW SERVICES HERE char *SERVICES = - "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; +"asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp rtsp"; #define MAXBUF 520 #define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) @@ -176,95 +181,95 @@ void hydra_kill_head(int head_no, int killit, int fail); // some structure definitions typedef struct { - pid_t pid; - int sp[2]; - int target_no; - char *current_login_ptr; - char *current_pass_ptr; - char reverse[256]; - int active; - int redo; - time_t last_seen; + pid_t pid; + int sp[2]; + int target_no; + char *current_login_ptr; + char *current_pass_ptr; + char reverse[256]; + int active; + int redo; + time_t last_seen; } hydra_head; typedef struct { - char *target; - char ip[36]; - char *login_ptr; - char *pass_ptr; - unsigned long int login_no; - unsigned long int pass_no; - unsigned long int sent; - int pass_state; - int use_count; - int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved - int fail_count; - int redo_state; - int redo; - int ok; - int failed; - int skipcnt; - int port; - char *redo_login[MAXTASKS * 2 + 2]; - char *redo_pass[MAXTASKS * 2 + 2]; - char *skiplogin[SKIPLOGIN]; -// char *bfg_ptr[MAXTASKS]; + char *target; + char ip[36]; + char *login_ptr; + char *pass_ptr; + unsigned long int login_no; + unsigned long int pass_no; + unsigned long int sent; + int pass_state; + int use_count; + int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved + int fail_count; + int redo_state; + int redo; + int ok; + int failed; + int skipcnt; + int port; + char *redo_login[MAXTASKS * 2 + 2]; + char *redo_pass[MAXTASKS * 2 + 2]; + char *skiplogin[SKIPLOGIN]; + // char *bfg_ptr[MAXTASKS]; } hydra_target; typedef struct { - int active; // active tasks of hydra_options.max_use - int targets; - int finished; - int exit; - unsigned long int todo_all; - unsigned long int todo; - unsigned long int sent; - unsigned long int found; - unsigned long int countlogin; - unsigned long int countpass; - size_t sizelogin; - size_t sizepass; - FILE *ofp; + int active; // active tasks of hydra_options.max_use + int targets; + int finished; + int exit; + unsigned long int todo_all; + unsigned long int todo; + unsigned long int sent; + unsigned long int found; + unsigned long int countlogin; + unsigned long int countpass; + size_t sizelogin; + size_t sizepass; + FILE *ofp; } hydra_brain; typedef struct { - int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined - int loop_mode; // valid modes: 0 = password, 1 = user - int ssl; - int restore; - int debug; // is external - for restore - int verbose; // is external - for restore - int showAttempt; - int tasks; - int try_null_password; - int try_password_same_as_login; - int try_password_reverse_login; - int exit_found; - int max_use; - int cidr; - char *login; - char *loginfile; - char *pass; - char *passfile; - char *outfile_ptr; - char *infile_ptr; - char *colonfile; - int waittime; // is external - for restore - int conwait; // is external - for restore - unsigned int port; // is external - for restore - char *miscptr; - char *server; - char *service; - char bfg; + int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined + int loop_mode; // valid modes: 0 = password, 1 = user + int ssl; + int restore; + int debug; // is external - for restore + int verbose; // is external - for restore + int showAttempt; + int tasks; + int try_null_password; + int try_password_same_as_login; + int try_password_reverse_login; + int exit_found; + int max_use; + int cidr; + char *login; + char *loginfile; + char *pass; + char *passfile; + char *outfile_ptr; + char *infile_ptr; + char *colonfile; + int waittime; // is external - for restore + int conwait; // is external - for restore + unsigned int port; // is external - for restore + char *miscptr; + char *server; + char *service; + char bfg; } hydra_option; typedef struct { - char *name; - int port; - int port_ssl; + char *name; + int port; + int port_ssl; } hydra_portlist; -// external vars +// external vars extern char HYDRA_EXIT[5]; #if !defined(ANDROID) && !defined(__BIONIC__) @@ -283,7 +288,7 @@ extern char *proxy_authentication; extern char *cmdlinetarget; extern char *fe80; -// required global vars +// required global vars char *prg; size_t size_of_data = -1; hydra_head **hydra_heads = NULL; @@ -294,7 +299,7 @@ char *sck = NULL; int prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int child_head_no = -1, child_socket; -// moved for restore feature +// moved for restore feature int process_restore = 0, dont_unlink; char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL; size_t countservers = 1, sizeservers = 0; @@ -307,3554 +312,3567 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" void help(int ext) { - printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" + printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" #ifdef HAVE_MATH_H - " [-x MIN:MAX:CHARSET]" + " [-x MIN:MAX:CHARSET]" #endif - " [-SOuvVd46] " - //"[server service [OPT]]|" - "[service://server[:PORT][/OPT]]\n"); - printf("\nOptions:\n"); - if (ext) - printf(" -R restore a previous aborted/crashed session\n"); + " [-SOuvVd46] " + //"[server service [OPT]]|" + "[service://server[:PORT][/OPT]]\n"); + printf("\nOptions:\n"); + if (ext) + printf(" -R restore a previous aborted/crashed session\n"); #ifdef LIBOPENSSL - if (ext) - printf(" -S perform an SSL connect\n"); + if (ext) + printf(" -S perform an SSL connect\n"); #endif - if (ext) - printf(" -s PORT if the service is on a different default port, define it here\n"); - printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); - printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); + if (ext) + printf(" -s PORT if the service is on a different default port, define it here\n"); + printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); + printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); #ifdef HAVE_MATH_H - if (ext) - printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); + if (ext) + printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); #endif - if (ext) - printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); - if (ext) - printf(" -u loop around users, not passwords (effective! implied with -x)\n"); - printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); - printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); - if (ext) - printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); - if (ext) - printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); - printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); - if (ext) - printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); - if (ext) - printf(" -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n"); - if (ext) - printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); - if (ext) - printf(" -O use old SSL v2 and v3\n"); - if (ext) - printf(" -q do not print messages about connection errors\n"); - printf(" -U service module usage details\n"); - if (ext == 0) - printf(" -h more command line options (COMPLETE HELP)\n"); - printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); - printf(" service the service to crack (see below for supported protocols)\n"); - printf(" OPT some service modules support additional input (-U for module help)\n"); - - printf("\nSupported services: %s\n", SERVICES); - printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); - printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); - if (ext && strlen(unsupported) > 0) { - if (unsupported[strlen(unsupported) - 1] == ' ') - unsupported[strlen(unsupported) - 1] = 0; - printf("These services were not compiled in: %s.\n", unsupported); - } - if (ext) { - printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); - printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); - printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); - printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); - } - - printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); - if (ext) { - printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); - printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); - printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); - printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); - } - exit(-1); + if (ext) + printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); + if (ext) + printf(" -u loop around users, not passwords (effective! implied with -x)\n"); + printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); + printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); + if (ext) + printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); + if (ext) + printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); + printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); + if (ext) + printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); + if (ext) + printf(" -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n"); + if (ext) + printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); + if (ext) + printf(" -O use old SSL v2 and v3\n"); + if (ext) + printf(" -q do not print messages about connection errors\n"); + printf(" -U service module usage details\n"); + if (ext == 0) + printf(" -h more command line options (COMPLETE HELP)\n"); + printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); + printf(" service the service to crack (see below for supported protocols)\n"); + printf(" OPT some service modules support additional input (-U for module help)\n"); + + printf("\nSupported services: %s\n", SERVICES); + printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); + printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); + if (ext && strlen(unsupported) > 0) { + if (unsupported[strlen(unsupported) - 1] == ' ') + unsupported[strlen(unsupported) - 1] = 0; + printf("These services were not compiled in: %s.\n", unsupported); + } + if (ext) { + printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); + printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); + printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); + printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); + } + + printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); + if (ext) { + printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); + printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); + printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); + printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); + } + exit(-1); } void help_bfg() { - printf("Hydra bruteforce password generation option usage:\n\n" - " -x MIN:MAX:CHARSET\n\n" - " MIN is the minimum number of characters in the password\n" - " MAX is the maximum number of characters in the password\n" - " CHARSET is a specification of the characters to use in the generation\n" - " valid CHARSET values are: 'a' for lowercase letters,\n" - " 'A' for uppercase letters, '1' for numbers, and for all others,\n" - " just add their real representation.\n\n" - "Examples:\n" - " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" - " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" - " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); - printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); - exit(-1); + printf("Hydra bruteforce password generation option usage:\n\n" + " -x MIN:MAX:CHARSET\n\n" + " MIN is the minimum number of characters in the password\n" + " MAX is the maximum number of characters in the password\n" + " CHARSET is a specification of the characters to use in the generation\n" + " valid CHARSET values are: 'a' for lowercase letters,\n" + " 'A' for uppercase letters, '1' for numbers, and for all others,\n" + " just add their real representation.\n\n" + "Examples:\n" + " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" + " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" + " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); + printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + exit(-1); } void module_usage() { - int find = 0; - - if (hydra_options.service) { - printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); - if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); - find = 1; + int find = 0; + + if (hydra_options.service) { + printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); + find = 1; + } + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "cvs") == 0) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "xmpp") == 0) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "imap") == 0)) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "svn") == 0)) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "irc") == 0)) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) + || (strcmp(hydra_options.service, "ldap3") == 0) + || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) + ) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) + || (strcmp(hydra_options.service, "https-get-form") == 0) + || (strcmp(hydra_options.service, "http-post-form") == 0) + || (strcmp(hydra_options.service, "https-post-form") == 0) + || (strncmp(hydra_options.service, "http-form", 9) == 0) + || (strncmp(hydra_options.service, "https-form", 10) == 0) + ) + ) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: :
:[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it exists, by the\n" + " one supplied by the user, or add the header at the end\n" + "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the examples above and below).\n" + " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as option separators.\n" + "\nExamples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + hydra_options.service); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + find = 1; + } + if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { + printf("Module snmp is optionally taking the following parameters:\n"); + printf(" READ perform read requests (default)\n"); + printf(" WRITE perform write requests\n"); + printf(" 1 use SNMP version 1 (default)\n"); + printf(" 2 use SNMP version 2\n"); + printf(" 3 use SNMP version 3\n"); + printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); + printf(" SNMP version 3 has the following optional sub parameters:\n"); + printf(" MD5 use MD5 authentication (default)\n"); + printf(" SHA use SHA authentication\n"); + printf(" DES use DES encryption\n"); + printf(" AES use AES encryption\n"); + printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); + printf(" only requires a password (or username) not both.\n"); + printf("To combine the options, use colons (\":\"), e.g.:\n"); + printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); + printf(" hydra -P pass.txt -m 2 target.com snmp\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get") == 0) + || (strcmp(hydra_options.service, "https-get") == 0) + || (strcmp(hydra_options.service, "http-post") == 0) + || (strcmp(hydra_options.service, "https-post") == 0)) + ) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); + find = 1; + } } - if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "cvs") == 0) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "xmpp") == 0) { - printf("Module xmpp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { - printf("Module pop3 is optionally taking one authentication type of:\n" - " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "imap") == 0)) { - printf("Module imap is optionally taking one authentication type of:\n" - " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { - printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" - "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { - printf("Module smtp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "svn") == 0)) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "irc") == 0)) { - printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { - printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { - printf("Module sshkey does not provide additional options, although the semantic for\n" - "options -p and -P is changed:\n" - " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" - "and the optional parameter for the password of the user.\n" - "Examples:\n" - " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) - || (strcmp(hydra_options.service, "ldap3") == 0) - || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) - ) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" - "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" - "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directy ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" - "Note: you can set the group type using LOCAL or DOMAIN keyword\n" - " or other_domain:{value} to specify a trusted domain.\n" - " you can set the password type using HASH or MACHINE keyword\n" - " (to use the Machine's NetBIOS name as the password).\n" - " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" - "Example: \n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) - || (strcmp(hydra_options.service, "https-get-form") == 0) - || (strcmp(hydra_options.service, "http-post-form") == 0) - || (strcmp(hydra_options.service, "https-post-form") == 0) - || (strncmp(hydra_options.service, "http-form", 9) == 0) - || (strncmp(hydra_options.service, "https-form", 10) == 0) - ) - ) { - printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: ::[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" - " placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" - " C=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note: 'h' will add the user-defined header at the end\n" - " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" - "\nExamples:\n" - " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", - hydra_options.service); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { - printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" - "The -L loginfile must contain the URL list to try through the proxy.\n" - "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); - find = 1; - } - if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { - printf("Module snmp is optionally taking the following parameters:\n"); - printf(" READ perform read requests (default)\n"); - printf(" WRITE perform write requests\n"); - printf(" 1 use SNMP version 1 (default)\n"); - printf(" 2 use SNMP version 2\n"); - printf(" 3 use SNMP version 3\n"); - printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); - printf(" SNMP version 3 has the following optional sub parameters:\n"); - printf(" MD5 use MD5 authentication (default)\n"); - printf(" SHA use SHA authentication\n"); - printf(" DES use DES encryption\n"); - printf(" AES use AES encryption\n"); - printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); - printf(" only requires a password (or username) not both.\n"); - printf("To combine the options, use colons (\":\"), e.g.:\n"); - printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); - printf(" hydra -P pass.txt -m 2 target.com snmp\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get") == 0) - || (strcmp(hydra_options.service, "https-get") == 0) - || (strcmp(hydra_options.service, "http-post") == 0) - || (strcmp(hydra_options.service, "https-post") == 0)) - ) { - printf("Module %s requires the page to authenticate.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); - find = 1; - } - } - if (!find) // this is also printed if the module does not exist at all - printf("The Module %s does not need or support optional parameters\n", hydra_options.service); - exit(0); + if (!find) // this is also printed if the module does not exist at all + printf("The Module %s does not need or support optional parameters\n", hydra_options.service); + exit(0); } void hydra_debug(int force, char *string) { - int i; - - if (!debug && !force) - return; - - printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); - printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", - hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, - hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, - hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); - printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", - hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, - (unsigned long int) hydra_brains.sizepass); - for (i = 0; i < hydra_brains.targets; i++) - printf - ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", - i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, - hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, - hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, - hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); - if (hydra_heads != NULL) - for (i = 0; i < hydra_options.max_use; i++) - printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", - i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, - hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, - hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); + int i; + + if (!debug && !force) + return; + + printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); + printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", + hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, + hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, + hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", + hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, + (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, + (unsigned long int) hydra_brains.sizepass); + for (i = 0; i < hydra_brains.targets; i++) + printf + ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", + i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, + hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, + hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, + hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); + if (hydra_heads != NULL) + for (i = 0; i < hydra_options.max_use; i++) + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", + i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, + hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, + hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); } void bail(char *text) { - fprintf(stderr, "[ERROR] %s\n", text); - exit(-1); + fprintf(stderr, "[ERROR] %s\n", text); + exit(-1); } void hydra_restore_write(int print_msg) { - FILE *f; - hydra_brain brain; - char mynull[4] = { 0, 0, 0, 0 }; - int i = 0, j = 0; - hydra_head hh; - - if (process_restore != 1) - return; - - for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) - j++; - if (j == 0) { - process_restore = 0; - return; - } - - if ((f = fopen(RESTOREFILE, "w")) == NULL) { - fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); - perror(""); - process_restore = 0; - return; - } else if (debug) - printf("[DEBUG] Writing restore file... "); - - fprintf(f, "%s\n", PROGRAM); - memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); - brain.targets = i; - brain.ofp = NULL; - brain.finished = brain.active = 0; - fck = fwrite(&bf_options, sizeof(bf_options), 1, f); - if (bf_options.crs != NULL) - fck = fwrite(bf_options.crs, BF_CHARSMAX, 1, f); - else - fck = fwrite(mynull, sizeof(mynull), 1, f); - fck = fwrite(&brain, sizeof(hydra_brain), 1, f); - fck = fwrite(&hydra_options, sizeof(hydra_option), 1, f); - fprintf(f, "%s\n", hydra_options.server == NULL ? "" : hydra_options.server); - if (hydra_options.outfile_ptr == NULL) - fprintf(f, "\n"); - else - fprintf(f, "%s\n", hydra_options.outfile_ptr); - fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); - fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); - if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) - fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); - for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done != 1) { - fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); - fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), - (int) (hydra_targets[j]->pass_ptr - pass_ptr)); - fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); - if (hydra_targets[j]->redo) - for (i = 0; i < hydra_targets[j]->redo; i++) - fprintf(f, "%s\n%s\n", hydra_targets[j]->redo_login[i], hydra_targets[j]->redo_pass[i]); - if (hydra_targets[j]->skipcnt) - for (i = 0; i < hydra_targets[j]->skipcnt; i++) - fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); + FILE *f; + hydra_brain brain; + char mynull[4] = { 0, 0, 0, 0 }; + int i = 0, j = 0; + hydra_head hh; + + if (process_restore != 1) + return; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) + j++; + if (j == 0) { + process_restore = 0; + return; } - for (j = 0; j < hydra_options.max_use; j++) { - memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); - if (j == 0 && debug) { - printf("[DEBUG] sizeof hydra_head: %d\n", sizeof(hydra_head)); - printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); - } - hh.active = 0; // re-enable disabled heads - if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) - || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { - hh.redo = 1; - if (print_msg && debug) - printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, - hh.current_login_ptr, hh.current_pass_ptr); - } - fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); - if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) - fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); + + if ((f = fopen(RESTOREFILE, "w")) == NULL) { + fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); + perror(""); + process_restore = 0; + return; + } else if (debug) + printf("[DEBUG] Writing restore file... "); + + fprintf(f, "%s\n", PROGRAM); + memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); + brain.targets = i; + brain.ofp = NULL; + brain.finished = brain.active = 0; + fck = fwrite(&bf_options, sizeof(bf_options), 1, f); + if (bf_options.crs != NULL) + fck = fwrite(bf_options.crs, BF_CHARSMAX, 1, f); else - fprintf(f, "\n\n"); - } - - fprintf(f, "%s\n", PROGRAM); - fclose(f); - if (debug) - printf("done\n"); - if (print_msg) - printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); - hydra_debug(0, "hydra_restore_write()"); + fck = fwrite(mynull, sizeof(mynull), 1, f); + fck = fwrite(&brain, sizeof(hydra_brain), 1, f); + fck = fwrite(&hydra_options, sizeof(hydra_option), 1, f); + fprintf(f, "%s\n", hydra_options.server == NULL ? "" : hydra_options.server); + if (hydra_options.outfile_ptr == NULL) + fprintf(f, "\n"); + else + fprintf(f, "%s\n", hydra_options.outfile_ptr); + fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); + fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); + if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) + fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done != 1) { + fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); + fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), + (int) (hydra_targets[j]->pass_ptr - pass_ptr)); + fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); + if (hydra_targets[j]->redo) + for (i = 0; i < hydra_targets[j]->redo; i++) + fprintf(f, "%s\n%s\n", hydra_targets[j]->redo_login[i], hydra_targets[j]->redo_pass[i]); + if (hydra_targets[j]->skipcnt) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) + fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); + } + for (j = 0; j < hydra_options.max_use; j++) { + memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); + if (j == 0 && debug) { + printf("[DEBUG] sizeof hydra_head: %d\n", sizeof(hydra_head)); + printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); + } + hh.active = 0; // re-enable disabled heads + if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) + || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { + hh.redo = 1; + if (print_msg && debug) + printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, + hh.current_login_ptr, hh.current_pass_ptr); + } + fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); + if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) + fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); + else + fprintf(f, "\n\n"); + } + + fprintf(f, "%s\n", PROGRAM); + fclose(f); + if (debug) + printf("done\n"); + if (print_msg) + printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); + hydra_debug(0, "hydra_restore_write()"); } void hydra_restore_read() { - FILE *f; - char mynull[4]; - int i, j, orig_debug = debug; - char out[1024]; - - if (debug) printf("[DEBUG] reading restore file %s\n", RESTOREFILE); - if ((f = fopen(RESTOREFILE, "r")) == NULL) { - fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); - perror(""); - exit(-1); - } - - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (strcmp(out, PROGRAM) != 0) { - fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); - exit(-1); - } - fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); - fck = (int) fread(mynull, sizeof(mynull), 1, f); - if (debug) printf("[DEBUG] reading restore file: Step 1 complete\n"); - if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { - bf_options.crs = NULL; - } else { - bf_options.crs = malloc(BF_CHARSMAX); - memcpy(bf_options.crs, mynull, sizeof(mynull)); - fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); - } - if (debug) printf("[DEBUG] reading restore file: Step 2 complete\n"); - - fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); - hydra_brains.ofp = stdout; - fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); - hydra_options.restore = 1; - verbose = hydra_options.verbose; - debug = hydra_options.debug; - if (debug || orig_debug) printf("[DEBUG] run_debug %d, orig_debug %d\n", debug, orig_debug); - if (orig_debug) { - debug = 1; - hydra_options.debug = 1; - } - waittime = hydra_options.waittime; - conwait = hydra_options.conwait; - port = hydra_options.port; - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_options.server = strdup(out); - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 3 complete\n"); - if (strlen(out) > 0) { - hydra_options.outfile_ptr = malloc(strlen(out) + 1); - strcpy(hydra_options.outfile_ptr, out); - } else - hydra_options.outfile_ptr = NULL; - if (debug) printf("[DEBUG] reading restore file: Step 4 complete\n"); - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 5 complete\n"); - if (strlen(out) == 0) - hydra_options.miscptr = NULL; - else { - hydra_options.miscptr = malloc(strlen(out) + 1); - strcpy(hydra_options.miscptr, out); - } - if (debug) printf("[DEBUG] reading restore file: Step 6 complete\n"); - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 7 complete\n"); - hydra_options.service = malloc(strlen(out) + 1); - strcpy(hydra_options.service, out); - if (debug) printf("[DEBUG] reading restore file: Step 8 complete\n"); - - login_ptr = malloc(hydra_brains.sizelogin); - fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); - if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); - if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode - pass_ptr = malloc(hydra_brains.sizepass); - fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); - } else { // colonfile mode - hydra_options.colonfile = empty_login; // dummy - pass_ptr = csv_ptr = login_ptr; - } - if (debug) printf("[DEBUG] reading restore file: Step 10 complete\n"); - - hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); - for (j = 0; j < hydra_brains.targets; j++) { - hydra_targets[j] = malloc(sizeof(hydra_target)); - fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + FILE *f; + char mynull[4]; + int i, j, orig_debug = debug; + char out[1024]; + + if (debug) printf("[DEBUG] reading restore file %s\n", RESTOREFILE); + if ((f = fopen(RESTOREFILE, "r")) == NULL) { + fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); + perror(""); + exit(-1); + } + sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->target = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->target, out); - sck = fgets(out, sizeof(out), f); - hydra_targets[j]->login_ptr = login_ptr + atoi(out); - sck = fgets(out, sizeof(out), f); - hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); - sck = fgets(out, sizeof(out), f); // target login_ptr, ignord - sck = fgets(out, sizeof(out), f); - if (hydra_options.bfg) { - if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; - hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->pass_ptr, out); + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); + exit(-1); } - if (hydra_targets[j]->redo > 0) - for (i = 0; i < hydra_targets[j]->redo; i++) { - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->redo_login[i] = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->redo_login[i], out); - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->redo_pass[i], out); - } - if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) - hydra_targets[j]->skipcnt = 0; - if (hydra_targets[j]->skipcnt > 0) - for (i = 0; i < hydra_targets[j]->skipcnt; i++) { - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->skiplogin[i] = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->skiplogin[i], out); - } - hydra_targets[j]->fail_count = 0; - hydra_targets[j]->use_count = 0; - hydra_targets[j]->failed = 0; - } - if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); - hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); - for (j = 0; j < hydra_options.max_use; j++) { - hydra_heads[j] = malloc(sizeof(hydra_head)); - fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); - hydra_heads[j]->sp[0] = -1; - hydra_heads[j]->sp[1] = -1; - sck = fgets(out, sizeof(out), f); - if (hydra_heads[j]->redo) { - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); - strcpy(hydra_heads[j]->current_login_ptr, out); - } - sck = fgets(out, sizeof(out), f); - if (hydra_heads[j]->redo) { - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; -if (debug) printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_login_ptr[0] == %d\n", j, out[0], hydra_heads[j]->current_login_ptr[0]); - if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { - hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); - strcpy(hydra_heads[j]->current_pass_ptr, out); - if (debug) - printf("[DEBUG] redo: %d %s/%s\n", j, hydra_heads[j]->current_login_ptr, hydra_heads[j]->current_pass_ptr); - } else { - hydra_heads[j]->redo = 0; - free(hydra_heads[j]->current_login_ptr); - hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; - } + fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); + fck = (int) fread(mynull, sizeof(mynull), 1, f); + if (debug) printf("[DEBUG] reading restore file: Step 1 complete\n"); + if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { + bf_options.crs = NULL; } else { - hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + bf_options.crs = malloc(BF_CHARSMAX); + memcpy(bf_options.crs, mynull, sizeof(mynull)); + fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); } - } - if (debug) printf("[DEBUG] reading restore file: Step 12 complete\n"); - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (strcmp(out, PROGRAM) != 0) { - fprintf(stderr, "[ERROR] invalid restore file (end)\n"); - exit(-1); - } - fclose(f); - hydra_debug(0, "hydra_restore_read"); + if (debug) printf("[DEBUG] reading restore file: Step 2 complete\n"); + + fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); + hydra_brains.ofp = stdout; + fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); + hydra_options.restore = 1; + verbose = hydra_options.verbose; + debug = hydra_options.debug; + if (debug || orig_debug) printf("[DEBUG] run_debug %d, orig_debug %d\n", debug, orig_debug); + if (orig_debug) { + debug = 1; + hydra_options.debug = 1; + } + waittime = hydra_options.waittime; + conwait = hydra_options.conwait; + port = hydra_options.port; + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_options.server = strdup(out); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) printf("[DEBUG] reading restore file: Step 3 complete\n"); + if (strlen(out) > 0) { + hydra_options.outfile_ptr = malloc(strlen(out) + 1); + strcpy(hydra_options.outfile_ptr, out); + } else + hydra_options.outfile_ptr = NULL; + if (debug) printf("[DEBUG] reading restore file: Step 4 complete\n"); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) printf("[DEBUG] reading restore file: Step 5 complete\n"); + if (strlen(out) == 0) + hydra_options.miscptr = NULL; + else { + hydra_options.miscptr = malloc(strlen(out) + 1); + strcpy(hydra_options.miscptr, out); + } + if (debug) printf("[DEBUG] reading restore file: Step 6 complete\n"); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) printf("[DEBUG] reading restore file: Step 7 complete\n"); + hydra_options.service = malloc(strlen(out) + 1); + strcpy(hydra_options.service, out); + if (debug) printf("[DEBUG] reading restore file: Step 8 complete\n"); + + login_ptr = malloc(hydra_brains.sizelogin); + fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); + if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); + if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode + pass_ptr = malloc(hydra_brains.sizepass); + fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); + } else { // colonfile mode + hydra_options.colonfile = empty_login; // dummy + pass_ptr = csv_ptr = login_ptr; + } + if (debug) printf("[DEBUG] reading restore file: Step 10 complete\n"); + + hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); + for (j = 0; j < hydra_brains.targets; j++) { + hydra_targets[j] = malloc(sizeof(hydra_target)); + fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->target = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->target, out); + sck = fgets(out, sizeof(out), f); + hydra_targets[j]->login_ptr = login_ptr + atoi(out); + sck = fgets(out, sizeof(out), f); + hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); + sck = fgets(out, sizeof(out), f); // target login_ptr, ignord + sck = fgets(out, sizeof(out), f); + if (hydra_options.bfg) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->pass_ptr, out); + } + if (hydra_targets[j]->redo > 0) + for (i = 0; i < hydra_targets[j]->redo; i++) { + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_login[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_login[i], out); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_pass[i], out); + } + if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) + hydra_targets[j]->skipcnt = 0; + if (hydra_targets[j]->skipcnt > 0) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) { + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->skiplogin[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->skiplogin[i], out); + } + hydra_targets[j]->fail_count = 0; + hydra_targets[j]->use_count = 0; + hydra_targets[j]->failed = 0; + } + if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); + hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); + for (j = 0; j < hydra_options.max_use; j++) { + hydra_heads[j] = malloc(sizeof(hydra_head)); + fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); + hydra_heads[j]->sp[0] = -1; + hydra_heads[j]->sp[1] = -1; + sck = fgets(out, sizeof(out), f); + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_login_ptr, out); + } + sck = fgets(out, sizeof(out), f); + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_login_ptr[0] == %d\n", j, out[0], hydra_heads[j]->current_login_ptr[0]); + if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { + hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_pass_ptr, out); + if (debug) + printf("[DEBUG] redo: %d %s/%s\n", j, hydra_heads[j]->current_login_ptr, hydra_heads[j]->current_pass_ptr); + } else { + hydra_heads[j]->redo = 0; + free(hydra_heads[j]->current_login_ptr); + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } else { + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } + if (debug) printf("[DEBUG] reading restore file: Step 12 complete\n"); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (end)\n"); + exit(-1); + } + fclose(f); + hydra_debug(0, "hydra_restore_read"); } void killed_childs(int signo) { - int pid, i; - - killed++; - pid = wait3(NULL, WNOHANG, NULL); - for (i = 0; i < hydra_options.max_use; i++) { - if (pid == hydra_heads[i]->pid) { - hydra_heads[i]->pid = -1; - hydra_kill_head(i, 1, 0); - return; + int pid, i; + + killed++; + pid = wait3(NULL, WNOHANG, NULL); + for (i = 0; i < hydra_options.max_use; i++) { + if (pid == hydra_heads[i]->pid) { + hydra_heads[i]->pid = -1; + hydra_kill_head(i, 1, 0); + return; + } } - } } void killed_childs_report(int signo) { - if (debug) - printf("[DEBUG] children crashed! (%d)\n", child_head_no); - fck = write(child_socket, "E", 1); - _exit(-1); + if (debug) + printf("[DEBUG] children crashed! (%d)\n", child_head_no); + fck = write(child_socket, "E", 1); + _exit(-1); } void kill_children(int signo) { - int i; - - if (verbose) - fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); - if (process_restore == 1) - hydra_restore_write(1); - if (hydra_heads != NULL) { - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) - kill(hydra_heads[i]->pid, SIGTERM); - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) - kill(hydra_heads[i]->pid, SIGKILL); - } - exit(0); + int i; + + if (verbose) + fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); + if (process_restore == 1) + hydra_restore_write(1); + if (hydra_heads != NULL) { + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGTERM); + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGKILL); + } + exit(0); } unsigned long int countlines(FILE * fp, int colonmode) { - size_t lines = 0; - char *buf = malloc(MAXLINESIZE); - int only_one_empty_line = 0; - struct stat st; - - while (!feof(fp)) { - if (fgets(buf, MAXLINESIZE, fp) != NULL) { - if (buf[0] != 0) { - if (buf[0] == '\r' || buf[0] == '\n') { - if (only_one_empty_line == 0) { - only_one_empty_line = 1; - lines++; - } - } else { - lines++; + size_t lines = 0; + char *buf = malloc(MAXLINESIZE); + int only_one_empty_line = 0; + struct stat st; + + while (!feof(fp)) { + if (fgets(buf, MAXLINESIZE, fp) != NULL) { + if (buf[0] != 0) { + if (buf[0] == '\r' || buf[0] == '\n') { + if (only_one_empty_line == 0) { + only_one_empty_line = 1; + lines++; + } + } else { + lines++; + } + } } - } } - } - rewind(fp); - free(buf); - (void) fstat(fileno(fp), &st); - size_of_data = st.st_size + 1; - return lines; + rewind(fp); + free(buf); + (void) fstat(fileno(fp), &st); + size_of_data = st.st_size + 1; + return lines; } void fill_mem(char *ptr, FILE * fp, int colonmode) { - char tmp[MAXBUF + 4] = "", *ptr2; - unsigned int len; - int only_one_empty_line = 0; - - while (!feof(fp)) { - if (fgets(tmp, MAXLINESIZE, fp) != NULL) { - if (tmp[0] != 0) { - if (tmp[strlen(tmp) - 1] == '\n') - tmp[strlen(tmp) - 1] = '\0'; - if (tmp[0] != 0 && tmp[strlen(tmp) - 1] == '\r') - tmp[strlen(tmp) - 1] = '\0'; - if ((len = strlen(tmp)) > 0 || (only_one_empty_line == 0 && colonmode == 0)) { - if (len == 0 && colonmode == 0) { - only_one_empty_line = 1; - len = 1; - tmp[len] = 0; - } - if (colonmode) { - if ((ptr2 = index(tmp, ':')) == NULL) { - fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); - exit(-1); - } else { -// if (tmp[0] == ':') { -// *ptr = 0; -// ptr++; -// } -// if (tmp[len - 1] == ':' && len > 1) { -// len++; -// tmp[len - 1] = 0; -// } - *ptr2 = 0; + char tmp[MAXBUF + 4] = "", *ptr2; + unsigned int len; + int only_one_empty_line = 0; + + while (!feof(fp)) { + if (fgets(tmp, MAXLINESIZE, fp) != NULL) { + if (tmp[0] != 0) { + if (tmp[strlen(tmp) - 1] == '\n') + tmp[strlen(tmp) - 1] = '\0'; + if (tmp[0] != 0 && tmp[strlen(tmp) - 1] == '\r') + tmp[strlen(tmp) - 1] = '\0'; + if ((len = strlen(tmp)) > 0 || (only_one_empty_line == 0 && colonmode == 0)) { + if (len == 0 && colonmode == 0) { + only_one_empty_line = 1; + len = 1; + tmp[len] = 0; + } + if (colonmode) { + if ((ptr2 = index(tmp, ':')) == NULL) { + fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); + exit(-1); + } else { + // if (tmp[0] == ':') { + // *ptr = 0; + // ptr++; + // } + // if (tmp[len - 1] == ':' && len > 1) { + // len++; + // tmp[len - 1] = 0; + // } + *ptr2 = 0; + } + } + memcpy(ptr, tmp, len); + ptr += len; + *ptr = '\0'; + ptr++; + } } - } - memcpy(ptr, tmp, len); - ptr += len; - *ptr = '\0'; - ptr++; } - } } - } - fclose(fp); + fclose(fp); } char *hydra_build_time() { - static char datetime[24]; - struct tm *the_time; - time_t epoch; - - time(&epoch); - the_time = localtime(&epoch); - strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); - return (char *) &datetime; + static char datetime[24]; + struct tm *the_time; + time_t epoch; + + time(&epoch); + the_time = localtime(&epoch); + strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); + return (char *) &datetime; } void hydra_service_init(int target_no) { - int x = 99; - + int x = 99; + #ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "afp") == 0) + x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "asterisk") == 0) - x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cvs") == 0) - x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco") == 0) - x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "asterisk") == 0) + x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cvs") == 0) + x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco") == 0) + x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "firebird") == 0) + x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) - x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) - x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) - x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) - x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy") == 0) - x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "icq") == 0) - x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "imap") == 0) - x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "irc") == 0) - x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strncmp(hydra_options.service, "ldap", 4) == 0) - x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) + x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) + x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) + x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) + x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "icq") == 0) + x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "imap") == 0) + x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "irc") == 0) + x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strncmp(hydra_options.service, "ldap", 4) == 0) + x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) - x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-listener") == 0) - x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rdp") == 0) - x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sip") == 0) + x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) + x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-listener") == 0) + x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rdp") == 0) + x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "mssql") == 0) - x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "mssql") == 0) + x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "mysql") == 0) + x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ncp") == 0) + x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "nntp") == 0) - x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "nntp") == 0) + x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle") == 0) + x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pcnfs") == 0) - x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pop3") == 0) - x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcanywhere") == 0) + x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pop3") == 0) + x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "postgres") == 0) + x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "rexec") == 0) - x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rlogin") == 0) - x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rsh") == 0) - x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rexec") == 0) + x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rlogin") == 0) + x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rsh") == 0) + x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sapr3") == 0) + x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "smtp") == 0) - x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "snmp") == 0) - x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "socks5") == 0) - x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp") == 0) + x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "snmp") == 0) + x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "socks5") == 0) + x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSSH - if (strcmp(hydra_options.service, "ssh") == 0) - x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "sshkey") == 0) - x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ssh") == 0) + x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sshkey") == 0) + x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "svn") == 0) + x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "teamspeak") == 0) - x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "telnet") == 0) - x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vmauthd") == 0) - x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vnc") == 0) - x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "xmpp") == 0) - x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "s7-300") == 0) - x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -// ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "teamspeak") == 0) + x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "telnet") == 0) + x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vnc") == 0) + x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "xmpp") == 0) + x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "s7-300") == 0) + x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + // ADD NEW SERVICES HERE - if (x != 0 && x != 99) { - if (x > 0 && x < 4) - hydra_targets[target_no]->done = x; - else - hydra_targets[target_no]->done = 2; - hydra_brains.finished++; - if (hydra_brains.targets == 1) - exit(-1); - } + if (strcmp(hydra_options.service, "rtsp") == 0) + x = service_rtsp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + + if (x != 0 && x != 99) { + if (x > 0 && x < 4) + hydra_targets[target_no]->done = x; + else + hydra_targets[target_no]->done = 2; + hydra_brains.finished++; + if (hydra_brains.targets == 1) + exit(-1); + } } int hydra_spawn_head(int head_no, int target_no) { - int i; - - if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { - if (verbose > 1 || debug) - printf("[DEBUG-ERROR] spawn_head: head_no %d, target_no %d\n", head_no, target_no); - return -1; - } - - if (hydra_heads[head_no]->active < 0) { - printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); - return -1; - } - - if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { - child_head_no = head_no; - if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD - // set new signals for child - process_restore = 0; - child_socket = hydra_heads[head_no]->sp[1]; - signal(SIGCHLD, killed_childs); - signal(SIGTERM, exit); + int i; + + if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { + if (verbose > 1 || debug) + printf("[DEBUG-ERROR] spawn_head: head_no %d, target_no %d\n", head_no, target_no); + return -1; + } + + if (hydra_heads[head_no]->active < 0) { + printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); + return -1; + } + + if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { + child_head_no = head_no; + if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD + // set new signals for child + process_restore = 0; + child_socket = hydra_heads[head_no]->sp[1]; + signal(SIGCHLD, killed_childs); + signal(SIGTERM, exit); #ifdef SIGBUS - signal(SIGBUS, exit); + signal(SIGBUS, exit); #endif - signal(SIGSEGV, killed_childs_report); - signal(SIGHUP, exit); - signal(SIGINT, exit); - signal(SIGPIPE, exit); - // free structures to make memory available - cmdlinetarget = hydra_targets[target_no]->target; - for (i = 0; i < hydra_options.max_use; i++) - if (i != head_no) - free(hydra_heads[i]); - for (i = 0; i < hydra_brains.targets; i++) - if (i != target_no) - free(hydra_targets[i]); - if (hydra_options.loginfile != NULL) - free(login_ptr); - if (hydra_options.passfile != NULL) - free(pass_ptr); - if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) - free(csv_ptr); -// we must keep servers_ptr for cmdlinetarget to work - if (debug) - printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); + signal(SIGSEGV, killed_childs_report); + signal(SIGHUP, exit); + signal(SIGINT, exit); + signal(SIGPIPE, exit); + // free structures to make memory available + cmdlinetarget = hydra_targets[target_no]->target; + for (i = 0; i < hydra_options.max_use; i++) + if (i != head_no) + free(hydra_heads[i]); + for (i = 0; i < hydra_brains.targets; i++) + if (i != target_no) + free(hydra_targets[i]); + if (hydra_options.loginfile != NULL) + free(login_ptr); + if (hydra_options.passfile != NULL) + free(pass_ptr); + if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) + free(csv_ptr); + // we must keep servers_ptr for cmdlinetarget to work + if (debug) + printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); + + // now call crack module + if (strcmp(hydra_options.service, "asterisk") == 0) + service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "telnet") == 0) + service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ftp") == 0){ + + service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - // now call crack module - if (strcmp(hydra_options.service, "asterisk") == 0) - service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "telnet") == 0) - service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ftp") == 0) - service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ftps") == 0) - service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "redis") == 0) - service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pop3") == 0) - service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "imap") == 0) - service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vmauthd") == 0) - service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap2") == 0) - service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3") == 0) - service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-head") == 0) - service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) - service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get") == 0) - service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get-form") == 0) - service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-post-form") == 0) - service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy") == 0) - service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco") == 0) - service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "socks5") == 0) - service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vnc") == 0) - service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rexec") == 0) - service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rlogin") == 0) - service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rsh") == 0) - service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "nntp") == 0) - service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "icq") == 0) - service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pcnfs") == 0) - service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); +} + if (strcmp(hydra_options.service, "ftps") == 0) + service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "redis") == 0) + service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pop3") == 0) + service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "imap") == 0) + service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap2") == 0) + service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap3") == 0) + service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-head") == 0) + service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) + service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-get") == 0) + service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-get-form") == 0) + service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-post-form") == 0) + service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco") == 0) + service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "socks5") == 0) + service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vnc") == 0) + service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rexec") == 0) + service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rlogin") == 0) + service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rsh") == 0) + service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "nntp") == 0) + service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "icq") == 0) + service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "mysql") == 0) + service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "mssql") == 0) - service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "mssql") == 0) + service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "oracle-listener") == 0) - service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-listener") == 0) + service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle") == 0) + service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "postgres") == 0) + service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "firebird") == 0) + service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "afp") == 0) + service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ncp") == 0) + service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cvs") == 0) - service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcanywhere") == 0) + service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cvs") == 0) + service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "svn") == 0) + service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "snmp") == 0) - service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "snmp") == 0) + service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) - service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) + service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sapr3") == 0) + service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSSH - if (strcmp(hydra_options.service, "ssh") == 0) - service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "sshkey") == 0) - service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ssh") == 0) + service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sshkey") == 0) + service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "smtp") == 0) - service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "teamspeak") == 0) - service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp") == 0) + service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "teamspeak") == 0) + service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sip") == 0) + service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "xmpp") == 0) - service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, - hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "irc") == 0) - service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "xmpp") == 0) + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, + hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "irc") == 0) + service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "rdp") == 0) - service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rdp") == 0) + service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "s7-300") == 0) - service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -// ADD NEW SERVICES HERE - - // just in case a module returns (which it shouldnt) we let it exit here - exit(-1); + if (strcmp(hydra_options.service, "s7-300") == 0) + service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + // ADD NEW SERVICES HERE + + if (strcmp(hydra_options.service, "rtsp") == 0){ + + service_rtsp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + } + // just in case a module returns (which it shouldnt) we let it exit here + exit(-1); + } else { + child_head_no = -1; + if (hydra_heads[head_no]->pid > 0) { + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that + (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + if (hydra_heads[head_no]->redo != 1) + hydra_heads[head_no]->target_no = target_no; + hydra_heads[head_no]->active = 1; + hydra_targets[hydra_heads[head_no]->target_no]->use_count++; + hydra_brains.active++; + hydra_heads[head_no]->last_seen = time(NULL); + if (debug) + printf("[DEBUG] child %d spawned for target %d with pid %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->pid); + } else { + perror("[ERROR] Fork for children failed"); + hydra_heads[head_no]->sp[0] = -1; + hydra_heads[head_no]->active = 0; + return -1; + } + } } else { - child_head_no = -1; - if (hydra_heads[head_no]->pid > 0) { - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that - (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); - if (hydra_heads[head_no]->redo != 1) - hydra_heads[head_no]->target_no = target_no; - hydra_heads[head_no]->active = 1; - hydra_targets[hydra_heads[head_no]->target_no]->use_count++; - hydra_brains.active++; - hydra_heads[head_no]->last_seen = time(NULL); - if (debug) - printf("[DEBUG] child %d spawned for target %d with pid %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->pid); - } else { - perror("[ERROR] Fork for children failed"); + perror("[ERROR] socketpair creation failed"); hydra_heads[head_no]->sp[0] = -1; hydra_heads[head_no]->active = 0; return -1; - } } - } else { - perror("[ERROR] socketpair creation failed"); - hydra_heads[head_no]->sp[0] = -1; - hydra_heads[head_no]->active = 0; - return -1; - } - return 0; + return 0; } int hydra_lookup_port(char *service) { - int i = 0, port = -2; - - hydra_portlist hydra_portlists[] = { - {"ftp", PORT_FTP, PORT_FTP_SSL}, - {"ftps", PORT_FTP, PORT_FTP_SSL}, - {"http-head", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-head", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"icq", PORT_ICQ, PORT_ICQ_SSL}, - {"imap", PORT_IMAP, PORT_IMAP_SSL}, - {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, - {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, - {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, - {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, - {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, - {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, - {"nntp", PORT_NNTP, PORT_NNTP_SSL}, - {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, - {"pop3", PORT_POP3, PORT_POP3_SSL}, - {"redis", PORT_REDIS, PORT_REDIS_SSL}, - {"rexec", PORT_REXEC, PORT_REXEC_SSL}, - {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, - {"rsh", PORT_RSH, PORT_RSH_SSL}, - {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, - {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, - {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, - {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, - {"ssh", PORT_SSH, PORT_SSH_SSL}, - {"sshkey", PORT_SSH, PORT_SSH_SSL}, - {"telnet", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, - {"vnc", PORT_VNC, PORT_VNC_SSL}, - {"snmp", PORT_SNMP, PORT_SNMP_SSL}, - {"cvs", PORT_CVS, PORT_CVS_SSL}, - {"svn", PORT_SVN, PORT_SVN_SSL}, - {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, - {"afp", PORT_AFP, PORT_AFP_SSL}, - {"ncp", PORT_NCP, PORT_NCP_SSL}, - {"smtp", PORT_SMTP, PORT_SMTP_SSL}, - {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, - {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, - {"sip", PORT_SIP, PORT_SIP_SSL}, - {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, - {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, - {"irc", PORT_IRC, PORT_IRC_SSL}, - {"rdp", PORT_RDP, PORT_RDP_SSL}, - {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, - {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, -// ADD NEW SERVICES HERE - add new port numbers to hydra.h - {"", PORT_NOPORT, PORT_NOPORT} - }; - - while (strlen(hydra_portlists[i].name) > 0 && port == -2) { - if (strcmp(service, hydra_portlists[i].name) == 0) { - if (hydra_options.ssl) - port = hydra_portlists[i].port_ssl; - else - port = hydra_portlists[i].port; + int i = 0, port = -2; + + hydra_portlist hydra_portlists[] = { + {"ftp", PORT_FTP, PORT_FTP_SSL}, + {"ftps", PORT_FTP, PORT_FTP_SSL}, + {"http-head", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-head", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"icq", PORT_ICQ, PORT_ICQ_SSL}, + {"imap", PORT_IMAP, PORT_IMAP_SSL}, + {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, + {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, + {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, + {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, + {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, + {"nntp", PORT_NNTP, PORT_NNTP_SSL}, + {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, + {"pop3", PORT_POP3, PORT_POP3_SSL}, + {"redis", PORT_REDIS, PORT_REDIS_SSL}, + {"rexec", PORT_REXEC, PORT_REXEC_SSL}, + {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, + {"rsh", PORT_RSH, PORT_RSH_SSL}, + {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, + {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, + {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, + {"ssh", PORT_SSH, PORT_SSH_SSL}, + {"sshkey", PORT_SSH, PORT_SSH_SSL}, + {"telnet", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, + {"vnc", PORT_VNC, PORT_VNC_SSL}, + {"snmp", PORT_SNMP, PORT_SNMP_SSL}, + {"cvs", PORT_CVS, PORT_CVS_SSL}, + {"svn", PORT_SVN, PORT_SVN_SSL}, + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, + {"afp", PORT_AFP, PORT_AFP_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, + {"smtp", PORT_SMTP, PORT_SMTP_SSL}, + {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, + {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, + {"sip", PORT_SIP, PORT_SIP_SSL}, + {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, + {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, + {"irc", PORT_IRC, PORT_IRC_SSL}, + {"rdp", PORT_RDP, PORT_RDP_SSL}, + {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, + {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, + // ADD NEW SERVICES HERE - add new port numbers to hydra.h + {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, + {"", PORT_NOPORT, PORT_NOPORT} + }; + + while (strlen(hydra_portlists[i].name) > 0 && port == -2) { + if (strcmp(service, hydra_portlists[i].name) == 0) { + if (hydra_options.ssl) + port = hydra_portlists[i].port_ssl; + else + port = hydra_portlists[i].port; + } + i++; } - i++; - } - if (port < 1) - return -1; - else - return port; + if (port < 1) + return -1; + else + return port; } // killit = 1 : kill(pid); fail = 1 : redo, fail = 2/3 : disable void hydra_kill_head(int head_no, int killit, int fail) { - if (debug) printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); - if (head_no < 0) - return; - if (hydra_heads[head_no]->active > 0) { - close(hydra_heads[head_no]->sp[0]); - close(hydra_heads[head_no]->sp[1]); - } - if (killit) { - if (hydra_heads[head_no]->pid > 0) - kill(hydra_heads[head_no]->pid, SIGTERM); - hydra_brains.active--; - } - if (hydra_heads[head_no]->active > 0) { - hydra_heads[head_no]->active = 0; - hydra_targets[hydra_heads[head_no]->target_no]->use_count--; - } - if (fail == 1) { - if (hydra_options.cidr != 1) - hydra_heads[head_no]->redo = 1; - } else if (fail == 2) { - if (hydra_options.cidr != 1) - hydra_heads[head_no]->active = -1; - if (hydra_heads[head_no]->target_no >= 0) - hydra_targets[hydra_heads[head_no]->target_no]->failed++; - } else if (fail == 3) { - hydra_heads[head_no]->active = -1; - if (hydra_heads[head_no]->target_no >= 0) - hydra_targets[hydra_heads[head_no]->target_no]->failed++; - } - if (hydra_heads[head_no]->pid > 0 && killit) - kill(hydra_heads[head_no]->pid, SIGKILL); - hydra_heads[head_no]->pid = -1; - if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 - && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { - free(hydra_heads[head_no]->current_pass_ptr); - hydra_heads[head_no]->current_pass_ptr = empty_login; -// hydra_bfg_remove(head_no); -// hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; - } - (void) wait3(NULL, WNOHANG, NULL); + if (debug) printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); + if (head_no < 0) + return; + if (hydra_heads[head_no]->active > 0) { + close(hydra_heads[head_no]->sp[0]); + close(hydra_heads[head_no]->sp[1]); + } + if (killit) { + if (hydra_heads[head_no]->pid > 0) + kill(hydra_heads[head_no]->pid, SIGTERM); + hydra_brains.active--; + } + if (hydra_heads[head_no]->active > 0) { + hydra_heads[head_no]->active = 0; + hydra_targets[hydra_heads[head_no]->target_no]->use_count--; + } + if (fail == 1) { + if (hydra_options.cidr != 1) + hydra_heads[head_no]->redo = 1; + } else if (fail == 2) { + if (hydra_options.cidr != 1) + hydra_heads[head_no]->active = -1; + if (hydra_heads[head_no]->target_no >= 0) + hydra_targets[hydra_heads[head_no]->target_no]->failed++; + } else if (fail == 3) { + hydra_heads[head_no]->active = -1; + if (hydra_heads[head_no]->target_no >= 0) + hydra_targets[hydra_heads[head_no]->target_no]->failed++; + } + if (hydra_heads[head_no]->pid > 0 && killit) + kill(hydra_heads[head_no]->pid, SIGKILL); + hydra_heads[head_no]->pid = -1; + if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 + && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = empty_login; + // hydra_bfg_remove(head_no); + // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; + } + (void) wait3(NULL, WNOHANG, NULL); } void hydra_increase_fail_count(int target_no, int head_no) { - int i, k; - - if (target_no < 0) - return; - - hydra_targets[target_no]->fail_count++; - if (debug) - printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) - + (hydra_targets[target_no]->ok ? 2 : -2)); - if (hydra_targets[target_no]->fail_count >= - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) + - (hydra_targets[target_no]->ok ? 2 : -2) - ) { - k = 0; - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) - k++; - if (k <= 1) { - // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { - hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; - hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; - hydra_targets[target_no]->redo++; - if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); - hydra_heads[head_no]->current_login_ptr = empty_login; - hydra_heads[head_no]->current_pass_ptr = empty_login; - } - if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { - if (hydra_targets[target_no]->ok == 1) - hydra_targets[target_no]->done = 2; // mark target as done by errors - else - hydra_targets[target_no]->done = 3; // mark target as done by unable to connect - hydra_brains.finished++; - fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + int i, k; + + if (target_no < 0) + return; + + hydra_targets[target_no]->fail_count++; + if (debug) + printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets + [target_no]->failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2)); + if (hydra_targets[target_no]->fail_count >= + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets + [target_no]->failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2) + ) { + k = 0; + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) + k++; + if (k <= 1) { + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { + if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->ok == 1) + hydra_targets[target_no]->done = 2; // mark target as done by errors + else + hydra_targets[target_no]->done = 3; // mark target as done by unable to connect + hydra_brains.finished++; + fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + } + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(head_no, 1, 0); + else + hydra_kill_head(head_no, 1, 2); + } // we keep the last one alive as long as it make sense + } else { + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + hydra_targets[target_no]->fail_count--; + if (k < 5 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (k == 2 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(head_no, 1, 0); + else { + hydra_kill_head(head_no, 1, 2); + if (verbose) + printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); + } } - if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); - else - hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense } else { - // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { - hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; - hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; - hydra_targets[target_no]->redo++; - if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); - hydra_heads[head_no]->current_login_ptr = empty_login; - hydra_heads[head_no]->current_pass_ptr = empty_login; - } - hydra_targets[target_no]->fail_count--; - if (k < 5 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (k == 2 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); - else { - hydra_kill_head(head_no, 1, 2); + hydra_kill_head(head_no, 1, 1); if (verbose) - printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); - } + printf("[VERBOSE] Retrying connection for child %d\n", head_no); } - } else { - hydra_kill_head(head_no, 1, 1); - if (verbose) - printf("[VERBOSE] Retrying connection for child %d\n", head_no); - } } char *hydra_reverse_login(int head_no, char *login) { - int i, j = strlen(login); - - if (j > 248) - j = 248; - else if (j == 0) - return empty_login; - for (i = 0; i < j; i++) - hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; - hydra_heads[head_no]->reverse[j] = 0; - - return hydra_heads[head_no]->reverse; + int i, j = strlen(login); + + if (j > 248) + j = 248; + else if (j == 0) + return empty_login; + for (i = 0; i < j; i++) + hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; + hydra_heads[head_no]->reverse[j] = 0; + + return hydra_heads[head_no]->reverse; } int hydra_send_next_pair(int target_no, int head_no) { - // variables moved to save stack - snpdone = 0; - snp_is_redo = 0; - snpdont = 0; - loop_cnt++; - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { - hydra_heads[head_no]->redo = 0; - snp_is_redo = 1; - snpdone = 1; - } else { - if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; - hydra_brains.finished++; - if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); - } - return -1; - } - } - - if (debug) - printf - ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", - target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, - hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); - - if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { - if (debug) - printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); - return -1; - } - - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { - hydra_heads[head_no]->redo = 0; - snp_is_redo = 1; - snpdone = 1; - } else { - if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) - printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", - hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[target_no]->sent, hydra_brains.todo); - hydra_heads[head_no]->redo = 0; - if (hydra_targets[target_no]->redo_state > 0) { - if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; - hydra_targets[target_no]->redo_state++; + // variables moved to save stack + snpdone = 0; + snp_is_redo = 0; + snpdont = 0; + loop_cnt++; + if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + hydra_heads[head_no]->redo = 0; + snp_is_redo = 1; snpdone = 1; - } // no else, that way a later lost pair is still added and done - } else { // normale state, no redo - if (hydra_targets[target_no]->done) { - loop_cnt = 0; - return -1; // head will be disabled by main while() - } - if (hydra_options.loop_mode == 0) { // one user after another - if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - // as we loop password in mode == 0 we set the current login first - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; - // then we do the extra options -e ns handling - if (hydra_targets[target_no]->pass_state == 0 && snpdone == 0) { - if (hydra_options.try_password_same_as_login) { - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->login_ptr; - snpdone = 1; - hydra_targets[target_no]->pass_no++; + } else { + if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + if (verbose) + printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); } - hydra_targets[target_no]->pass_state++; - } - if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double - if (hydra_options.try_null_password) { - if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { - hydra_heads[head_no]->current_pass_ptr = empty_login; - snpdone = 1; - } else { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } - hydra_targets[target_no]->pass_no++; - } - hydra_targets[target_no]->pass_state++; - } - if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double - if (hydra_options.try_password_reverse_login) { - if ((hydra_options.try_password_same_as_login == 0 - || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) - && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { - hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); - snpdone = 1; - } else { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } - hydra_targets[target_no]->pass_no++; - } - hydra_targets[target_no]->pass_state++; - } - // now we handle the -C -l/-L -p/-P data - if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { - if ((hydra_options.mode & 64) == 64) { // colon mode - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; - hydra_targets[target_no]->login_no++; - snpdone = 1; - hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; - //hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; - //hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; - if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) - hydra_targets[target_no]->pass_state = 0; - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - if (debug) - printf("[DEBUG] double detected (-C)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - } else { // standard -l -L -p -P mode - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; - hydra_targets[target_no]->pass_no++; - // double check - if (hydra_targets[target_no]->pass_no >= hydra_brains.countpass) { - // all passwords done, next user for next password - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->login_no++; - hydra_targets[target_no]->pass_no = 0; - hydra_targets[target_no]->pass_state = 0; - if (hydra_brains.countpass == hydra_options.try_password_reverse_login + hydra_options.try_null_password + hydra_options.try_password_same_as_login) - return hydra_send_next_pair(target_no, head_no); - } else { - hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; - } - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - if (debug) - printf("[DEBUG] double detected (-Pp)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - snpdone = 1; - } - } + return -1; } - } else { // loop_mode == 1 - if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; - if (hydra_targets[target_no]->pass_state == 0) { - if ((hydra_options.mode & 4) == 4) - hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); - else - hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; - } else if (hydra_targets[target_no]->pass_state == 1) { - if ((hydra_options.mode & 4) == 4) - hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); - else - hydra_heads[head_no]->current_pass_ptr = empty_login; - } else if (hydra_targets[target_no]->pass_state == 2) { - if ((hydra_options.mode & 4) == 4) - hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); - else - hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); - } else { - if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 - && hydra_heads[head_no]->current_pass_ptr != NULL && - strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) - free(hydra_heads[head_no]->current_pass_ptr); - hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); - } - hydra_targets[target_no]->login_no++; - snpdone = 1; - - if (hydra_targets[target_no]->login_no >= hydra_brains.countlogin) { - if (hydra_targets[target_no]->pass_state < 3) { - hydra_targets[target_no]->pass_state++; - if (hydra_targets[target_no]->pass_state == 1 && hydra_options.try_null_password == 0) - hydra_targets[target_no]->pass_state++; - if (hydra_targets[target_no]->pass_state == 2 && hydra_options.try_password_reverse_login == 0) - hydra_targets[target_no]->pass_state++; - if (hydra_targets[target_no]->pass_state == 3) - snpdont = 1; - hydra_targets[target_no]->pass_no++; - } - - if (hydra_targets[target_no]->pass_state == 3) { - if (snpdont) { - hydra_targets[target_no]->pass_ptr = pass_ptr; - } else { - if ((hydra_options.mode & 4) == 4) { // bfg mode -#ifndef HAVE_MATH_H - sleep(1); -#else - hydra_targets[target_no]->pass_ptr = bf_next(); - if (debug) - printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); -#endif - } else { // -p -P mode - hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; - } - hydra_targets[target_no]->pass_no++; - } - } - - hydra_targets[target_no]->login_no = 0; - hydra_targets[target_no]->login_ptr = login_ptr; - } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - } - if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { - if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) - || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - if (debug) - printf("[DEBUG] double detected (1)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - } - } - } } - + if (debug) - printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); - - // no pair? then we go for redo state - if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { - if (debug) - printf("[DEBUG] Entering redo_state\n"); - hydra_targets[target_no]->redo_state++; - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - } - - if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { - fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); - if (hydra_targets[target_no]->use_count <= 1) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; - hydra_brains.finished++; - printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); - } - } - if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop - } else { - if (hydra_targets[target_no]->skipcnt > 0) { - snpj = 0; - for (snpi = 0; snpi < hydra_targets[target_no]->skipcnt && snpj == 0; snpi++) - if (strcmp(hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi]) == 0) - snpj = 1; - if (snpj) { - if (snp_is_redo == 0) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } + printf + ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", + target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, + hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); + + if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) - printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); - // only if -l/L -p/P with -u and if loginptr was not justed increased - if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) - // increase login_ptr to next - hydra_targets[target_no]->login_no++; - if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - } - // add count - hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - // reset password list - hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->pass_no = 0; - hydra_targets[target_no]->pass_state = 0; + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + return -1; + } + + if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + hydra_heads[head_no]->redo = 0; + snp_is_redo = 1; + snpdone = 1; + } else { + if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[target_no]->sent, hydra_brains.todo); + hydra_heads[head_no]->redo = 0; + if (hydra_targets[target_no]->redo_state > 0) { + if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; + hydra_targets[target_no]->redo_state++; + snpdone = 1; + } // no else, that way a later lost pair is still added and done + } else { // normale state, no redo + if (hydra_targets[target_no]->done) { + loop_cnt = 0; + return -1; // head will be disabled by main while() + } + if (hydra_options.loop_mode == 0) { // one user after another + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + // as we loop password in mode == 0 we set the current login first + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + // then we do the extra options -e ns handling + if (hydra_targets[target_no]->pass_state == 0 && snpdone == 0) { + if (hydra_options.try_password_same_as_login) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->login_ptr; + snpdone = 1; + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_null_password) { + if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { + hydra_heads[head_no]->current_pass_ptr = empty_login; + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_password_reverse_login) { + if ((hydra_options.try_password_same_as_login == 0 + || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) + && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + // now we handle the -C -l/-L -p/-P data + if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { + if ((hydra_options.mode & 64) == 64) { // colon mode + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->login_no++; + snpdone = 1; + hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; + //hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; + //hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) + hydra_targets[target_no]->pass_state = 0; + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-C)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } else { // standard -l -L -p -P mode + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->pass_no++; + // double check + if (hydra_targets[target_no]->pass_no >= hydra_brains.countpass) { + // all passwords done, next user for next password + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->login_no++; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + if (hydra_brains.countpass == hydra_options.try_password_reverse_login + hydra_options.try_null_password + hydra_options.try_password_same_as_login) + return hydra_send_next_pair(target_no, head_no); + } else { + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-Pp)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + snpdone = 1; + } + } + } + } else { // loop_mode == 1 + if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + if (hydra_targets[target_no]->pass_state == 0) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); + else + hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; + } else if (hydra_targets[target_no]->pass_state == 1) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); + else + hydra_heads[head_no]->current_pass_ptr = empty_login; + } else if (hydra_targets[target_no]->pass_state == 2) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); + else + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + } else { + if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 + && hydra_heads[head_no]->current_pass_ptr != NULL && + strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); + } + hydra_targets[target_no]->login_no++; + snpdone = 1; + + if (hydra_targets[target_no]->login_no >= hydra_brains.countlogin) { + if (hydra_targets[target_no]->pass_state < 3) { + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 1 && hydra_options.try_null_password == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 2 && hydra_options.try_password_reverse_login == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 3) + snpdont = 1; + hydra_targets[target_no]->pass_no++; + } + + if (hydra_targets[target_no]->pass_state == 3) { + if (snpdont) { + hydra_targets[target_no]->pass_ptr = pass_ptr; + } else { + if ((hydra_options.mode & 4) == 4) { // bfg mode +#ifndef HAVE_MATH_H + sleep(1); +#else + hydra_targets[target_no]->pass_ptr = bf_next(); + if (debug) + printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); +#endif + } else { // -p -P mode + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + hydra_targets[target_no]->pass_no++; + } + } + + hydra_targets[target_no]->login_no = 0; + hydra_targets[target_no]->login_ptr = login_ptr; + } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { + if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) + || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (1)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + } + } + } + + if (debug) + printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); + + // no pair? then we go for redo state + if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { + if (debug) + printf("[DEBUG] Entering redo_state\n"); + hydra_targets[target_no]->redo_state++; + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } } - - memset(&snpbuf, 0, sizeof(snpbuf)); - strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); - if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) - snpbuflen = MAXLINESIZE - 2; - else - snpbuflen = strlen(hydra_heads[head_no]->current_login_ptr) + 1; - strncpy(snpbuf + snpbuflen, hydra_heads[head_no]->current_pass_ptr, MAXLINESIZE - snpbuflen - 1); - if (strlen(hydra_heads[head_no]->current_pass_ptr) > MAXLINESIZE - snpbuflen - 1) - snpbuflen += MAXLINESIZE - snpbuflen - 1; - else - snpbuflen += strlen(hydra_heads[head_no]->current_pass_ptr) + 1; - if (snp_is_redo == 0) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } else if (debug) - printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, snp_is_redo); - //hydra_dump_data(snpbuf, snpbuflen, "SENT"); - fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); - if (fck < snpbuflen) { - if (verbose) - fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); - hydra_increase_fail_count(target_no, head_no); - loop_cnt = 0; - return 0; // not prevent disabling it, if its needed its already done in the above line - } - if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", - hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, - hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); + + if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { + fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); + if (hydra_targets[target_no]->use_count <= 1) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); + } + } + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop + } else { + if (hydra_targets[target_no]->skipcnt > 0) { + snpj = 0; + for (snpi = 0; snpi < hydra_targets[target_no]->skipcnt && snpj == 0; snpi++) + if (strcmp(hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi]) == 0) + snpj = 1; + if (snpj) { + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + if (debug) + printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); + // only if -l/L -p/P with -u and if loginptr was not justed increased + if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) + // increase login_ptr to next + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // add count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // reset password list + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + } + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + + memset(&snpbuf, 0, sizeof(snpbuf)); + strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); + if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) + snpbuflen = MAXLINESIZE - 2; + else + snpbuflen = strlen(hydra_heads[head_no]->current_login_ptr) + 1; + strncpy(snpbuf + snpbuflen, hydra_heads[head_no]->current_pass_ptr, MAXLINESIZE - snpbuflen - 1); + if (strlen(hydra_heads[head_no]->current_pass_ptr) > MAXLINESIZE - snpbuflen - 1) + snpbuflen += MAXLINESIZE - snpbuflen - 1; + else + snpbuflen += strlen(hydra_heads[head_no]->current_pass_ptr) + 1; + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } else if (debug) + printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, snp_is_redo); + //hydra_dump_data(snpbuf, snpbuflen, "SENT"); + fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); + if (fck < snpbuflen) { + if (verbose) + fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); + hydra_increase_fail_count(target_no, head_no); + loop_cnt = 0; + return 0; // not prevent disabling it, if its needed its already done in the above line + } + if (debug || hydra_options.showAttempt) { + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", + hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, + hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); + } + loop_cnt = 0; + return 0; } loop_cnt = 0; - return 0; - } - loop_cnt = 0; - return -1; + return -1; } void hydra_skip_user(int target_no, char *username) { - int i; - - if (username == NULL || *username == 0) - return; - - // double check - for (i = 0; i < hydra_targets[target_no]->skipcnt; i++) - if (strcmp(username, hydra_targets[target_no]->skiplogin[i]) == 0) - return; - - if (hydra_targets[target_no]->skipcnt < SKIPLOGIN && (hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt] = malloc(strlen(username) + 1)) != NULL) { - strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); - hydra_targets[target_no]->skipcnt++; - } - if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { - if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { - if (debug) - printf("[DEBUG] skipping username %s\n", username); - // increase count - hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - // step to next login - hydra_targets[target_no]->login_no++; - if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - } - // reset password state - hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->pass_no = 0; - hydra_targets[target_no]->pass_state = 0; + int i; + + if (username == NULL || *username == 0) + return; + + // double check + for (i = 0; i < hydra_targets[target_no]->skipcnt; i++) + if (strcmp(username, hydra_targets[target_no]->skiplogin[i]) == 0) + return; + + if (hydra_targets[target_no]->skipcnt < SKIPLOGIN && (hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt] = malloc(strlen(username) + 1)) != NULL) { + strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); + hydra_targets[target_no]->skipcnt++; + } + if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { + if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { + if (debug) + printf("[DEBUG] skipping username %s\n", username); + // increase count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // step to next login + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // reset password state + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + } } - } } int hydra_check_for_exit_condition() { - int i, k = 0; - - if (hydra_brains.exit) { - if (debug) - printf("[DEBUG] exit was forced\n"); - return -1; - } - if (hydra_brains.targets <= hydra_brains.finished && hydra_brains.active < 1) { - if (debug) - printf("[DEBUG] all targets done and all heads finished\n"); - return 1; - } - if (hydra_brains.active < 1) { - // no head active?! check if they are all disabled, if so, we are done - for (i = 0; i < hydra_options.max_use && k == 0; i++) - if (hydra_heads[i]->active >= 0) - k = 1; - if (k == 0) { - fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); - return -1; + int i, k = 0; + + if (hydra_brains.exit) { + if (debug) + printf("[DEBUG] exit was forced\n"); + return -1; } - } - return 0; + if (hydra_brains.targets <= hydra_brains.finished && hydra_brains.active < 1) { + if (debug) + printf("[DEBUG] all targets done and all heads finished\n"); + return 1; + } + if (hydra_brains.active < 1) { + // no head active?! check if they are all disabled, if so, we are done + for (i = 0; i < hydra_options.max_use && k == 0; i++) + if (hydra_heads[i]->active >= 0) + k = 1; + if (k == 0) { + fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); + return -1; + } + } + return 0; } int hydra_select_target() { - int target_no = -1, i, j = -1000; - - for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == 0) - if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { - target_no = i; - j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; - } - return target_no; + int target_no = -1, i, j = -1000; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == 0) + if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { + target_no = i; + j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; + } + return target_no; } int main(int argc, char *argv[]) { - char *proxy_string = NULL, *device = NULL, *memcheck; - FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; - size_t countinfile = 1, sizeinfile = 0; - unsigned long int math2; - int i = 0, j = 0, k, error = 0, modusage = 0; - int head_no = 0, target_no = 0, exit_condition = 0, readres; - time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; - char *tmpptr, *tmpptr2; - char rc, buf[MAXBUF]; - fd_set fdreadheads; - int max_fd; - struct addrinfo hints, *res, *p; - struct sockaddr_in6 *ipv6 = NULL; - struct sockaddr_in *ipv4 = NULL; - - printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); + char *proxy_string = NULL, *device = NULL, *memcheck; + FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; + size_t countinfile = 1, sizeinfile = 0; + unsigned long int math2; + int i = 0, j = 0, k, error = 0, modusage = 0; + int head_no = 0, target_no = 0, exit_condition = 0, readres; + time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; + char *tmpptr, *tmpptr2; + char rc, buf[MAXBUF]; + fd_set fdreadheads; + int max_fd; + struct addrinfo hints, *res, *p; + struct sockaddr_in6 *ipv6 = NULL; + struct sockaddr_in *ipv4 = NULL; + + printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); #ifndef LIBPOSTGRES - SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); - strcat(unsupported, "postgres "); + SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); + strcat(unsupported, "postgres "); #endif #ifndef LIBSAPR3 - SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); - strcat(unsupported, "sapr3 "); + SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); + strcat(unsupported, "sapr3 "); #endif #ifndef LIBFIREBIRD - SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); - strcat(unsupported, "firebird "); + SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); + strcat(unsupported, "firebird "); #endif #ifndef LIBAFP - SERVICES = hydra_string_replace(SERVICES, "afp ", ""); - strcat(unsupported, "afp "); + SERVICES = hydra_string_replace(SERVICES, "afp ", ""); + strcat(unsupported, "afp "); #endif #ifndef LIBNCP - SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); - strcat(unsupported, "ncp "); + SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); + strcat(unsupported, "ncp "); #endif #ifndef LIBSSH - SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); - strcat(unsupported, "ssh "); - SERVICES = hydra_string_replace(SERVICES, "sshkey ", ""); - strcat(unsupported, "sshkey "); + SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); + strcat(unsupported, "ssh "); + SERVICES = hydra_string_replace(SERVICES, "sshkey ", ""); + strcat(unsupported, "sshkey "); #endif #ifndef LIBSVN - SERVICES = hydra_string_replace(SERVICES, "svn ", ""); - strcat(unsupported, "svn "); + SERVICES = hydra_string_replace(SERVICES, "svn ", ""); + strcat(unsupported, "svn "); #endif #ifndef LIBORACLE - SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); - strcat(unsupported, "oracle "); + SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); + strcat(unsupported, "oracle "); #endif #ifndef LIBMYSQLCLIENT - SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); - strcat(unsupported, "mysql5 "); + SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); + strcat(unsupported, "mysql5 "); #endif #ifndef LIBOPENSSL - // for ftps - SERVICES = hydra_string_replace(SERVICES, " ftps", ""); - // for pop3 - SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); - // for imap - SERVICES = hydra_string_replace(SERVICES, "imap[s]", "imap"); - // for smtp - SERVICES = hydra_string_replace(SERVICES, "smtp[s]", "smtp"); - // for telnet - SERVICES = hydra_string_replace(SERVICES, "telnet[s]", "telnet"); - // for http[s]-{head|get} - SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); - // for http[s]-{get|post}-form - SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); - // for ldap3 - SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); - // for sip - SERVICES = hydra_string_replace(SERVICES, " sip", ""); - // for rdp - SERVICES = hydra_string_replace(SERVICES, " rdp", ""); - // for oracle-listener - SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); - // general - SERVICES = hydra_string_replace(SERVICES, "[s]", ""); - // for oracle-sid - SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); - strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); + // for ftps + SERVICES = hydra_string_replace(SERVICES, " ftps", ""); + // for pop3 + SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); + // for imap + SERVICES = hydra_string_replace(SERVICES, "imap[s]", "imap"); + // for smtp + SERVICES = hydra_string_replace(SERVICES, "smtp[s]", "smtp"); + // for telnet + SERVICES = hydra_string_replace(SERVICES, "telnet[s]", "telnet"); + // for http[s]-{head|get} + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for http[s]-{get|post}-form + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for ldap3 + SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); + // for sip + SERVICES = hydra_string_replace(SERVICES, " sip", ""); + // for rdp + SERVICES = hydra_string_replace(SERVICES, " rdp", ""); + // for oracle-listener + SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); + // general + SERVICES = hydra_string_replace(SERVICES, "[s]", ""); + // for oracle-sid + SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); + strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif #ifndef HAVE_MATH_H - if (strlen(unsupported) > 0) - strcat(unsupported, "and "); - strcat(unsupported, "password bruteforce generation "); + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "password bruteforce generation "); #endif #ifndef HAVE_PCRE - if (strlen(unsupported) > 0) - strcat(unsupported, "and "); - strcat(unsupported, "regex support "); + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "regex support "); #endif - - (void) setvbuf(stdout, NULL, _IONBF, 0); - (void) setvbuf(stderr, NULL, _IONBF, 0); - // set defaults - memset(&hydra_options, 0, sizeof(hydra_options)); - memset(&hydra_brains, 0, sizeof(hydra_brains)); - prg = argv[0]; - hydra_options.debug = debug = 0; - hydra_options.verbose = verbose = 0; - found = 0; - use_proxy = 0; - proxy_string_ip[0] = 0; - proxy_string_port = 0; - strcpy(proxy_string_type, "connect"); - proxy_authentication = cmdlinetarget = NULL; - hydra_options.login = NULL; - hydra_options.loginfile = NULL; - hydra_options.pass = NULL; - hydra_options.passfile = NULL; - hydra_options.tasks = TASKS; - hydra_options.max_use = MAXTASKS; - hydra_brains.ofp = stdout; - hydra_brains.targets = 1; - hydra_options.waittime = waittime = WAITTIME; - - // command line processing - if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) - help(1); - if (argc < 2) - help(0); - while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { - switch (i) { - case 'h': - help(1); - break; - case 'q': - quiet = 1; - break; - case 'O': - old_ssl = 1; - break; - case 'u': - hydra_options.loop_mode = 1; - break; - case '6': - prefer_ipv6 = 1; - break; - case '4': - prefer_ipv6 = 0; - break; - case 'R': - hydra_options.restore = 1; - break; - case 'd': - hydra_options.debug = debug = 1; - ++verbose; - break; - case 'e': - i = 0; - while (i < strlen(optarg)) { - switch (optarg[i]) { - case 'r': - hydra_options.try_password_reverse_login = 1; - hydra_options.mode = hydra_options.mode | 8; - break; - case 'n': - hydra_options.try_null_password = 1; - hydra_options.mode = hydra_options.mode | 16; - break; - case 's': - hydra_options.try_password_same_as_login = 1; - hydra_options.mode = hydra_options.mode | 32; - break; - default: - fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); - exit(-1); - } - i++; - } - break; - case 'v': - hydra_options.verbose = verbose = 1; - break; - case 'V': - hydra_options.showAttempt = 1; - break; - case 'l': - hydra_options.login = optarg; - break; - case 'L': - hydra_options.loginfile = optarg; - hydra_options.mode = hydra_options.mode | 2; - break; - case 'p': - hydra_options.pass = optarg; - break; - case 'P': - hydra_options.passfile = optarg; - hydra_options.mode = hydra_options.mode | 1; - break; - case 'f': - hydra_options.exit_found = 1; - break; - case 'F': - hydra_options.exit_found = 2; - break; - case 'o': - hydra_options.outfile_ptr = optarg; -// colored_output = 0; - break; - case 'M': - hydra_options.infile_ptr = optarg; - break; - case 'C': - hydra_options.colonfile = optarg; - hydra_options.mode = 64; - break; - case 'm': - hydra_options.miscptr = optarg; - break; - case 'w': - hydra_options.waittime = waittime = atoi(optarg); - if (waittime < 1) { - fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); - exit(-1); - } else if (waittime < 5) - fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); - break; - case 'W': - hydra_options.conwait = conwait = atoi(optarg); - break; - case 's': - hydra_options.port = port = atoi(optarg); - break; - case 'S': + + (void) setvbuf(stdout, NULL, _IONBF, 0); + (void) setvbuf(stderr, NULL, _IONBF, 0); + // set defaults + memset(&hydra_options, 0, sizeof(hydra_options)); + memset(&hydra_brains, 0, sizeof(hydra_brains)); + prg = argv[0]; + hydra_options.debug = debug = 0; + hydra_options.verbose = verbose = 0; + found = 0; + use_proxy = 0; + proxy_string_ip[0] = 0; + proxy_string_port = 0; + strcpy(proxy_string_type, "connect"); + proxy_authentication = cmdlinetarget = NULL; + hydra_options.login = NULL; + hydra_options.loginfile = NULL; + hydra_options.pass = NULL; + hydra_options.passfile = NULL; + hydra_options.tasks = TASKS; + hydra_options.max_use = MAXTASKS; + hydra_brains.ofp = stdout; + hydra_brains.targets = 1; + hydra_options.waittime = waittime = WAITTIME; + + // command line processing + if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) + help(1); + if (argc < 2) + help(0); + while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { + switch (i) { + case 'h': + help(1); + break; + case 'q': + quiet = 1; + break; + case 'O': + old_ssl = 1; + break; + case 'u': + hydra_options.loop_mode = 1; + break; + case '6': + prefer_ipv6 = 1; + break; + case '4': + prefer_ipv6 = 0; + break; + case 'R': + hydra_options.restore = 1; + break; + case 'd': + hydra_options.debug = debug = 1; + ++verbose; + break; + case 'e': + i = 0; + while (i < strlen(optarg)) { + switch (optarg[i]) { + case 'r': + hydra_options.try_password_reverse_login = 1; + hydra_options.mode = hydra_options.mode | 8; + break; + case 'n': + hydra_options.try_null_password = 1; + hydra_options.mode = hydra_options.mode | 16; + break; + case 's': + hydra_options.try_password_same_as_login = 1; + hydra_options.mode = hydra_options.mode | 32; + break; + default: + fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); + exit(-1); + } + i++; + } + break; + case 'v': + hydra_options.verbose = verbose = 1; + break; + case 'V': + hydra_options.showAttempt = 1; + break; + case 'l': + hydra_options.login = optarg; + break; + case 'L': + hydra_options.loginfile = optarg; + hydra_options.mode = hydra_options.mode | 2; + break; + case 'p': + hydra_options.pass = optarg; + break; + case 'P': + hydra_options.passfile = optarg; + hydra_options.mode = hydra_options.mode | 1; + break; + case 'f': + hydra_options.exit_found = 1; + break; + case 'F': + hydra_options.exit_found = 2; + break; + case 'o': + hydra_options.outfile_ptr = optarg; + // colored_output = 0; + break; + case 'M': + hydra_options.infile_ptr = optarg; + break; + case 'C': + hydra_options.colonfile = optarg; + hydra_options.mode = 64; + break; + case 'm': + hydra_options.miscptr = optarg; + break; + case 'w': + hydra_options.waittime = waittime = atoi(optarg); + if (waittime < 1) { + fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); + exit(-1); + } else if (waittime < 5) + fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); + break; + case 'W': + hydra_options.conwait = conwait = atoi(optarg); + break; + case 's': + hydra_options.port = port = atoi(optarg); + break; + case 'S': #ifndef LIBOPENSSL - fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); - hydra_options.ssl = 0; - break; + fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); + hydra_options.ssl = 0; + break; #else - hydra_options.ssl = 1; - break; + hydra_options.ssl = 1; + break; #endif - case 't': - hydra_options.tasks = atoi(optarg); - break; - case 'T': - hydra_options.max_use = atoi(optarg); - break; - case 'U': - modusage = 1; - break; - case 'x': + case 't': + hydra_options.tasks = atoi(optarg); + break; + case 'T': + hydra_options.max_use = atoi(optarg); + break; + case 'U': + modusage = 1; + break; + case 'x': #ifndef HAVE_MATH_H - fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); - exit(-1); + fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); + exit(-1); #else - if (strcmp(optarg, "-h") == 0) - help_bfg(); - bf_options.arg = optarg; - hydra_options.bfg = 1; - hydra_options.mode = hydra_options.mode | 4; - hydra_options.loop_mode = 1; - break; + if (strcmp(optarg, "-h") == 0) + help_bfg(); + bf_options.arg = optarg; + hydra_options.bfg = 1; + hydra_options.mode = hydra_options.mode | 4; + hydra_options.loop_mode = 1; + break; #endif - default: - exit(-1); - } - } - - //check if output is redirected from the shell or in a file - if (colored_output && !isatty(fileno(stdout))) - colored_output = 0; - -#ifdef LIBNCURSES - //then check if the term is color enabled using ncurses lib - if (colored_output) { - if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { - colored_output = 0; - } - } -#else - //don't want border line effect so disabling color output - //if we are not sure about the term - colored_output = 0; -#endif - - if (debug) - printf("[DEBUG] Ouput color flag is %d\n", colored_output); - - if (hydra_options.restore && argc > 2 + debug + verbose) - bail("no option may be supplied together with -R"); - - printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); - if (debug) { - printf("[DEBUG] cmdline: "); - for (i = 0; i < argc; i++) - printf("%s ", argv[i]); - printf("\n"); - } - if (hydra_options.login != NULL && hydra_options.loginfile != NULL) - bail("You can only use -L OR -l, not both\n"); - if (hydra_options.pass != NULL && hydra_options.passfile != NULL) - bail("You can only use -P OR -p, not both\n"); - if (hydra_options.restore) { - hydra_restore_read(); - // stuff we have to copy from the non-restore part - if (strncmp(hydra_options.service, "http-", 5) == 0) { - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - } - } else { // normal mode, aka non-restore mode - if (hydra_options.colonfile) - hydra_options.loop_mode = 0; // just to be sure - if (hydra_options.infile_ptr != NULL) { - if (optind + 2 < argc) - bail("The -M FILE option can not be used together with a host on the commandline"); - if (optind + 1 > argc) - bail("You need to define a service to attack"); - if (optind + 2 == argc) - fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); - hydra_options.server = NULL; - hydra_options.service = argv[optind]; - if (optind + 2 == argc) - hydra_options.miscptr = argv[optind + 1]; - } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { - // check if targetdef follow syntax ://[:][/] or it's a syntax error - char *targetdef = strdup(argv[optind]); - char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; - - if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { - service_pos = strstr(targetdef, "://"); - if ((service_pos - targetdef) == 0) - bail("could not identify service"); - if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) - bail("could not alloc memory"); - strncpy(hydra_options.service, targetdef, service_pos - targetdef); - hydra_options.service[service_pos - targetdef] = 0; - target_pos = targetdef + (service_pos - targetdef + 3); - - if (*target_pos == '[') { - target_pos++; - if ((param_pos = index(target_pos, ']')) == NULL) - bail("no closing ']' found in target definition"); - *param_pos++ = 0; - if (*param_pos == ':') - port_pos = ++param_pos; - if ((param_pos = index(param_pos, '/')) != NULL) - *param_pos++ = 0; - } else { - port_pos = index(target_pos, ':'); - param_pos = index(target_pos, '/'); - if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) - port_pos = NULL; - if (port_pos != NULL) - *port_pos++ = 0; - if (param_pos != NULL) - *param_pos++ = 0; - if (port_pos != NULL && index(port_pos, ':') != NULL) { - if (prefer_ipv6) - bail("Illegal IPv6 target definition must be written within '[' ']'"); - else - bail("Illegal port definition"); - } + default: + exit(-1); } - if (*target_pos == 0) - hydra_options.server = NULL; - else - hydra_options.server = target_pos; - if (port_pos != NULL) - hydra_options.port = port = atoi(port_pos); - if (param_pos != NULL) { - if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') - *--param_pos = '/'; - hydra_options.miscptr = param_pos; - } -//printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); - if (debug) - printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); - } else { - hydra_options.server = NULL; - hydra_options.service = NULL; - - if (modusage) - hydra_options.service = targetdef; - else - help(0); - } - } else { - hydra_options.server = argv[optind]; - cmdlinetarget = argv[optind]; - hydra_options.service = argv[optind + 1]; - if (optind + 3 == argc) - hydra_options.miscptr = argv[optind + 2]; } - if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 - || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { - hydra_options.ssl = 1; - hydra_options.service[strlen(hydra_options.service) - 1] = 0; + //check if output is redirected from the shell or in a file + if (colored_output && !isatty(fileno(stdout))) + colored_output = 0; + +#ifdef LIBNCURSES + //then check if the term is color enabled using ncurses lib + if (colored_output) { + if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { + colored_output = 0; + } } - - if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { - if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || - strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || - strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || - strcmp(hydra_options.service, "sapr3") == 0) { - fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); - proxy_string = NULL; - } - } - - /* here start the services */ - - if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 - || strcmp(hydra_options.service, "https") == 0) { - fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); - if (strcmp(hydra_options.service, "http") == 0) { - hydra_options.service = malloc(strlen("http-get") + 1); - strcpy(hydra_options.service, "http-get"); - } - if (strcmp(hydra_options.service, "https") == 0) { - hydra_options.service = malloc(strlen("https-get") + 1); - strcpy(hydra_options.service, "https-get"); - } - } - - if (strcmp(hydra_options.service, "http-form-get") == 0) - strcpy(hydra_options.service, "http-get-form"); - if (strcmp(hydra_options.service, "https-form-get") == 0) - strcpy(hydra_options.service, "https-get-form"); - if (strcmp(hydra_options.service, "http-form-post") == 0) - strcpy(hydra_options.service, "http-post-form"); - if (strcmp(hydra_options.service, "https-form-post") == 0) - strcpy(hydra_options.service, "https-post-form"); - - if (modusage == 1) - module_usage(); - - i = 0; - if (strcmp(hydra_options.service, "telnet") == 0) { - fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); - i = 1; - } - if (strcmp(hydra_options.service, "ftp") == 0) - i = 1; - if (strcmp(hydra_options.service, "ftps") == 0) { - fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); - i = 1; - } - if (strcmp(hydra_options.service, "pop3") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); - i = 1; - } - if (strcmp(hydra_options.service, "imap") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); - i = 1; - } - if (strcmp(hydra_options.service, "redis") == 0) - i = 2; - if (strcmp(hydra_options.service, "asterisk") == 0) - i = 1; - if (strcmp(hydra_options.service, "vmauthd") == 0) - i = 1; - if (strcmp(hydra_options.service, "rexec") == 0) - i = 1; - if (strcmp(hydra_options.service, "rlogin") == 0) - i = 1; - if (strcmp(hydra_options.service, "rsh") == 0) - i = 3; - if (strcmp(hydra_options.service, "nntp") == 0) - i = 1; - if (strcmp(hydra_options.service, "socks5") == 0) - i = 1; - if (strcmp(hydra_options.service, "icq") == 0) { - fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); - i = 1; - } - if (strcmp(hydra_options.service, "mysql") == 0) { - i = 1; - if (hydra_options.tasks > 4) { - fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); - hydra_options.tasks = 4; - } - } - if (strcmp(hydra_options.service, "mssql") == 0) - i = 1; - if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - i = 2; - hydra_options.service = malloc(strlen("oracle-listener") + 1); - strcpy(hydra_options.service, "oracle-listener"); - } - if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { - i = 3; - hydra_options.service = malloc(strlen("oracle-sid") + 1); - strcpy(hydra_options.service, "oracle-sid"); - } -#ifdef LIBORACLE - if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - i = 1; - hydra_options.service = malloc(strlen("oracle") + 1); - strcpy(hydra_options.service, "oracle"); - } -#endif - if (strcmp(hydra_options.service, "postgres") == 0) -#ifdef LIBPOSTGRES - i = 1; #else - bail("Compiled without LIBPOSTGRES support, module not available!"); + //don't want border line effect so disabling color output + //if we are not sure about the term + colored_output = 0; #endif - if (strcmp(hydra_options.service, "firebird") == 0) -#ifdef LIBFIREBIRD - i = 1; -#else - bail("Compiled without LIBFIREBIRD support, module not available!"); -#endif - if (strcmp(hydra_options.service, "afp") == 0) -#ifdef LIBAFP - i = 1; -#else - bail("Compiled without LIBAFP support, module not available!"); -#endif - if (strcmp(hydra_options.service, "svn") == 0) -#ifdef LIBSVN - i = 1; -#else - bail("Compiled without LIBSVN support, module not available!"); -#endif - if (strcmp(hydra_options.service, "ncp") == 0) -#ifdef LIBNCP - i = 1; -#else - bail("Compiled without LIBNCP support, module not available!"); -#endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - i = 1; - if (strcmp(hydra_options.service, "http-proxy") == 0) { - i = 1; - if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) - - bail("module option must start with http://"); - } - if (strcmp(hydra_options.service, "cvs") == 0) { - i = 1; - if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); - } - } - if (strcmp(hydra_options.service, "svn") == 0) { - i = 1; - if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); - } - } - if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { - if (hydra_options.tasks > 8) - fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); -#ifdef LIBSSH - i = 1; -#else - bail("Compiled without LIBSSH v0.4.x support, module is not available!"); -#endif - } - if (strcmp(hydra_options.service, "smtp") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); - i = 1; - } - if (strcmp(hydra_options.service, "smtp-enum") == 0) - i = 1; - if (strcmp(hydra_options.service, "teamspeak") == 0) - i = 1; - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { - if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); - hydra_options.tasks = 1; - } - i = 1; - } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { -#ifdef LIBOPENSSL - if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); - hydra_options.tasks = 1; - } - i = 1; -#endif - } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || - (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || - (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { -#ifndef LIBOPENSSL - bail("Compiled without OPENSSL support, module not available!"); -#endif - } - if (strcmp(hydra_options.service, "pcnfs") == 0) { - i = 1; - if (port == 0) - bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); - } - if (strcmp(hydra_options.service, "sapr3") == 0) { -#ifdef LIBSAPR3 - i = 1; - if (port == PORT_SAPR3) - bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); - if (port < 3200 || port > 3699) - fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); - if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) - bail("You must set the client ID (0-999) as an additional option or via -m"); -#else - bail("Compiled without LIBSAPR3 support, module not available!"); -#endif - } - if (strcmp(hydra_options.service, "cisco") == 0) { - i = 2; - if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); - } - if (strncmp(hydra_options.service, "snmpv", 5) == 0) { - hydra_options.service[4] = hydra_options.service[5]; - hydra_options.service[5] = 0; - } - if (strcmp(hydra_options.service, "snmp") == 0 || strcmp(hydra_options.service, "snmp1") == 0) { - hydra_options.service[4] = 0; - i = 2; - } - if (strcmp(hydra_options.service, "snmp2") == 0 || strcmp(hydra_options.service, "snmp3") == 0) { - if (hydra_options.miscptr == NULL) - hydra_options.miscptr = strdup(hydra_options.service + 4); - else { - tmpptr = malloc(strlen(hydra_options.miscptr) + 4); - strcpy(tmpptr, hydra_options.miscptr); - strcat(tmpptr, ":"); - strcat(tmpptr, hydra_options.service + 4); - hydra_options.miscptr = tmpptr; - } - hydra_options.service[4] = 0; - i = 2; - } - if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { - char *lptr; - - j = 1; - tmpptr = strdup(hydra_options.miscptr); - lptr = strtok(tmpptr, ":"); - while (lptr != NULL) { - i = 0; - if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { - i = 1; - j = lptr[0] - '0' + (j & 252); - } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) - i = 1; - else if (strcasecmp(lptr, "MD5") == 0) { - i = 1; - j = 4 + (j & 51); - } else if (strcasecmp(lptr, "SHA") == 0 || strcasecmp(lptr, "SHA1") == 0) { - i = 1; - j = 8 + (j & 51); - } else if (strcasecmp(lptr, "DES") == 0) { - i = 1; - j = 16 + (j & 15); - } else if (strcasecmp(lptr, "AES") == 0) { - i = 1; - j = 32 + (j & 15); - } - if (i == 0) { - fprintf(stderr, "[ERROR] unknown parameter in module option: %s\n", lptr); - exit(-1); - } - lptr = strtok(NULL, ":"); - } - i = 2; - if ((j & 3) < 3 && j > 2) - fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); - if ((j & 3) == 3) { - fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); - if (j >= 16) - bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); - if (hydra_options.colonfile == NULL - && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { - if (j > 3) { - fprintf(stderr, - "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); - exit(-1); - } - fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); - tmpptr = malloc(strlen(hydra_options.miscptr) + 8); - strcpy(tmpptr, hydra_options.miscptr); - strcat(tmpptr, ":"); - strcat(tmpptr, "PLAIN"); - hydra_options.miscptr = tmpptr; - } else { - i = 1; // snmpv3 with login+pass mode -#ifndef LIBOPENSSL - bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); -#endif - printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", - (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); - } - } - } - if (strcmp(hydra_options.service, "sip") == 0) { - if (hydra_options.miscptr == NULL) { - if (hydra_options.server != NULL) { - hydra_options.miscptr = hydra_options.server; - i = 1; - } else { - bail("The sip module does not work with multiple servers (-M)\n"); - } - } else { - i = 1; - } - } - if (strcmp(hydra_options.service, "ldap") == 0) { - bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); - } - if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { - i = 1; - if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) - || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) - bail("you may only use one of -l, -L or -m\n"); - if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); - if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { - i = 2; - } - } - if (strcmp(hydra_options.service, "ldap3-crammd5") == 0 || strcmp(hydra_options.service, "ldap3-digestmd5") == 0) { - i = 1; - if (hydra_options.login == NULL && hydra_options.loginfile == NULL) - bail("-l or -L option is required to specify the login\n"); - if (hydra_options.miscptr == NULL) - bail("-m option is required to specify the DN\n"); - } -// ADD NEW SERVICES HERE - if (strcmp(hydra_options.service, "s7-300") == 0) { - if (hydra_options.tasks > 8) { - fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); - hydra_options.tasks = 8; - } - i = 2; - } - if (strcmp(hydra_options.service, "cisco-enable") == 0) { - if (hydra_options.login != NULL || hydra_options.loginfile != NULL) - i = 1; // login will be the initial Username: login, or line Password: - else - i = 2; - if (hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); - if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); - } - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { - i = 4; - hydra_options.pass = empty_login; - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); - } - if (hydra_options.bfg || hydra_options.passfile != NULL) - bail("the http-proxy-urlenum does not need the -p/-P or -x option"); - } - if (strcmp(hydra_options.service, "vnc") == 0) { - i = 2; - if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); - } - if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { -#ifdef LIBOPENSSL - i = 1; - hydra_options.ssl = 1; - if (strcmp(hydra_options.service, "https-head") == 0) - strcpy(hydra_options.service, "http-head"); - else - strcpy(hydra_options.service, "http-get"); -#else - bail("Compiled without SSL support, module not available"); -#endif - } - if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { - i = 1; - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); - hydra_options.miscptr = malloc(2); - hydra_options.miscptr = "/"; - } - if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - if (strcmp(hydra_options.service, "http-head") == 0) - fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); - } - - if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 - || strcmp(hydra_options.service, "https-post-form") == 0) { - char bufferurl[1024], *url, *variables, *cond, *optional1; - - if (strncmp(hydra_options.service, "http-", 5) == 0) { - i = 1; - } else { // https -#ifdef LIBOPENSSL - i = 1; - hydra_options.ssl = 1; - if (strcmp(hydra_options.service, "https-post-form") == 0) - strcpy(hydra_options.service, "http-post-form"); - else - strcpy(hydra_options.service, "http-get-form"); -#else - bail("Compiled without SSL support, module not available"); -#endif - } - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); - hydra_options.miscptr = malloc(2); - hydra_options.miscptr = "/"; - } - //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); - if (hydra_options.miscptr[0] != '/') - bail("optional parameter must start with a '/' slash!\n"); - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - - if (strstr(hydra_options.miscptr, "\\:") != NULL) { - fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); - } else { - sprintf(bufferurl, "%.1000s", hydra_options.miscptr); - url = strtok(bufferurl, ":"); - variables = strtok(NULL, ":"); - cond = strtok(NULL, ":"); - optional1 = strtok(NULL, "\n"); - if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { - fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); - exit(-1); - } - if ((url == NULL) || (cond == NULL)) { - fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); - exit(-1); - } - while ((optional1 = strtok(NULL, ":")) != NULL) { - if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { - fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); - exit(-1); - } - switch (optional1[0]) { - case 'C': // fall through - case 'c': - if (optional1[1] != '=' || optional1[2] != '/') { - fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); - exit(-1); - } - break; - case 'H': // fall through - case 'h': - if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { - fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); - exit(-1); - } - break; - default: - fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); - } - } - } - } - - if (strcmp(hydra_options.service, "xmpp") == 0) - i = 1; - if (strcmp(hydra_options.service, "irc") == 0) - i = 1; - if (strcmp(hydra_options.service, "rdp") == 0) { - if (hydra_options.tasks > 4) - fprintf(stderr, - "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); - //if (hydra_options.tasks > 4) { - // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); - // hydra_options.tasks = 4; - //} - //if (conwait == 0) - // hydra_options.conwait = conwait = 1; - i = 1; - } - // ADD NEW SERVICES HERE - - if (i == 0) { - fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); - exit(-1); - } - if (port < 1 || port > 65535) { - if ((port = hydra_lookup_port(hydra_options.service)) < 1) { - fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); - exit(-1); - } - hydra_options.port = port; - } - - if (hydra_options.ssl == 0 && hydra_options.port == 443) - fprintf(stderr, - "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); - - if (hydra_options.loop_mode && hydra_options.colonfile != NULL) - bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); - if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) - fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); - if (i == 2) { - if (hydra_options.colonfile != NULL - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) - bail - ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); - if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { - hydra_options.pass = hydra_options.login; - hydra_options.passfile = hydra_options.loginfile; - } - hydra_options.login = empty_login; - hydra_options.loginfile = NULL; - } - if (i == 3) { - if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) - bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); - if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { - hydra_options.login = hydra_options.pass; - hydra_options.loginfile = hydra_options.passfile; - } - hydra_options.pass = empty_login; - hydra_options.passfile = NULL; - } - if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) - bail("I need at least either the -l or -L option to know the login"); - if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) - bail("I need at least either the -p, -P or -x option to have a password to try"); - if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) - bail("I need at least either the -l, -L or -C option to know the login"); - if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) - || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) - bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); - if ((hydra_options.bfg) - && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) - || (hydra_options.colonfile != NULL))) - bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); - if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 - && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { - // test if the service is smtp-enum as it could be used either with a login+pass or only a login - if (strstr(hydra_options.service, "smtp-enum") != NULL) - hydra_options.pass = empty_login; - else - bail("I need at least the -e, -p, -P or -x option to have some passwords!"); - } - if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { - fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); - exit(-1); - } - if (hydra_options.max_use > MAXTASKS) { - fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); - hydra_options.max_use = MAXTASKS; - } - - // script kiddie patch - if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) - fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); - - if (hydra_options.colonfile == NULL) { - if (hydra_options.loginfile != NULL) { - if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile); - exit(-1); - } - hydra_brains.countlogin = countlines(lfp, 0); - hydra_brains.sizelogin = size_of_data; - if (hydra_brains.countlogin == 0) { - fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile); - exit(-1); - } - if (hydra_brains.countlogin > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); - exit(-1); - } - if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); - exit(-1); - } - login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); - if (login_ptr == NULL) - bail("Could not allocate enough memory for login file data"); - memset(login_ptr, 0, hydra_brains.sizelogin + hydra_brains.countlogin + 8); - fill_mem(login_ptr, lfp, 0); - } else { - login_ptr = hydra_options.login; - hydra_brains.sizelogin = strlen(hydra_options.login) + 1; - hydra_brains.countlogin = 1; - } - if (hydra_options.passfile != NULL) { - if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile); - exit(-1); - } - hydra_brains.countpass = countlines(pfp, 0); - hydra_brains.sizepass = size_of_data; - if (hydra_brains.countpass == 0) { - fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile); - exit(-1); - } - if (hydra_brains.countpass > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); - exit(-1); - } - if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); - exit(-1); - } - pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); - if (pass_ptr == NULL) - bail("Could not allocate enough memory for password file data"); - memset(pass_ptr, 0, hydra_brains.sizepass + hydra_brains.countpass + 8); - fill_mem(pass_ptr, pfp, 0); - } else { - if (hydra_options.pass != NULL) { - pass_ptr = hydra_options.pass; - hydra_brains.countpass = 1; - hydra_brains.sizepass = strlen(hydra_options.pass) + 1; - } else { - if (hydra_options.bfg) { -#ifdef HAVE_MATH_H - if (bf_init(bf_options.arg)) - exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(); - hydra_brains.countpass += bf_get_pcount(); - hydra_brains.sizepass += BF_BUFLEN; -#else - sleep(1); -#endif - } else { - pass_ptr = hydra_options.pass = empty_login; - hydra_brains.countpass = 0; - hydra_brains.sizepass = 1; - } - } - } - } else { - if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile); - exit(-1); - } - hydra_brains.countlogin = countlines(cfp, 1); - hydra_brains.sizelogin = size_of_data; - if (hydra_brains.countlogin == 0) { - fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile); - exit(-1); - } - if (hydra_brains.countlogin > MAX_LINES / 2) { - fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); - exit(-1); - } - if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); - exit(-1); - } - csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); - if (csv_ptr == NULL) - bail("Could not allocate enough memory for colon file data"); - memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); - fill_mem(csv_ptr, cfp, 1); -//printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); -//hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); - hydra_brains.countpass = 1; - pass_ptr = login_ptr = csv_ptr; - while (*pass_ptr != 0) - pass_ptr++; - pass_ptr++; - } - - hydra_brains.countpass += hydra_options.try_password_reverse_login + hydra_options.try_password_same_as_login + hydra_options.try_null_password; - if ((memcheck = malloc(102400)) == NULL) { - fprintf(stderr, "[ERROR] your wordlist is too large, not enough memory!\n"); - exit(-1); - } - free(memcheck); - if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { - fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); - sleep(10); - fclose(rfp); - } - - if (hydra_options.infile_ptr != NULL) { - if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr); - exit(-1); - } - hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); - if (countinfile == 0) { - fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr); - exit(-1); - } -// if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); - hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); - if (hydra_targets == NULL) - bail("Could not allocate enough memory for target data"); - sizeinfile = size_of_data; - if (countinfile > MAX_LINES / 1000) { - fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); - exit(-1); - } - if (sizeinfile > MAX_BYTES / 1000) { - fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); - exit(-1); - } - if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) - bail("Could not allocate enough memory for target file data"); - memset(servers_ptr, 0, sizeinfile + countservers + 8); - fill_mem(servers_ptr, ifp, 0); - sizeservers = sizeinfile; - tmpptr = servers_ptr; - for (i = 0; i < countinfile; i++) { - hydra_targets[i] = malloc(sizeof(hydra_target)); - memset(hydra_targets[i], 0, sizeof(hydra_target)); - if (*tmpptr == '[') { - tmpptr++; - hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(tmpptr, ']')) != NULL) { - *tmpptr2++ = 0; - tmpptr = tmpptr2; - } - } else - hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { - *tmpptr2++ = 0; - tmpptr = tmpptr2; - hydra_targets[i]->port = atoi(tmpptr2); - if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) - hydra_targets[i]->port = 0; - } - if (hydra_targets[i]->port == 0) - hydra_targets[i]->port = hydra_options.port; - while (*tmpptr != 0) - tmpptr++; - tmpptr++; - } - } else if (index(hydra_options.server, '/') != NULL) { - /* CIDR notation on command line, e.g. 192.168.0.0/24 */ - unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; - in_addr_t addr4; - struct sockaddr_in target; - - hydra_options.cidr = 1; - do_retry = 0; - if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { - fprintf(stderr, "Error: can not allocate memory\n"); - exit(-1); - } - strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); - *tmpptr2++ = 0; - if ((k = atoi(tmpptr2)) < 16 || k > 31) { - fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); - exit(-1); - } - if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { - fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); - exit(-1); - } - free(tmpptr); - l = 1 << (32 - k); - l--; - four_to = (addr4 | l); - l = 0xffffffff - l; - four_from = (addr4 & l); - l = 1 << (32 - k); - hydra_brains.targets = countservers = l; - hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); - if (hydra_targets == NULL) - bail("Could not allocate enough memory for target data"); - i = 0; - addr_cur = four_from; - while (addr_cur <= four_to && i < l) { - hydra_targets[i] = malloc(sizeof(hydra_target)); - memset(hydra_targets[i], 0, sizeof(hydra_target)); - addr_cur2 = htonl(addr_cur); - memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); - hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); - hydra_targets[i]->port = hydra_options.port; - addr_cur++; - i++; - } - if (verbose) - printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); - printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); - } else { // standard: single target on command line - countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(int) * 4); - hydra_targets[0] = malloc(sizeof(hydra_target)); - memset(hydra_targets[0], 0, sizeof(hydra_target)); - hydra_targets[0]->target = servers_ptr = hydra_options.server; - hydra_targets[0]->port = hydra_options.port; - sizeservers = strlen(hydra_options.server) + 1; - } - for (i = 0; i < hydra_brains.targets; i++) { - hydra_targets[i]->login_ptr = login_ptr; - hydra_targets[i]->pass_ptr = pass_ptr; - if (hydra_options.loop_mode) { - if (hydra_options.try_password_same_as_login) - hydra_targets[i]->pass_state = 0; - else if (hydra_options.try_null_password) { - hydra_targets[i]->pass_ptr = empty_login; - hydra_targets[i]->pass_state = 1; - } else if (hydra_options.try_password_reverse_login) - hydra_targets[i]->pass_state = 2; - else - hydra_targets[i]->pass_state = 3; - } - } - } // END OF restore == 0 - - if (getenv("HYDRA_PROXY") && use_proxy == 0) { - printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); - use_proxy = 2; - } - if (use_proxy == 1) - proxy_string = getenv("HYDRA_PROXY_HTTP"); - if (use_proxy == 2) - proxy_string = getenv("HYDRA_PROXY"); - if (proxy_string != NULL && proxy_string[0] != 0) { - if (strstr(proxy_string, "//") != NULL) { - char *dslash = strstr(proxy_string, "://"); - - if (dslash) { - proxy_string[dslash - proxy_string] = 0; - strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1); - proxy_string_type[sizeof(proxy_string_type) - 1] = 0; - } - - proxy_string = dslash; - proxy_string += 3; - } - if (proxy_string[strlen(proxy_string) - 1] == '/') - proxy_string[strlen(proxy_string) - 1] = 0; - if ((tmpptr = index(proxy_string, ':')) == NULL) - use_proxy = 0; - else { - *tmpptr = 0; - tmpptr++; - memset(&hints, 0, sizeof hints); - if ((device = index(proxy_string, '%')) != NULL) - *device++ = 0; - if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { - fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); - exit(-1); - } else { - for (p = res; p != NULL; p = p->ai_next) { -#ifdef AF_INET6 - if (p->ai_family == AF_INET6) { - if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; - } else -#endif - if (p->ai_family == AF_INET) { - if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; - } - } - freeaddrinfo(res); -#ifdef AF_INET6 - if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { - proxy_string_ip[0] = 16; - memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); - if (device != NULL && strlen(device) <= 16) - strcpy(proxy_string_ip + 17, device); - if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { - if (device == NULL) { - fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); - exit(-1); - } - } - } else -#endif - if (ipv4 != NULL) { - proxy_string_ip[0] = 4; - memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); - } else { - fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); - exit(-1); - } - } - proxy_string_port = atoi(tmpptr); - } - if (use_proxy == 0) - fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); - } else - use_proxy = 0; - if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { - if (index(tmpptr, ':') == NULL) { - fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); - } else { - proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); - strcpy(proxy_authentication, tmpptr); - if (hydra_strcasestr(proxy_string_type, "socks") == NULL) - hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); - } - } - - if (hydra_options.restore == 0) { - if ((strcmp(hydra_options.service, "rsh") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) - math2 = hydra_brains.countlogin; - else - math2 = hydra_brains.countlogin * hydra_brains.countpass; - -#ifdef HAVE_MATH_H - if (hydra_options.bfg) { - math2 = hydra_brains.countlogin * bf_get_pcount(); - } -#endif - - hydra_brains.todo = math2; - math2 = math2 * hydra_brains.targets; - hydra_brains.todo_all = math2; - if (hydra_brains.todo_all == 0) - bail("No login/password combination given!"); - if (hydra_brains.todo < hydra_options.tasks) { - if (verbose && hydra_options.tasks != TASKS) - printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); - hydra_options.tasks = hydra_brains.todo; - } - } - if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T - if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) - hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; - if (hydra_options.max_use > MAXTASKS) - hydra_options.max_use = MAXTASKS; - } - if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { - if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) - hydra_options.tasks = 1; - //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); - } else { - if (hydra_options.tasks > MAXTASKS) { - //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); - hydra_options.tasks = MAXTASKS; - } - } -// hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; -// if (hydra_options.max_use > MAXTASKS) -// hydra_options.max_use = MAXTASKS; - math2 = (hydra_brains.todo / hydra_options.tasks); - if (hydra_brains.todo % hydra_options.tasks) - math2++; - math2 = (math2 * hydra_brains.targets) / hydra_options.max_use; - // set options (bits!) - options = 0; - if (hydra_options.ssl) - options = options | OPTION_SSL; - if (hydra_options.colonfile != NULL) - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, - math2 == 1 ? "y" : "ies"); - else - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); - - printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); - - if (hydra_options.outfile_ptr != NULL) { - if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { - perror("[ERROR] Error creating outputfile"); - exit(-1); - } - fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), - hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); - for (i = 1; i < argc; i++) - fprintf(hydra_brains.ofp, " %s", argv[i]); - fprintf(hydra_brains.ofp, ")\n"); - } - // we have to flush all writeable buffered file pointers before forking - // set appropriate signals for mother - signal(SIGCHLD, killed_childs); - if (debug == 0) - signal(SIGTERM, kill_children); - if (debug == 0) { -#ifdef SIGBUS - signal(SIGBUS, kill_children); -#endif - signal(SIGSEGV, kill_children); - } - signal(SIGHUP, kill_children); - signal(SIGINT, kill_children); - signal(SIGPIPE, SIG_IGN); - if (verbose) - printf("[VERBOSE] Resolving addresses ... "); - if (debug) - printf("\n"); - for (i = 0; i < hydra_brains.targets; i++) { + if (debug) - printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); - memset(&hints, 0, sizeof(hints)); - ipv4 = NULL; -#ifdef AF_INET6 - ipv6 = NULL; - if ((device = index(hydra_targets[i]->target, '%')) != NULL) - *device++ = 0; -#endif - if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { - if (use_proxy == 0) { - if (verbose) - printf("[failed for %s] ", hydra_targets[i]->target); - else - fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; - hydra_brains.finished++; - } - } else { - for (p = res; p != NULL; p = p->ai_next) { -#ifdef AF_INET6 - if (p->ai_family == AF_INET6) { - if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; - } else -#endif - if (p->ai_family == AF_INET) { - if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; - } - } -#ifdef AF_INET6 - if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { - // IPV6 FIXME - if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { - fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", - hydra_targets[i]->target, hydra_options.service); - hydra_targets[i]->done = 3; - hydra_brains.finished++; - } else { - hydra_targets[i]->ip[0] = 16; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); - if (device != NULL && strlen(device) <= 16) - strcpy(&hydra_targets[i]->ip[17], device); - if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { - if (device == NULL) { - fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", - hydra_targets[i]->target); - exit(-1); + printf("[DEBUG] Ouput color flag is %d\n", colored_output); + + if (hydra_options.restore && argc > 2 + debug + verbose) + bail("no option may be supplied together with -R"); + + printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (debug) { + printf("[DEBUG] cmdline: "); + for (i = 0; i < argc; i++) + printf("%s ", argv[i]); + printf("\n"); + } + if (hydra_options.login != NULL && hydra_options.loginfile != NULL) + bail("You can only use -L OR -l, not both\n"); + if (hydra_options.pass != NULL && hydra_options.passfile != NULL) + bail("You can only use -P OR -p, not both\n"); + if (hydra_options.restore) { + hydra_restore_read(); + // stuff we have to copy from the non-restore part + if (strncmp(hydra_options.service, "http-", 5) == 0) { + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; } - } } - } else -#endif - if (ipv4 != NULL) { - hydra_targets[i]->ip[0] = 4; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); - } else { - if (verbose) - printf("[failed for %s] ", hydra_targets[i]->target); - else - fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; - hydra_brains.finished++; - } - freeaddrinfo(res); - } - } - if (verbose) - printf("done\n"); - if (hydra_brains.targets == 0) - bail("No server to scan!"); - -#ifndef SO_BINDTODEVICE - if (device != NULL) { - fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); - } -#endif - - if (hydra_options.restore == 0) { - hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); - target_no = 0; - for (i = 0; i < hydra_options.max_use; i++) { - hydra_heads[i] = malloc(sizeof(hydra_head)); - memset(hydra_heads[i], 0, sizeof(hydra_head)); - } - } - // here we call the init function of the relevant service module - // should we do the init centrally or should each child do that? - // that depends largely on the number of targets and maximum tasks -// if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) - for (i = 0; i < hydra_brains.targets; i++) - hydra_service_init(i); - - starttime = elapsed_status = elapsed_restore = time(NULL); - fflush(stdout); - fflush(stderr); - fflush(hydra_brains.ofp); - - hydra_debug(0, "attack"); - process_restore = 1; - - // this is the big function which starts the attacking children, feeds login/password pairs, etc.! - while (exit_condition == 0) { - FD_ZERO(&fdreadheads); - for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { - if (hydra_heads[head_no]->active > 0) { - FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); - if (max_fd < hydra_heads[head_no]->sp[0]) - max_fd = hydra_heads[head_no]->sp[0]; - } - } - my_select(max_fd + 1, &fdreadheads, NULL, NULL, 0, 200000); - tmp_time = time(NULL); - - for (head_no = 0; head_no < hydra_options.max_use; head_no++) { - if (debug && hydra_heads[head_no]->active != -1) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); - switch (hydra_heads[head_no]->active) { - case -1: - // disabled head, ignored - break; - case 0: - if (hydra_heads[head_no]->redo) { - hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); - } else { - if (hydra_brains.targets > hydra_brains.finished) - hydra_heads[head_no]->target_no = hydra_select_target(); - else - hydra_heads[head_no]->target_no = -1; - if (debug) - printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); - if (hydra_heads[head_no]->target_no < 0) { - if (debug) printf("[DEBUG] hydra_select_target() reports no more targets left\n"); - hydra_kill_head(head_no, 0, 3); - } else - hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 - } - break; - case 1: - if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { - readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); - if (readres > 0) { - FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); - hydra_heads[head_no]->last_seen = tmp_time; - if (debug) - printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); - switch (rc) { - // Valid Results: - // n - mother says to itself that child requests next login/password pair - // N - child requests next login/password pair - // Q - child reports that it is quitting - // C - child reports connect error (and is quitting) - // E - child reports protocol error (and is quitting) - // f - child reports that the username does not exist - // F - child reports that it found a valid login/password pair - // and requests next pair. Sends login/pw pair with next msg! - case 'N': // head wants next pair - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - // no break here - case 'n': // mother sends this to itself initially - loop_cnt = 0; - if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) - hydra_kill_head(head_no, 1, 0); - break; - - case 'F': // valid password found - hydra_brains.found++; - if (colored_output) { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } else { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } - if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } - if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found - if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { - hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done - hydra_brains.finished++; - printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); - } - if (hydra_options.exit_found == 2) { - for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done == 0) { - hydra_targets[j]->done = 1; - hydra_brains.finished++; + } else { // normal mode, aka non-restore mode + if (hydra_options.colonfile) + hydra_options.loop_mode = 0; // just to be sure + if (hydra_options.infile_ptr != NULL) { + if (optind + 2 < argc) + bail("The -M FILE option can not be used together with a host on the commandline"); + if (optind + 1 > argc) + bail("You need to define a service to attack"); + if (optind + 2 == argc) + fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); + hydra_options.server = NULL; + hydra_options.service = argv[optind]; + if (optind + 2 == argc) + hydra_options.miscptr = argv[optind + 1]; + } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { + // check if targetdef follow syntax ://[:][/] or it's a syntax error + char *targetdef = strdup(argv[optind]); + char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; + + if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { + service_pos = strstr(targetdef, "://"); + if ((service_pos - targetdef) == 0) + bail("could not identify service"); + if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) + bail("could not alloc memory"); + strncpy(hydra_options.service, targetdef, service_pos - targetdef); + hydra_options.service[service_pos - targetdef] = 0; + target_pos = targetdef + (service_pos - targetdef + 3); + + if (*target_pos == '[') { + target_pos++; + if ((param_pos = index(target_pos, ']')) == NULL) + bail("no closing ']' found in target definition"); + *param_pos++ = 0; + if (*param_pos == ':') + port_pos = ++param_pos; + if ((param_pos = index(param_pos, '/')) != NULL) + *param_pos++ = 0; + } else { + port_pos = index(target_pos, ':'); + param_pos = index(target_pos, '/'); + if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) + port_pos = NULL; + if (port_pos != NULL) + *port_pos++ = 0; + if (param_pos != NULL) + *param_pos++ = 0; + if (port_pos != NULL && index(port_pos, ':') != NULL) { + if (prefer_ipv6) + bail("Illegal IPv6 target definition must be written within '[' ']'"); + else + bail("Illegal port definition"); } } - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { - if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) - hydra_kill_head(j, 1, 0); // kill all heads working on the target - else - hydra_kill_head(j, 1, 2); // kill all heads working on the target + if (*target_pos == 0) + hydra_options.server = NULL; + else + hydra_options.server = target_pos; + if (port_pos != NULL) + hydra_options.port = port = atoi(port_pos); + if (param_pos != NULL) { + if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') + *--param_pos = '/'; + hydra_options.miscptr = param_pos; } - continue; - } - // fall through - case 'f': // username identified as invalid - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - memset(buf, 0, sizeof(buf)); - read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); - hydra_skip_user(hydra_heads[head_no]->target_no, buf); - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack - break; - - // we do not make a difference between 'C' and 'E' results - yet - case 'E': // head reports protocol error - case 'C': // head reports connect error - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); - if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); - } - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - break; - - case 'Q': // head reports its quitting - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); - if (debug) - printf("[DEBUG] child %d reported it quit\n", head_no); - hydra_kill_head(head_no, 1, 0); - break; - - default: - fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); + if (debug) + printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); + } else { + hydra_options.server = NULL; + hydra_options.service = NULL; + + if (modusage) + hydra_options.service = targetdef; + else + help(0); } - } - if (readres == -1) { - if (verbose) - fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } } else { - if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { - // check if recover of timed-out head is necessary - if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { - if (kill(hydra_heads[head_no]->pid, 0) < 0) { - if (verbose) - fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } - } - // if we do not get to hear anything for a longer time assume its dead - if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { - if (verbose) - fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } - } + hydra_options.server = argv[optind]; + cmdlinetarget = argv[optind]; + hydra_options.service = argv[optind + 1]; + if (optind + 3 == argc) + hydra_options.miscptr = argv[optind + 2]; } - break; - default: - fprintf(stderr, "[ERROR] child %d in unknown state, restarting!\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } + + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 + || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { + hydra_options.ssl = 1; + hydra_options.service[strlen(hydra_options.service) - 1] = 0; + } + + if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { + if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || + strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || + strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || + strcmp(hydra_options.service, "sapr3") == 0) { + fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); + proxy_string = NULL; + } + } + + /* here start the services */ + + if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 + || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); + if (strcmp(hydra_options.service, "http") == 0) { + hydra_options.service = malloc(strlen("http-get") + 1); + strcpy(hydra_options.service, "http-get"); + } + if (strcmp(hydra_options.service, "https") == 0) { + hydra_options.service = malloc(strlen("https-get") + 1); + strcpy(hydra_options.service, "https-get"); + } + } + + if (strcmp(hydra_options.service, "http-form-get") == 0) + strcpy(hydra_options.service, "http-get-form"); + if (strcmp(hydra_options.service, "https-form-get") == 0) + strcpy(hydra_options.service, "https-get-form"); + if (strcmp(hydra_options.service, "http-form-post") == 0) + strcpy(hydra_options.service, "http-post-form"); + if (strcmp(hydra_options.service, "https-form-post") == 0) + strcpy(hydra_options.service, "https-post-form"); + + if (modusage == 1) + module_usage(); + + i = 0; + if (strcmp(hydra_options.service, "telnet") == 0) { + fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); + i = 1; + } + if (strcmp(hydra_options.service, "ftp") == 0) + i = 1; + if (strcmp(hydra_options.service, "ftps") == 0) { + fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); + i = 1; + } + if (strcmp(hydra_options.service, "pop3") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "imap") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "redis") == 0) + i = 2; + if (strcmp(hydra_options.service, "asterisk") == 0) + i = 1; + if (strcmp(hydra_options.service, "vmauthd") == 0) + i = 1; + if (strcmp(hydra_options.service, "rexec") == 0) + i = 1; + if (strcmp(hydra_options.service, "rlogin") == 0) + i = 1; + if (strcmp(hydra_options.service, "rsh") == 0) + i = 3; + if (strcmp(hydra_options.service, "nntp") == 0) + i = 1; + if (strcmp(hydra_options.service, "socks5") == 0) + i = 1; + if (strcmp(hydra_options.service, "icq") == 0) { + fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); + i = 1; + } + if (strcmp(hydra_options.service, "mysql") == 0) { + i = 1; + if (hydra_options.tasks > 4) { + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); + hydra_options.tasks = 4; + } + } + if (strcmp(hydra_options.service, "mssql") == 0) + i = 1; + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + i = 2; + hydra_options.service = malloc(strlen("oracle-listener") + 1); + strcpy(hydra_options.service, "oracle-listener"); + } + if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { + i = 3; + hydra_options.service = malloc(strlen("oracle-sid") + 1); + strcpy(hydra_options.service, "oracle-sid"); + } +#ifdef LIBORACLE + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + i = 1; + hydra_options.service = malloc(strlen("oracle") + 1); + strcpy(hydra_options.service, "oracle"); + } +#endif + if (strcmp(hydra_options.service, "postgres") == 0) +#ifdef LIBPOSTGRES + i = 1; +#else + bail("Compiled without LIBPOSTGRES support, module not available!"); +#endif + if (strcmp(hydra_options.service, "firebird") == 0) +#ifdef LIBFIREBIRD + i = 1; +#else + bail("Compiled without LIBFIREBIRD support, module not available!"); +#endif + if (strcmp(hydra_options.service, "afp") == 0) +#ifdef LIBAFP + i = 1; +#else + bail("Compiled without LIBAFP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "svn") == 0) +#ifdef LIBSVN + i = 1; +#else + bail("Compiled without LIBSVN support, module not available!"); +#endif + if (strcmp(hydra_options.service, "ncp") == 0) +#ifdef LIBNCP + i = 1; +#else + bail("Compiled without LIBNCP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + i = 1; + if (strcmp(hydra_options.service, "http-proxy") == 0) { + i = 1; + if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) + + bail("module option must start with http://"); + } + if (strcmp(hydra_options.service, "cvs") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); + } + } + if (strcmp(hydra_options.service, "svn") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); + } + } + if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { + if (hydra_options.tasks > 8) + fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); +#ifdef LIBSSH + i = 1; +#else + bail("Compiled without LIBSSH v0.4.x support, module is not available!"); +#endif + } + if (strcmp(hydra_options.service, "smtp") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "smtp-enum") == 0) + i = 1; + if (strcmp(hydra_options.service, "teamspeak") == 0) + i = 1; + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { +#ifdef LIBOPENSSL + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; +#endif + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || + (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || + (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { +#ifndef LIBOPENSSL + bail("Compiled without OPENSSL support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "pcnfs") == 0) { + i = 1; + if (port == 0) + bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); + } + if (strcmp(hydra_options.service, "sapr3") == 0) { +#ifdef LIBSAPR3 + i = 1; + if (port == PORT_SAPR3) + bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); + if (port < 3200 || port > 3699) + fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); + if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) + bail("You must set the client ID (0-999) as an additional option or via -m"); +#else + bail("Compiled without LIBSAPR3 support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "cisco") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); + } + if (strncmp(hydra_options.service, "snmpv", 5) == 0) { + hydra_options.service[4] = hydra_options.service[5]; + hydra_options.service[5] = 0; + } + if (strcmp(hydra_options.service, "snmp") == 0 || strcmp(hydra_options.service, "snmp1") == 0) { + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp2") == 0 || strcmp(hydra_options.service, "snmp3") == 0) { + if (hydra_options.miscptr == NULL) + hydra_options.miscptr = strdup(hydra_options.service + 4); + else { + tmpptr = malloc(strlen(hydra_options.miscptr) + 4); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, hydra_options.service + 4); + hydra_options.miscptr = tmpptr; + } + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { + char *lptr; + + j = 1; + tmpptr = strdup(hydra_options.miscptr); + lptr = strtok(tmpptr, ":"); + while (lptr != NULL) { + i = 0; + if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { + i = 1; + j = lptr[0] - '0' + (j & 252); + } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) + i = 1; + else if (strcasecmp(lptr, "MD5") == 0) { + i = 1; + j = 4 + (j & 51); + } else if (strcasecmp(lptr, "SHA") == 0 || strcasecmp(lptr, "SHA1") == 0) { + i = 1; + j = 8 + (j & 51); + } else if (strcasecmp(lptr, "DES") == 0) { + i = 1; + j = 16 + (j & 15); + } else if (strcasecmp(lptr, "AES") == 0) { + i = 1; + j = 32 + (j & 15); + } + if (i == 0) { + fprintf(stderr, "[ERROR] unknown parameter in module option: %s\n", lptr); + exit(-1); + } + lptr = strtok(NULL, ":"); + } + i = 2; + if ((j & 3) < 3 && j > 2) + fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); + if ((j & 3) == 3) { + fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); + if (j >= 16) + bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); + if (hydra_options.colonfile == NULL + && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { + if (j > 3) { + fprintf(stderr, + "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); + exit(-1); + } + fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); + tmpptr = malloc(strlen(hydra_options.miscptr) + 8); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, "PLAIN"); + hydra_options.miscptr = tmpptr; + } else { + i = 1; // snmpv3 with login+pass mode +#ifndef LIBOPENSSL + bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); +#endif + printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", + (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); + } + } + } + if (strcmp(hydra_options.service, "sip") == 0) { + if (hydra_options.miscptr == NULL) { + if (hydra_options.server != NULL) { + hydra_options.miscptr = hydra_options.server; + i = 1; + } else { + bail("The sip module does not work with multiple servers (-M)\n"); + } + } else { + i = 1; + } + } + if (strcmp(hydra_options.service, "ldap") == 0) { + bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); + } + if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { + i = 1; + if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) + || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) + bail("you may only use one of -l, -L or -m\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) + fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { + i = 2; + } + } + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0 || strcmp(hydra_options.service, "ldap3-digestmd5") == 0) { + i = 1; + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("-l or -L option is required to specify the login\n"); + if (hydra_options.miscptr == NULL) + bail("-m option is required to specify the DN\n"); + } + // ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "rtsp") == 0) + i = 1; + if (strcmp(hydra_options.service, "s7-300") == 0) { + if (hydra_options.tasks > 8) { + fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); + hydra_options.tasks = 8; + } + i = 2; + } + if (strcmp(hydra_options.service, "cisco-enable") == 0) { + if (hydra_options.login != NULL || hydra_options.loginfile != NULL) + i = 1; // login will be the initial Username: login, or line Password: + else + i = 2; + if (hydra_options.miscptr == NULL) + fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); + } + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { + i = 4; + hydra_options.pass = empty_login; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); + } + if (hydra_options.bfg || hydra_options.passfile != NULL) + bail("the http-proxy-urlenum does not need the -p/-P or -x option"); + } + if (strcmp(hydra_options.service, "vnc") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); + } + if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-head") == 0) + strcpy(hydra_options.service, "http-head"); + else + strcpy(hydra_options.service, "http-get"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { + i = 1; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + if (strcmp(hydra_options.service, "http-head") == 0) + fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); + } + + if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 + || strcmp(hydra_options.service, "https-post-form") == 0) { + char bufferurl[1024], *url, *variables, *cond, *optional1; + + if (strncmp(hydra_options.service, "http-", 5) == 0) { + i = 1; + } else { // https +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-post-form") == 0) + strcpy(hydra_options.service, "http-post-form"); + else + strcpy(hydra_options.service, "http-get-form"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (hydra_options.miscptr[0] != '/') + bail("optional parameter must start with a '/' slash!\n"); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + + if (strstr(hydra_options.miscptr, "\\:") != NULL) { + fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); + } else { + sprintf(bufferurl, "%.1000s", hydra_options.miscptr); + url = strtok(bufferurl, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { + fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); + exit(-1); + } + if ((url == NULL) || (cond == NULL)) { + fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); + exit(-1); + } + while ((optional1 = strtok(NULL, ":")) != NULL) { + if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { + fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + exit(-1); + } + switch (optional1[0]) { + case 'C': // fall through + case 'c': + if (optional1[1] != '=' || optional1[2] != '/') { + fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); + exit(-1); + } + break; + case 'H': // fall through + case 'h': + if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { + fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); + exit(-1); + } + break; + default: + fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); + } + } + } + } + + if (strcmp(hydra_options.service, "xmpp") == 0) + i = 1; + if (strcmp(hydra_options.service, "irc") == 0) + i = 1; + if (strcmp(hydra_options.service, "rdp") == 0) { + if (hydra_options.tasks > 4) + fprintf(stderr, + "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); + //if (hydra_options.tasks > 4) { + // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); + // hydra_options.tasks = 4; + //} + //if (conwait == 0) + // hydra_options.conwait = conwait = 1; + i = 1; + } + // ADD NEW SERVICES HERE + + if (i == 0) { + fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); + exit(-1); + } + if (port < 1 || port > 65535) { + if ((port = hydra_lookup_port(hydra_options.service)) < 1) { + fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); + exit(-1); + } + hydra_options.port = port; + } + + if (hydra_options.ssl == 0 && hydra_options.port == 443) + fprintf(stderr, + "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); + + if (hydra_options.loop_mode && hydra_options.colonfile != NULL) + bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); + if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) + fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); + if (i == 2) { + if (hydra_options.colonfile != NULL + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) + bail + ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); + if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { + hydra_options.pass = hydra_options.login; + hydra_options.passfile = hydra_options.loginfile; + } + hydra_options.login = empty_login; + hydra_options.loginfile = NULL; + } + if (i == 3) { + if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) + bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); + if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { + hydra_options.login = hydra_options.pass; + hydra_options.loginfile = hydra_options.passfile; + } + hydra_options.pass = empty_login; + hydra_options.passfile = NULL; + } + if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("I need at least either the -l or -L option to know the login"); + if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) + bail("I need at least either the -p, -P or -x option to have a password to try"); + if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) + bail("I need at least either the -l, -L or -C option to know the login"); + if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) + || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) + bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); + if ((hydra_options.bfg) + && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) + || (hydra_options.colonfile != NULL))) + bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); + if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 + && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { + // test if the service is smtp-enum as it could be used either with a login+pass or only a login + if (strstr(hydra_options.service, "smtp-enum") != NULL) + hydra_options.pass = empty_login; + else + bail("I need at least the -e, -p, -P or -x option to have some passwords!"); + } + if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { + fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); + exit(-1); + } + if (hydra_options.max_use > MAXTASKS) { + fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.max_use = MAXTASKS; + } + + // script kiddie patch + if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) + fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); + + if (hydra_options.colonfile == NULL) { + if (hydra_options.loginfile != NULL) { + if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile); + exit(-1); + } + hydra_brains.countlogin = countlines(lfp, 0); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) { + fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile); + exit(-1); + } + if (hydra_brains.countlogin > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + if (login_ptr == NULL) + bail("Could not allocate enough memory for login file data"); + memset(login_ptr, 0, hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fill_mem(login_ptr, lfp, 0); + } else { + login_ptr = hydra_options.login; + hydra_brains.sizelogin = strlen(hydra_options.login) + 1; + hydra_brains.countlogin = 1; + } + if (hydra_options.passfile != NULL) { + if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile); + exit(-1); + } + hydra_brains.countpass = countlines(pfp, 0); + hydra_brains.sizepass = size_of_data; + if (hydra_brains.countpass == 0) { + fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile); + exit(-1); + } + if (hydra_brains.countpass > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); + exit(-1); + } + if (hydra_brains.sizepass > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); + exit(-1); + } + pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + if (pass_ptr == NULL) + bail("Could not allocate enough memory for password file data"); + memset(pass_ptr, 0, hydra_brains.sizepass + hydra_brains.countpass + 8); + fill_mem(pass_ptr, pfp, 0); + } else { + if (hydra_options.pass != NULL) { + pass_ptr = hydra_options.pass; + hydra_brains.countpass = 1; + hydra_brains.sizepass = strlen(hydra_options.pass) + 1; + } else { + if (hydra_options.bfg) { +#ifdef HAVE_MATH_H + if (bf_init(bf_options.arg)) + exit(-1); // error description is handled by bf_init + pass_ptr = bf_next(); + hydra_brains.countpass += bf_get_pcount(); + hydra_brains.sizepass += BF_BUFLEN; +#else + sleep(1); +#endif + } else { + pass_ptr = hydra_options.pass = empty_login; + hydra_brains.countpass = 0; + hydra_brains.sizepass = 1; + } + } + } + } else { + if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile); + exit(-1); + } + hydra_brains.countlogin = countlines(cfp, 1); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) { + fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile); + exit(-1); + } + if (hydra_brains.countlogin > MAX_LINES / 2) { + fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES / 2) { + fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + if (csv_ptr == NULL) + bail("Could not allocate enough memory for colon file data"); + memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + fill_mem(csv_ptr, cfp, 1); + //printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); + //hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); + hydra_brains.countpass = 1; + pass_ptr = login_ptr = csv_ptr; + while (*pass_ptr != 0) + pass_ptr++; + pass_ptr++; + } + + hydra_brains.countpass += hydra_options.try_password_reverse_login + hydra_options.try_password_same_as_login + hydra_options.try_null_password; + if ((memcheck = malloc(102400)) == NULL) { + fprintf(stderr, "[ERROR] your wordlist is too large, not enough memory!\n"); + exit(-1); + } + free(memcheck); + if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { + fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); + sleep(10); + fclose(rfp); + } + + if (hydra_options.infile_ptr != NULL) { + if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr); + exit(-1); + } + hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); + if (countinfile == 0) { + fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr); + exit(-1); + } + // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); + hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + sizeinfile = size_of_data; + if (countinfile > MAX_LINES / 1000) { + fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); + exit(-1); + } + if (sizeinfile > MAX_BYTES / 1000) { + fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); + exit(-1); + } + if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) + bail("Could not allocate enough memory for target file data"); + memset(servers_ptr, 0, sizeinfile + countservers + 8); + fill_mem(servers_ptr, ifp, 0); + sizeservers = sizeinfile; + tmpptr = servers_ptr; + for (i = 0; i < countinfile; i++) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + if (*tmpptr == '[') { + tmpptr++; + hydra_targets[i]->target = tmpptr; + if ((tmpptr2 = index(tmpptr, ']')) != NULL) { + *tmpptr2++ = 0; + tmpptr = tmpptr2; + } + } else + hydra_targets[i]->target = tmpptr; + if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { + *tmpptr2++ = 0; + tmpptr = tmpptr2; + hydra_targets[i]->port = atoi(tmpptr2); + if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) + hydra_targets[i]->port = 0; + } + if (hydra_targets[i]->port == 0) + hydra_targets[i]->port = hydra_options.port; + while (*tmpptr != 0) + tmpptr++; + tmpptr++; + } + } else if (index(hydra_options.server, '/') != NULL) { + /* CIDR notation on command line, e.g. 192.168.0.0/24 */ + unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; + in_addr_t addr4; + struct sockaddr_in target; + + hydra_options.cidr = 1; + do_retry = 0; + if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { + fprintf(stderr, "Error: can not allocate memory\n"); + exit(-1); + } + strcpy(tmpptr, hydra_options.server); + tmpptr2 = index(tmpptr, '/'); + *tmpptr2++ = 0; + if ((k = atoi(tmpptr2)) < 16 || k > 31) { + fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); + exit(-1); + } + if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { + fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); + exit(-1); + } + free(tmpptr); + l = 1 << (32 - k); + l--; + four_to = (addr4 | l); + l = 0xffffffff - l; + four_from = (addr4 & l); + l = 1 << (32 - k); + hydra_brains.targets = countservers = l; + hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + i = 0; + addr_cur = four_from; + while (addr_cur <= four_to && i < l) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + addr_cur2 = htonl(addr_cur); + memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); + hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); + hydra_targets[i]->port = hydra_options.port; + addr_cur++; + i++; + } + if (verbose) + printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); + printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); + } else { // standard: single target on command line + countservers = hydra_brains.targets = 1; + hydra_targets = malloc(sizeof(int) * 4); + hydra_targets[0] = malloc(sizeof(hydra_target)); + memset(hydra_targets[0], 0, sizeof(hydra_target)); + hydra_targets[0]->target = servers_ptr = hydra_options.server; + hydra_targets[0]->port = hydra_options.port; + sizeservers = strlen(hydra_options.server) + 1; + } + for (i = 0; i < hydra_brains.targets; i++) { + hydra_targets[i]->login_ptr = login_ptr; + hydra_targets[i]->pass_ptr = pass_ptr; + if (hydra_options.loop_mode) { + if (hydra_options.try_password_same_as_login) + hydra_targets[i]->pass_state = 0; + else if (hydra_options.try_null_password) { + hydra_targets[i]->pass_ptr = empty_login; + hydra_targets[i]->pass_state = 1; + } else if (hydra_options.try_password_reverse_login) + hydra_targets[i]->pass_state = 2; + else + hydra_targets[i]->pass_state = 3; + } + } + } // END OF restore == 0 + + if (getenv("HYDRA_PROXY") && use_proxy == 0) { + printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); + use_proxy = 2; } - - usleep(USLEEP_LOOP); - (void) wait3(NULL, WNOHANG, NULL); - // write restore file and report status - if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { - hydra_restore_write(0); - elapsed_restore = time(NULL); + if (use_proxy == 1) + proxy_string = getenv("HYDRA_PROXY_HTTP"); + if (use_proxy == 2) + proxy_string = getenv("HYDRA_PROXY"); + if (proxy_string != NULL && proxy_string[0] != 0) { + if (strstr(proxy_string, "//") != NULL) { + char *dslash = strstr(proxy_string, "://"); + + if (dslash) { + proxy_string[dslash - proxy_string] = 0; + strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1); + proxy_string_type[sizeof(proxy_string_type) - 1] = 0; + } + + proxy_string = dslash; + proxy_string += 3; + } + if (proxy_string[strlen(proxy_string) - 1] == '/') + proxy_string[strlen(proxy_string) - 1] = 0; + if ((tmpptr = index(proxy_string, ':')) == NULL) + use_proxy = 0; + else { + *tmpptr = 0; + tmpptr++; + memset(&hints, 0, sizeof hints); + if ((device = index(proxy_string, '%')) != NULL) + *device++ = 0; + if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { + fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } + freeaddrinfo(res); +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + proxy_string_ip[0] = 16; + memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(proxy_string_ip + 17, device); + if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); + exit(-1); + } + } + } else +#endif + if (ipv4 != NULL) { + proxy_string_ip[0] = 4; + memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); + } else { + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } + } + proxy_string_port = atoi(tmpptr); + } + if (use_proxy == 0) + fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); + } else + use_proxy = 0; + if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { + if (index(tmpptr, ':') == NULL) { + fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); + } else { + proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); + strcpy(proxy_authentication, tmpptr); + if (hydra_strcasestr(proxy_string_type, "socks") == NULL) + hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); + } } - - if (time(NULL) - elapsed_status > status_print) { - elapsed_status = time(NULL); - tmp_time = elapsed_status - starttime; - if (tmp_time < 1) - tmp_time = 1; - tmp_time = hydra_brains.sent / tmp_time; - if (tmp_time < 1) - tmp_time = 1; - if (status_print < 15 * 59) - status_print = ((status_print + 1) * 2) - 1; - if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) - status_print = 299; - if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) - status_print = 59; - k = 0; - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0) - k++; - printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min - hydra_brains.sent, // tries - (long unsigned int) ((elapsed_status - starttime) / 3600), // hours - (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes - hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo - (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) / 3600, // hours - (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) % 3600) / 60) + 1, // min - k); - hydra_debug(0, "STATUS"); + + if (hydra_options.restore == 0) { + if ((strcmp(hydra_options.service, "rsh") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) + math2 = hydra_brains.countlogin; + else + math2 = hydra_brains.countlogin * hydra_brains.countpass; + +#ifdef HAVE_MATH_H + if (hydra_options.bfg) { + math2 = hydra_brains.countlogin * bf_get_pcount(); + } +#endif + + hydra_brains.todo = math2; + math2 = math2 * hydra_brains.targets; + hydra_brains.todo_all = math2; + if (hydra_brains.todo_all == 0) + bail("No login/password combination given!"); + if (hydra_brains.todo < hydra_options.tasks) { + if (verbose && hydra_options.tasks != TASKS) + printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); + hydra_options.tasks = hydra_brains.todo; + } } - - exit_condition = hydra_check_for_exit_condition(); - } - process_restore = 0; - if (debug) - printf("[DEBUG] while loop left with %d\n", exit_condition); - - j = k = error = 0; - for (i = 0; i < hydra_brains.targets; i++) - switch (hydra_targets[i]->done) { - case 3: - k++; - break; - case 2: - if (hydra_targets[i]->ok == 0) - k++; - else - error++; - break; - case 1: - break; - case 0: - if (hydra_targets[i]->ok == 0) - k++; - else - j++; - break; - default: - error++; - fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); + if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T + if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) + hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + if (hydra_options.max_use > MAXTASKS) + hydra_options.max_use = MAXTASKS; + } + if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { + if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) + hydra_options.tasks = 1; + //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); + } else { + if (hydra_options.tasks > MAXTASKS) { + //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.tasks = MAXTASKS; + } + } + // hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + // if (hydra_options.max_use > MAXTASKS) + // hydra_options.max_use = MAXTASKS; + math2 = (hydra_brains.todo / hydra_options.tasks); + if (hydra_brains.todo % hydra_options.tasks) + math2++; + math2 = (math2 * hydra_brains.targets) / hydra_options.max_use; + // set options (bits!) + options = 0; + if (hydra_options.ssl) + options = options | OPTION_SSL; + if (hydra_options.colonfile != NULL) + printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, + math2 == 1 ? "y" : "ies"); + else + printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", + (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); + + printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); + + if (hydra_options.outfile_ptr != NULL) { + if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { + perror("[ERROR] Error creating outputfile"); + exit(-1); + } + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), + hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + for (i = 1; i < argc; i++) + fprintf(hydra_brains.ofp, " %s", argv[i]); + fprintf(hydra_brains.ofp, ")\n"); + } + // we have to flush all writeable buffered file pointers before forking + // set appropriate signals for mother + signal(SIGCHLD, killed_childs); + if (debug == 0) + signal(SIGTERM, kill_children); + if (debug == 0) { +#ifdef SIGBUS + signal(SIGBUS, kill_children); +#endif + signal(SIGSEGV, kill_children); + } + signal(SIGHUP, kill_children); + signal(SIGINT, kill_children); + signal(SIGPIPE, SIG_IGN); + if (verbose) + printf("[VERBOSE] Resolving addresses ... "); + if (debug) + printf("\n"); + for (i = 0; i < hydra_brains.targets; i++) { + if (debug) + printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); + memset(&hints, 0, sizeof(hints)); + ipv4 = NULL; +#ifdef AF_INET6 + ipv6 = NULL; + if ((device = index(hydra_targets[i]->target, '%')) != NULL) + *device++ = 0; +#endif + if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { + if (use_proxy == 0) { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + // IPV6 FIXME + if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { + fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", + hydra_targets[i]->target, hydra_options.service); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } else { + hydra_targets[i]->ip[0] = 16; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(&hydra_targets[i]->ip[17], device); + if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", + hydra_targets[i]->target); + exit(-1); + } + } + } + } else +#endif + if (ipv4 != NULL) { + hydra_targets[i]->ip[0] = 4; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); + } else { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + freeaddrinfo(res); + } + } + if (verbose) + printf("done\n"); + if (hydra_brains.targets == 0) + bail("No server to scan!"); + +#ifndef SO_BINDTODEVICE + if (device != NULL) { + fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); + } +#endif + + if (hydra_options.restore == 0) { + hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); + target_no = 0; + for (i = 0; i < hydra_options.max_use; i++) { + hydra_heads[i] = malloc(sizeof(hydra_head)); + memset(hydra_heads[i], 0, sizeof(hydra_head)); + } + } + // here we call the init function of the relevant service module + // should we do the init centrally or should each child do that? + // that depends largely on the number of targets and maximum tasks + // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) + for (i = 0; i < hydra_brains.targets; i++) + hydra_service_init(i); + + starttime = elapsed_status = elapsed_restore = time(NULL); + fflush(stdout); + fflush(stderr); + fflush(hydra_brains.ofp); + + hydra_debug(0, "attack"); + process_restore = 1; + + // this is the big function which starts the attacking children, feeds login/password pairs, etc.! + while (exit_condition == 0) { + FD_ZERO(&fdreadheads); + for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { + if (hydra_heads[head_no]->active > 0) { + FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); + if (max_fd < hydra_heads[head_no]->sp[0]) + max_fd = hydra_heads[head_no]->sp[0]; + } + } + my_select(max_fd + 1, &fdreadheads, NULL, NULL, 0, 200000); + tmp_time = time(NULL); + + for (head_no = 0; head_no < hydra_options.max_use; head_no++) { + if (debug && hydra_heads[head_no]->active != -1) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); + switch (hydra_heads[head_no]->active) { + case -1: + // disabled head, ignored + break; + case 0: + if (hydra_heads[head_no]->redo) { + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); + } else { + if (hydra_brains.targets > hydra_brains.finished) + hydra_heads[head_no]->target_no = hydra_select_target(); + else + hydra_heads[head_no]->target_no = -1; + if (debug) + printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); + if (hydra_heads[head_no]->target_no < 0) { + if (debug) printf("[DEBUG] hydra_select_target() reports no more targets left\n"); + hydra_kill_head(head_no, 0, 3); + } else + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 + } + break; + case 1: + if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { + readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); + if (readres > 0) { + FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); + hydra_heads[head_no]->last_seen = tmp_time; + if (debug) + printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); + switch (rc) { + // Valid Results: + // n - mother says to itself that child requests next login/password pair + // N - child requests next login/password pair + // Q - child reports that it is quitting + // C - child reports connect error (and is quitting) + // E - child reports protocol error (and is quitting) + // f - child reports that the username does not exist + // F - child reports that it found a valid login/password pair + // and requests next pair. Sends login/pw pair with next msg! + case 'N': // head wants next pair + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + // no break here + case 'n': // mother sends this to itself initially + loop_cnt = 0; + if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) + hydra_kill_head(head_no, 1, 0); + break; + + case 'F': // valid password found + hydra_brains.found++; + if (colored_output) { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); + else + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } else { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); + else + printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } + if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); + else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } + if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found + if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { + hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); + } + if (hydra_options.exit_found == 2) { + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == 0) { + hydra_targets[j]->done = 1; + hydra_brains.finished++; + } + } + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { + if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) + hydra_kill_head(j, 1, 0); // kill all heads working on the target + else + hydra_kill_head(j, 1, 2); // kill all heads working on the target + } + continue; + } + // fall through + case 'f': // username identified as invalid + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + memset(buf, 0, sizeof(buf)); + read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); + hydra_skip_user(hydra_heads[head_no]->target_no, buf); + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack + break; + + // we do not make a difference between 'C' and 'E' results - yet + case 'E': // head reports protocol error + case 'C': // head reports connect error + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) { + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + } + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + break; + + case 'Q': // head reports its quitting + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) + printf("[DEBUG] child %d reported it quit\n", head_no); + hydra_kill_head(head_no, 1, 0); + break; + + default: + fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + if (readres == -1) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } else { + if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { + // check if recover of timed-out head is necessary + if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { + if (kill(hydra_heads[head_no]->pid, 0) < 0) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + // if we do not get to hear anything for a longer time assume its dead + if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { + if (verbose) + fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + } + break; + default: + fprintf(stderr, "[ERROR] child %d in unknown state, restarting!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + + usleep(USLEEP_LOOP); + (void) wait3(NULL, WNOHANG, NULL); + // write restore file and report status + if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { + hydra_restore_write(0); + elapsed_restore = time(NULL); + } + + if (time(NULL) - elapsed_status > status_print) { + elapsed_status = time(NULL); + tmp_time = elapsed_status - starttime; + if (tmp_time < 1) + tmp_time = 1; + tmp_time = hydra_brains.sent / tmp_time; + if (tmp_time < 1) + tmp_time = 1; + if (status_print < 15 * 59) + status_print = ((status_print + 1) * 2) - 1; + if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) + status_print = 299; + if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) + status_print = 59; + k = 0; + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0) + k++; + printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + hydra_brains.sent, // tries + (long unsigned int) ((elapsed_status - starttime) / 3600), // hours + (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes + hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo + (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) / 3600, // hours + (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) % 3600) / 60) + 1, // min + k); + hydra_debug(0, "STATUS"); + } + + exit_condition = hydra_check_for_exit_condition(); } - - if (debug) printf("[DEBUG] killing all remaining childs now that might be stuck\n"); - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) - hydra_kill_head(i, 1, 3); - (void) wait3(NULL, WNOHANG, NULL); - - printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", - hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); - if (error == 0 && j == 0) { process_restore = 0; - unlink(RESTOREFILE); - } else { - if (hydra_options.cidr == 0) { - printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); - hydra_restore_write(1); + if (debug) + printf("[DEBUG] while loop left with %d\n", exit_condition); + + j = k = error = 0; + for (i = 0; i < hydra_brains.targets; i++) + switch (hydra_targets[i]->done) { + case 3: + k++; + break; + case 2: + if (hydra_targets[i]->ok == 0) + k++; + else + error++; + break; + case 1: + break; + case 0: + if (hydra_targets[i]->ok == 0) + k++; + else + j++; + break; + default: + error++; + fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); + } + + if (debug) printf("[DEBUG] killing all remaining childs now that might be stuck\n"); + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) + hydra_kill_head(i, 1, 3); + (void) wait3(NULL, WNOHANG, NULL); + + printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", + hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); + if (error == 0 && j == 0) { + process_restore = 0; + unlink(RESTOREFILE); + } else { + if (hydra_options.cidr == 0) { + printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + hydra_restore_write(1); + } } - } - if (error) { - fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); - error = 1; - } - if (k) { - fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); - error = 1; - } - if (j) { - fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); - error = 1; - } - // yeah we did it - printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); - if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) - fclose(hydra_brains.ofp); - - fflush(NULL); - if (error || j || exit_condition < 0) - return -1; - else - return 0; + if (error) { + fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); + error = 1; + } + if (k) { + fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); + error = 1; + } + if (j) { + fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); + error = 1; + } + // yeah we did it + printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) + fclose(hydra_brains.ofp); + + fflush(NULL); + if (error || j || exit_condition < 0) + return -1; + else + return 0; } diff --git a/hydra.h b/hydra.h index af95552..7c51717 100644 --- a/hydra.h +++ b/hydra.h @@ -118,6 +118,8 @@ #define PORT_S7_300_SSL 102 #define PORT_REDIS 6379 #define PORT_REDIS_SSL 6379 +#define PORT_RTSP 554 +#define PORT_RTSP_SSL 554 #define False 0 #define True 1 diff --git a/sasl.c b/sasl.c index 43e142d..173dbe8 100644 --- a/sasl.c +++ b/sasl.c @@ -1,718 +1,614 @@ #include "sasl.h" - -/* - +/* print_hex is used for debug it displays the string buf hexa values of size len - */ int print_hex(unsigned char *buf, int len) { - int i; - int n; - - for (i = 0, n = 0; i < len; i++) { - if (n > 7) { - printf("\n"); - n = 0; - } - printf("0x%02x, ", buf[i]); - n++; - } - printf("\n"); - - return (0); +int i; +int n; +for (i = 0, n = 0; i < len; i++) { +if (n > 7) { +printf("\n"); +n = 0; +} +printf("0x%02x, ", buf[i]); +n++; +} +printf("\n"); +return (0); } - /* - RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords code based on gsasl_saslprep from GSASL project - */ - int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { #if LIBIDN - int rc; - - rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); - - if (rc != STRINGPREP_OK) { - *out = NULL; - return -1; - } -#if defined HAVE_PR29_H - if (pr29_8z(*out) != PR29_SUCCESS) { - free(*out); - *out = NULL; - return -1; - } -#endif - -#else - size_t i, inlen = strlen(in); - - for (i = 0; i < inlen; i++) { - if (in[i] & 0x80) { - *out = NULL; - hydra_report(stderr, "Error: Can't convert UTF-8, you should install libidn\n"); - return -1; - } - } - *out = malloc(inlen + 1); - if (!*out) { - hydra_report(stderr, "Error: Can't allocate memory\n"); - return -1; - } - strcpy(*out, in); -#endif - return 0; +int rc; +rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); +if (rc != STRINGPREP_OK) { +*out = NULL; +return -1; +} +#if defined HAVE_PR29_H +if (pr29_8z(*out) != PR29_SUCCESS) { +free(*out); +*out = NULL; +return -1; +} +#endif +#else +size_t i, inlen = strlen(in); +for (i = 0; i < inlen; i++) { +if (in[i] & 0x80) { +*out = NULL; +hydra_report(stderr, "Error: Can't convert UTF-8, you should install libidn\n"); +return -1; +} +} +*out = malloc(inlen + 1); +if (!*out) { +hydra_report(stderr, "Error: Can't allocate memory\n"); +return -1; +} +strcpy(*out, in); +#endif +return 0; } - - /* - RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism - sasl_plain computes the plain authentication from strings login and password and stored the value in variable result - the first parameter result must be able to hold at least 255 bytes! - */ - void sasl_plain(char *result, char *login, char *pass) { - char *preplogin; - char *preppasswd; - - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - if (rc) { - result = NULL; - return; - } - - rc = sasl_saslprep(pass, 0, &preppasswd); - if (rc) { - free(preplogin); - result = NULL; - return; - } - - if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { - strcpy(result, preplogin); - strcpy(result + strlen(preplogin) + 1, preplogin); - strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); - hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); - } - free(preplogin); - free(preppasswd); +char *preplogin; +char *preppasswd; +int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); +if (rc) { +result = NULL; +return; +} +rc = sasl_saslprep(pass, 0, &preppasswd); +if (rc) { +free(preplogin); +result = NULL; +return; +} +if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { +strcpy(result, preplogin); +strcpy(result + strlen(preplogin) + 1, preplogin); +strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); +hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); +} +free(preplogin); +free(preppasswd); } - #ifdef LIBOPENSSL - /* - RFC 2195: IMAP/POP AUTHorize Extension for Simple Challenge/Response - sasl_cram_md5 computes the cram-md5 authentication from password string and the challenge sent by the server, and stored the value in variable result - the parameter result must be able to hold at least 100 bytes! - */ - void sasl_cram_md5(char *result, char *pass, char *challenge) { - char ipad[64]; - char opad[64]; - unsigned char md5_raw[MD5_DIGEST_LENGTH]; - MD5_CTX md5c; - int i, rc; - char *preppasswd; - - if (challenge == NULL) { - result = NULL; - return; - } - - rc = sasl_saslprep(pass, 0, &preppasswd); - if (rc) { - result = NULL; - return; - } - - memset(ipad, 0, sizeof(ipad)); - memset(opad, 0, sizeof(opad)); - - if (strlen(preppasswd) >= 64) { - MD5_Init(&md5c); - MD5_Update(&md5c, preppasswd, strlen(preppasswd)); - MD5_Final(md5_raw, &md5c); - memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); - memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); - } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe - } - - for (i = 0; i < 64; i++) { - ipad[i] ^= 0x36; - opad[i] ^= 0x5c; - } - MD5_Init(&md5c); - MD5_Update(&md5c, ipad, 64); - MD5_Update(&md5c, challenge, strlen(challenge)); - MD5_Final(md5_raw, &md5c); - - MD5_Init(&md5c); - MD5_Update(&md5c, opad, 64); - MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); - MD5_Final(md5_raw, &md5c); - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(result, "%02x", md5_raw[i]); - result += 2; - } - free(preppasswd); +char ipad[64]; +char opad[64]; +unsigned char md5_raw[MD5_DIGEST_LENGTH]; +MD5_CTX md5c; +int i, rc; +char *preppasswd; +if (challenge == NULL) { +result = NULL; +return; +} +rc = sasl_saslprep(pass, 0, &preppasswd); +if (rc) { +result = NULL; +return; +} +memset(ipad, 0, sizeof(ipad)); +memset(opad, 0, sizeof(opad)); +if (strlen(preppasswd) >= 64) { +MD5_Init(&md5c); +MD5_Update(&md5c, preppasswd, strlen(preppasswd)); +MD5_Final(md5_raw, &md5c); +memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); +memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); +} else { +strcpy(ipad, preppasswd); // safe +strcpy(opad, preppasswd); // safe +} +for (i = 0; i < 64; i++) { +ipad[i] ^= 0x36; +opad[i] ^= 0x5c; +} +MD5_Init(&md5c); +MD5_Update(&md5c, ipad, 64); +MD5_Update(&md5c, challenge, strlen(challenge)); +MD5_Final(md5_raw, &md5c); +MD5_Init(&md5c); +MD5_Update(&md5c, opad, 64); +MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); +MD5_Final(md5_raw, &md5c); +for (i = 0; i < MD5_DIGEST_LENGTH; i++) { +sprintf(result, "%02x", md5_raw[i]); +result += 2; +} +free(preppasswd); } - /* - sasl_cram_sha1 computes the cram-sha1 authentication from password string and the challenge sent by the server, and stored the value in variable result - the parameter result must be able to hold at least 100 bytes! - */ void sasl_cram_sha1(char *result, char *pass, char *challenge) { - char ipad[64]; - char opad[64]; - unsigned char sha1_raw[SHA_DIGEST_LENGTH]; - SHA_CTX shac; - int i, rc; - char *preppasswd; - - if (challenge == NULL) { - result = NULL; - return; - } - - rc = sasl_saslprep(pass, 0, &preppasswd); - if (rc) { - result = NULL; - return; - } - - memset(ipad, 0, sizeof(ipad)); - memset(opad, 0, sizeof(opad)); - - if (strlen(preppasswd) >= 64) { - SHA1_Init(&shac); - SHA1_Update(&shac, preppasswd, strlen(preppasswd)); - SHA1_Final(sha1_raw, &shac); - memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); - memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); - } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe - } - - for (i = 0; i < 64; i++) { - ipad[i] ^= 0x36; - opad[i] ^= 0x5c; - } - - SHA1_Init(&shac); - SHA1_Update(&shac, ipad, 64); - SHA1_Update(&shac, challenge, strlen(challenge)); - SHA1_Final(sha1_raw, &shac); - - SHA1_Init(&shac); - SHA1_Update(&shac, opad, 64); - SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); - SHA1_Final(sha1_raw, &shac); - - for (i = 0; i < SHA_DIGEST_LENGTH; i++) { - sprintf(result, "%02x", sha1_raw[i]); - result += 2; - } - free(preppasswd); +char ipad[64]; +char opad[64]; +unsigned char sha1_raw[SHA_DIGEST_LENGTH]; +SHA_CTX shac; +int i, rc; +char *preppasswd; +if (challenge == NULL) { +result = NULL; +return; +} +rc = sasl_saslprep(pass, 0, &preppasswd); +if (rc) { +result = NULL; +return; +} +memset(ipad, 0, sizeof(ipad)); +memset(opad, 0, sizeof(opad)); +if (strlen(preppasswd) >= 64) { +SHA1_Init(&shac); +SHA1_Update(&shac, preppasswd, strlen(preppasswd)); +SHA1_Final(sha1_raw, &shac); +memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); +memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); +} else { +strcpy(ipad, preppasswd); // safe +strcpy(opad, preppasswd); // safe +} +for (i = 0; i < 64; i++) { +ipad[i] ^= 0x36; +opad[i] ^= 0x5c; +} +SHA1_Init(&shac); +SHA1_Update(&shac, ipad, 64); +SHA1_Update(&shac, challenge, strlen(challenge)); +SHA1_Final(sha1_raw, &shac); +SHA1_Init(&shac); +SHA1_Update(&shac, opad, 64); +SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); +SHA1_Final(sha1_raw, &shac); +for (i = 0; i < SHA_DIGEST_LENGTH; i++) { +sprintf(result, "%02x", sha1_raw[i]); +result += 2; +} +free(preppasswd); } - /* - sasl_cram_sha256 computes the cram-sha256 authentication from password string and the challenge sent by the server, and stored the value in variable result - the parameter result must be able to hold at least 100 bytes! - */ void sasl_cram_sha256(char *result, char *pass, char *challenge) { - char ipad[64]; - char opad[64]; - unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; - SHA256_CTX sha256c; - int i, rc; - char *preppasswd; - - if (challenge == NULL) { - result = NULL; - return; - } - - memset(ipad, 0, sizeof(ipad)); - memset(opad, 0, sizeof(opad)); - - rc = sasl_saslprep(pass, 0, &preppasswd); - if (rc) { - result = NULL; - return; - } - - if (strlen(preppasswd) >= 64) { - SHA256_Init(&sha256c); - SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); - SHA256_Final(sha256_raw, &sha256c); - memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); - memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); - } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe - } - - for (i = 0; i < 64; i++) { - ipad[i] ^= 0x36; - opad[i] ^= 0x5c; - } - - SHA256_Init(&sha256c); - SHA256_Update(&sha256c, ipad, 64); - SHA256_Update(&sha256c, challenge, strlen(challenge)); - SHA256_Final(sha256_raw, &sha256c); - - SHA256_Init(&sha256c); - SHA256_Update(&sha256c, opad, 64); - SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); - SHA256_Final(sha256_raw, &sha256c); - - for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { - sprintf(result, "%02x", sha256_raw[i]); - result += 2; - } - free(preppasswd); +char ipad[64]; +char opad[64]; +unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; +SHA256_CTX sha256c; +int i, rc; +char *preppasswd; +if (challenge == NULL) { +result = NULL; +return; +} +memset(ipad, 0, sizeof(ipad)); +memset(opad, 0, sizeof(opad)); +rc = sasl_saslprep(pass, 0, &preppasswd); +if (rc) { +result = NULL; +return; +} +if (strlen(preppasswd) >= 64) { +SHA256_Init(&sha256c); +SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); +SHA256_Final(sha256_raw, &sha256c); +memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); +memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); +} else { +strcpy(ipad, preppasswd); // safe +strcpy(opad, preppasswd); // safe +} +for (i = 0; i < 64; i++) { +ipad[i] ^= 0x36; +opad[i] ^= 0x5c; +} +SHA256_Init(&sha256c); +SHA256_Update(&sha256c, ipad, 64); +SHA256_Update(&sha256c, challenge, strlen(challenge)); +SHA256_Final(sha256_raw, &sha256c); +SHA256_Init(&sha256c); +SHA256_Update(&sha256c, opad, 64); +SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); +SHA256_Final(sha256_raw, &sha256c); +for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { +sprintf(result, "%02x", sha256_raw[i]); +result += 2; +} +free(preppasswd); } - /* - RFC 2831: Using Digest Authentication as a SASL Mechanism - the parameter result must be able to hold at least 500 bytes!! - */ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) { - char *pbuffer = NULL; - int array_size = 10; - unsigned char response[MD5_DIGEST_LENGTH]; - char *array[array_size]; - char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; - int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; - MD5_CTX md5c; - char *preplogin; - char *preppasswd; - - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - memset(realm, 0, sizeof(realm)); - - if (rc) { - result = NULL; - return; - } - - rc = sasl_saslprep(pass, 0, &preppasswd); - if (rc) { - free(preplogin); - result = NULL; - return; - } - //DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess - //DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess - //warning some not well configured xmpp server is sending no realm - //DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess - - pbuffer = buffer; - do { - currentpos++; - if (pbuffer[0] == '"') { - if (intq == 0) - intq = 1; - else { - intq = 0; - } - } - if ((pbuffer[0] == ',') && (intq == 0)) { - array[ind] = malloc(currentpos); - strncpy(array[ind], buffer + lastpos, currentpos - 1); - array[ind][currentpos - 1] = '\0'; - ind++; - lastpos += currentpos; - currentpos = 0; - } - pbuffer++; - } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); - - //save the latest one - if (ind < array_size) { - array[ind] = malloc(currentpos + 1); - strncpy(array[ind], buffer + lastpos, currentpos); - array[ind][currentpos] = '\0'; - ind++; - } - - for (i = 0; i < ind; i++) { - //removing space chars between comma separated value if any - while ((array[i] != NULL) && (array[i][0] == ' ')) { - char *tmp = strdup(array[i]); - - memset(array[i], 0, sizeof(array[i])); - strcpy(array[i], tmp + 1); - free(tmp); - } - if (strstr(array[i], "nonce=") != NULL) { - //check if it contains double-quote - if (strstr(array[i], "\"") != NULL) { - //assume last char is also a double-quote - int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; - - if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { - strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); - nonce[nonce_string_len] = '\0'; - } else { - int j; - - for (j = 0; j < ind; j++) - if (array[j] != NULL) - free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); - result = NULL; - return; - } - } else { - strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); - nonce[sizeof(nonce) - 1] = '\0'; - } - } - if (strstr(array[i], "realm=") != NULL) { - if (strstr(array[i], "\"") != NULL) { - //assume last char is also a double-quote - int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; - - if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { - strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); - realm[realm_string_len] = '\0'; - } else { - int i; - - for (i = 0; i < ind; i++) - if (array[i] != NULL) - free(array[i]); - hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); - result = NULL; - return; - } - } else { - strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); - realm[sizeof(realm) - 1] = '\0'; - } - } - if (strstr(array[i], "qop=") != NULL) { - /* - The value "auth" indicates authentication; the value "auth-int" indicates - authentication with integrity protection; the value "auth-conf" - indicates authentication with integrity protection and encryption. - */ - auth_find = 1; - if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { - int j; - - for (j = 0; j < ind; j++) - if (array[j] != NULL) - free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); - result = NULL; - return; - } - } - if (strstr(array[i], "algorithm=") != NULL) { - if (strstr(array[i], "\"") != NULL) { - //assume last char is also a double-quote - int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; - - if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { - strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); - algo[algo_string_len] = '\0'; - } else { - int j; - - for (j = 0; j < ind; j++) - if (array[j] != NULL) - free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); - result = NULL; - return; - } - } else { - strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); - algo[sizeof(algo) - 1] = '\0'; - } - if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { - int j; - - for (j = 0; j < ind; j++) - if (array[j] != NULL) - free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); - result = NULL; - return; - } - } - free(array[i]); - array[i] = NULL; - } - - if (!strlen(algo)) { - //assuming by default algo is MD5 - memset(algo, 0, sizeof(algo)); - strcpy(algo, "MD5"); - } - //xmpp case, some xmpp server is not sending the realm so we have to set it up - if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) - snprintf(realm, sizeof(realm), "%s", miscptr); - - //compute ha1 - //support for algo = MD5 - snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); - - MD5_Init(&md5c); - MD5_Update(&md5c, buffer, strlen(buffer)); - MD5_Final(response, &md5c); - - //for MD5-sess - if (strstr(algo, "5-sess") != NULL) { - buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! - - /* per RFC 2617 Errata ID 1649 */ - if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { - memset(buffer3, 0, sizeof(buffer3)); - pbuffer = buffer3; - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(pbuffer, "%02x", response[i]); - pbuffer += 2; - } - sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); - } else { - memcpy(buffer, response, sizeof(response)); - sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); - } - - MD5_Init(&md5c); - MD5_Update(&md5c, buffer, strlen(buffer)); - MD5_Final(response, &md5c); - } - memset(buffer3, 0, sizeof(buffer3)); - pbuffer = buffer3; - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(pbuffer, "%02x", response[i]); - pbuffer += 2; - } - - //compute ha2 - //proxy case - if (strstr(type, "proxy") != NULL) - sprintf(buffer, "%s:%s", "HEAD", miscptr); - else - //http case - if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) - sprintf(buffer, "%s:%s", type, miscptr); - else - //sip case - if (strstr(type, "sip") != NULL) - sprintf(buffer, "REGISTER:%s:%s", type, miscptr); - else - //others - sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); - - MD5_Init(&md5c); - MD5_Update(&md5c, buffer, strlen(buffer)); - MD5_Final(response, &md5c); - - pbuffer = buffer2; - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(pbuffer, "%02x", response[i]); - pbuffer += 2; - } - - //compute response - if (!auth_find) - snprintf(buffer, 500, "%s:%s", nonce, buffer2); - else - snprintf(buffer, 500, "%s:%s:%s:%s:%s", nonce, "00000001", "hydra", "auth", buffer2); - MD5_Init(&md5c); - MD5_Update(&md5c, buffer3, strlen(buffer3)); - MD5_Update(&md5c, ":", 1); - MD5_Update(&md5c, buffer, strlen(buffer)); - MD5_Final(response, &md5c); - - pbuffer = buffer; - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(pbuffer, "%02x", response[i]); - pbuffer += 2; - } - - //create the auth response - if (strstr(type, "proxy") != NULL) { - snprintf(result, 500, - "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); - } else { - if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || - (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, - nonce, algo, type, realm, buffer); - } else { - if (strstr(type, "sip") != NULL) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); - } else { - if (use_proxy == 1 && proxy_authentication != NULL) - snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); - else { - if (use_proxy == 1) - snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); - else - snprintf(result, 500, - "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); - } - } - } - } - free(preplogin); - free(preppasswd); +char *pbuffer = NULL; +int array_size = 10; +unsigned char response[MD5_DIGEST_LENGTH]; +char *array[array_size]; +char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; +int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; +MD5_CTX md5c; +char *preplogin; +char *preppasswd; +int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); +memset(realm, 0, sizeof(realm)); +if (rc) { +result = NULL; +return; } - - +rc = sasl_saslprep(pass, 0, &preppasswd); +if (rc) { +free(preplogin); +result = NULL; +return; +} +//DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess +//DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess +//warning some not well configured xmpp server is sending no realm +//DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess +pbuffer = buffer; +do { +currentpos++; +if (pbuffer[0] == '"') { +if (intq == 0) +intq = 1; +else { +intq = 0; +} +} +if ((pbuffer[0] == ',') && (intq == 0)) { +array[ind] = malloc(currentpos); +strncpy(array[ind], buffer + lastpos, currentpos - 1); +array[ind][currentpos - 1] = '\0'; +ind++; +lastpos += currentpos; +currentpos = 0; +} +pbuffer++; +} while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); +//save the latest one +if (ind < array_size) { +array[ind] = malloc(currentpos + 1); +strncpy(array[ind], buffer + lastpos, currentpos); +array[ind][currentpos] = '\0'; +ind++; +} +for (i = 0; i < ind; i++) { +//removing space chars between comma separated value if any +while ((array[i] != NULL) && (array[i][0] == ' ')) { +char *tmp = strdup(array[i]); +memset(array[i], 0, sizeof(array[i])); +strcpy(array[i], tmp + 1); +free(tmp); +} +if (strstr(array[i], "nonce=") != NULL) { +//check if it contains double-quote +if (strstr(array[i], "\"") != NULL) { +//assume last char is also a double-quote +int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; +if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { +strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); +nonce[nonce_string_len] = '\0'; +} else { +int j; +for (j = 0; j < ind; j++) +if (array[j] != NULL) +free(array[j]); +hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); +result = NULL; +return; +} +} else { +strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); +nonce[sizeof(nonce) - 1] = '\0'; +} +} +if (strstr(array[i], "realm=") != NULL) { +if (strstr(array[i], "\"") != NULL) { +//assume last char is also a double-quote +int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; +if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { +strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); +realm[realm_string_len] = '\0'; +} else { +int i; +for (i = 0; i < ind; i++) +if (array[i] != NULL) +free(array[i]); +hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); +result = NULL; +return; +} +} else { +strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); +realm[sizeof(realm) - 1] = '\0'; +} +} +if (strstr(array[i], "qop=") != NULL) { /* +The value "auth" indicates authentication; the value "auth-int" indicates +authentication with integrity protection; the value "auth-conf" +indicates authentication with integrity protection and encryption. +*/ +auth_find = 1; +if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { +int j; +for (j = 0; j < ind; j++) +if (array[j] != NULL) +free(array[j]); +hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); +result = NULL; +return; +} +} +if (strstr(array[i], "algorithm=") != NULL) { +if (strstr(array[i], "\"") != NULL) { +//assume last char is also a double-quote +int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; +if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { +strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); +algo[algo_string_len] = '\0'; +} else { +int j; +for (j = 0; j < ind; j++) +if (array[j] != NULL) +free(array[j]); +hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); +result = NULL; +return; +} +} else { +strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); +algo[sizeof(algo) - 1] = '\0'; +} +if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { +int j; +for (j = 0; j < ind; j++) +if (array[j] != NULL) +free(array[j]); +hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); +result = NULL; +return; +} +} +free(array[i]); +array[i] = NULL; +} +if (!strlen(algo)) { +//assuming by default algo is MD5 +memset(algo, 0, sizeof(algo)); +strcpy(algo, "MD5"); +} +//xmpp case, some xmpp server is not sending the realm so we have to set it up +if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) +snprintf(realm, sizeof(realm), "%s", miscptr); +//compute ha1 +//support for algo = MD5 +snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); +MD5_Init(&md5c); +MD5_Update(&md5c, buffer, strlen(buffer)); +MD5_Final(response, &md5c); +//for MD5-sess +if (strstr(algo, "5-sess") != NULL) { +buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! +/* per RFC 2617 Errata ID 1649 */ +if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { +memset(buffer3, 0, sizeof(buffer3)); +pbuffer = buffer3; +for (i = 0; i < MD5_DIGEST_LENGTH; i++) { +sprintf(pbuffer, "%02x", response[i]); +pbuffer += 2; +} +sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); +} else { +memcpy(buffer, response, sizeof(response)); +sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); +} +MD5_Init(&md5c); +MD5_Update(&md5c, buffer, strlen(buffer)); +MD5_Final(response, &md5c); +} +memset(buffer3, 0, sizeof(buffer3)); +pbuffer = buffer3; +for (i = 0; i < MD5_DIGEST_LENGTH; i++) { +sprintf(pbuffer, "%02x", response[i]); +pbuffer += 2; +} +//compute ha2 +//proxy case +if (strstr(type, "proxy") != NULL) +sprintf(buffer, "%s:%s", "HEAD", miscptr); +else +//http case +if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) +sprintf(buffer, "%s:%s", type, miscptr); +else +//sip case +if (strstr(type, "sip") != NULL) +sprintf(buffer, "REGISTER:%s:%s", type, miscptr); +else +//others +if (strstr(type, "rtsp") != NULL) +sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port); +else +//others +sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); +MD5_Init(&md5c); +MD5_Update(&md5c, buffer, strlen(buffer)); +MD5_Final(response, &md5c); +pbuffer = buffer2; +for (i = 0; i < MD5_DIGEST_LENGTH; i++) { +sprintf(pbuffer, "%02x", response[i]); +pbuffer += 2; +} +//compute response +if (!auth_find) +snprintf(buffer, 500, "%s:%s", nonce, buffer2); +else +snprintf(buffer, 500, "%s:%s:%s:%s:%s", nonce, "00000001", "hydra", "auth", buffer2); +MD5_Init(&md5c); +MD5_Update(&md5c, buffer3, strlen(buffer3)); +MD5_Update(&md5c, ":", 1); +MD5_Update(&md5c, buffer, strlen(buffer)); +MD5_Final(response, &md5c); +pbuffer = buffer; +for (i = 0; i < MD5_DIGEST_LENGTH; i++) { +sprintf(pbuffer, "%02x", response[i]); +pbuffer += 2; +} +//create the auth response +if (strstr(type, "proxy") != NULL) { +snprintf(result, 500, +"HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", +miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); +} else { +if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || +(strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { +snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, +nonce, algo, type, realm, buffer); +} else { + if (strstr(type, "sip") != NULL) { +snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); +} else{ +if (strstr(type, "rtsp") != NULL) { +snprintf(result, 500, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s://%s:%i\", response=\"%s\"\r\n", preplogin, realm, nonce, type, webtarget, port, buffer); +} else { +if (use_proxy == 1 && proxy_authentication != NULL) +snprintf(result, 500, +"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", +type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); +else { +if (use_proxy == 1) +snprintf(result, 500, +"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", +type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); +else +snprintf(result, 500, +"%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", +type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); +} +} +} +} +} +free(preplogin); +free(preppasswd); +} +/* RFC 5802: Salted Challenge Response Authentication Mechanism Note: SCRAM is a client-first SASL mechanism - I want to thx Simon Josefsson for his public server test, and my girlfriend that let me work on that 2 whole nights ;) - clientfirstmessagebare must be at least 500 bytes in size! - */ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { - int saltlen = 0; - int iter = 4096; - char *salt, *nonce, *ic; - unsigned int resultlen = 0; - char clientfinalmessagewithoutproof[200]; - char buffer[500]; - unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; - unsigned char ClientKey[SHA_DIGEST_LENGTH]; - unsigned char StoredKey[SHA_DIGEST_LENGTH]; - unsigned char ClientSignature[SHA_DIGEST_LENGTH]; - char AuthMessage[1024]; - char ClientProof[SHA_DIGEST_LENGTH]; - unsigned char clientproof_b64[50]; - char *preppasswd; - - int rc = sasl_saslprep(pass, 0, &preppasswd); - - if (rc) { - result = NULL; - return; - } - - /*client-final-message */ - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); - - //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 - if (strstr(serverfirstmessage, "r=") == NULL) { - hydra_report(stderr, "Error: Can't understand server message\n"); - free(preppasswd); - result = NULL; - return; - } - strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); - buffer[sizeof(buffer) - 1] = '\0'; - nonce = strtok(buffer, ","); - //continue to search from the previous successful call - salt = strtok(NULL, ","); - ic = strtok(NULL, ","); - - iter = atoi(ic + 2); - if (iter == 0) { - hydra_report(stderr, "Error: Can't understand server response\n"); - free(preppasswd); - result = NULL; - return; - } - - if ((nonce != NULL) && (strlen(nonce) > 2)) - snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); - else { - hydra_report(stderr, "Error: Could not identify server nonce value\n"); - free(preppasswd); - result = NULL; - return; - } - - if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) - //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= - strcpy(buffer, salt + 2); - else { - hydra_report(stderr, "Error: Could not identify server salt value\n"); - free(preppasswd); - result = NULL; - return; - } - - /* SaltedPassword := Hi(Normalize(password), salt, i) */ - saltlen = from64tobits((char *) salt, buffer); - - if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { - hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); - free(preppasswd); - result = NULL; - return; - } - - /* ClientKey := HMAC(SaltedPassword, "Client Key") */ +int saltlen = 0; +int iter = 4096; +char *salt, *nonce, *ic; +unsigned int resultlen = 0; +char clientfinalmessagewithoutproof[200]; +char buffer[500]; +unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; +unsigned char ClientKey[SHA_DIGEST_LENGTH]; +unsigned char StoredKey[SHA_DIGEST_LENGTH]; +unsigned char ClientSignature[SHA_DIGEST_LENGTH]; +char AuthMessage[1024]; +char ClientProof[SHA_DIGEST_LENGTH]; +unsigned char clientproof_b64[50]; +char *preppasswd; +int rc = sasl_saslprep(pass, 0, &preppasswd); +if (rc) { +result = NULL; +return; +} +/*client-final-message */ +if (debug) +hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); +//r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 +if (strstr(serverfirstmessage, "r=") == NULL) { +hydra_report(stderr, "Error: Can't understand server message\n"); +free(preppasswd); +result = NULL; +return; +} +strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); +buffer[sizeof(buffer) - 1] = '\0'; +nonce = strtok(buffer, ","); +//continue to search from the previous successful call +salt = strtok(NULL, ","); +ic = strtok(NULL, ","); +iter = atoi(ic + 2); +if (iter == 0) { +hydra_report(stderr, "Error: Can't understand server response\n"); +free(preppasswd); +result = NULL; +return; +} +if ((nonce != NULL) && (strlen(nonce) > 2)) +snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); +else { +hydra_report(stderr, "Error: Could not identify server nonce value\n"); +free(preppasswd); +result = NULL; +return; +} +if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) +//s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= +strcpy(buffer, salt + 2); +else { +hydra_report(stderr, "Error: Could not identify server salt value\n"); +free(preppasswd); +result = NULL; +return; +} +/* SaltedPassword := Hi(Normalize(password), salt, i) */ +saltlen = from64tobits((char *) salt, buffer); +if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { +hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); +free(preppasswd); +result = NULL; +return; +} +/* ClientKey := HMAC(SaltedPassword, "Client Key") */ #define CLIENT_KEY "Client Key" - HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); - - /* StoredKey := H(ClientKey) */ - SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); - - /* ClientSignature := HMAC(StoredKey, AuthMessage) */ - snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); - HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); - - /* ClientProof := ClientKey XOR ClientSignature */ - xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); - to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); - - snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", result); - free(preppasswd); +HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); +/* StoredKey := H(ClientKey) */ +SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); +/* ClientSignature := HMAC(StoredKey, AuthMessage) */ +snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); +HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); +/* ClientProof := ClientKey XOR ClientSignature */ +xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); +to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); +snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); +if (debug) +hydra_report(stderr, "DEBUG C: %s\n", result); +free(preppasswd); } #endif From e1419a00029959a3535b28fda01ec16a75db6d9b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2015 13:16:57 +0200 Subject: [PATCH 20/33] beautifications --- hydra.c | 6892 ++++++++++++++++++++++++++++--------------------------- sasl.c | 1047 +++++---- 2 files changed, 4002 insertions(+), 3937 deletions(-) diff --git a/hydra.c b/hydra.c index cb97ad0..9a71294 100644 --- a/hydra.c +++ b/hydra.c @@ -1,3 +1,4 @@ + /* * hydra (c) 2001-2014 by van Hauser / THC * http://www.thc.org @@ -48,13 +49,11 @@ extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); - -// ADD NEW SERVICES HERE - extern void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); // ADD NEW SERVICES HERE + #ifdef HAVE_MATH_H extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); @@ -138,14 +137,14 @@ extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *m extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); - -// ADD NEW SERVICES HERE - extern int service_rtsp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +// ADD NEW SERVICES HERE + + // ADD NEW SERVICES HERE char *SERVICES = -"asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp rtsp"; + "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; #define MAXBUF 520 #define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) @@ -181,92 +180,92 @@ void hydra_kill_head(int head_no, int killit, int fail); // some structure definitions typedef struct { - pid_t pid; - int sp[2]; - int target_no; - char *current_login_ptr; - char *current_pass_ptr; - char reverse[256]; - int active; - int redo; - time_t last_seen; + pid_t pid; + int sp[2]; + int target_no; + char *current_login_ptr; + char *current_pass_ptr; + char reverse[256]; + int active; + int redo; + time_t last_seen; } hydra_head; typedef struct { - char *target; - char ip[36]; - char *login_ptr; - char *pass_ptr; - unsigned long int login_no; - unsigned long int pass_no; - unsigned long int sent; - int pass_state; - int use_count; - int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved - int fail_count; - int redo_state; - int redo; - int ok; - int failed; - int skipcnt; - int port; - char *redo_login[MAXTASKS * 2 + 2]; - char *redo_pass[MAXTASKS * 2 + 2]; - char *skiplogin[SKIPLOGIN]; - // char *bfg_ptr[MAXTASKS]; + char *target; + char ip[36]; + char *login_ptr; + char *pass_ptr; + unsigned long int login_no; + unsigned long int pass_no; + unsigned long int sent; + int pass_state; + int use_count; + int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved + int fail_count; + int redo_state; + int redo; + int ok; + int failed; + int skipcnt; + int port; + char *redo_login[MAXTASKS * 2 + 2]; + char *redo_pass[MAXTASKS * 2 + 2]; + char *skiplogin[SKIPLOGIN]; + // char *bfg_ptr[MAXTASKS]; } hydra_target; typedef struct { - int active; // active tasks of hydra_options.max_use - int targets; - int finished; - int exit; - unsigned long int todo_all; - unsigned long int todo; - unsigned long int sent; - unsigned long int found; - unsigned long int countlogin; - unsigned long int countpass; - size_t sizelogin; - size_t sizepass; - FILE *ofp; + int active; // active tasks of hydra_options.max_use + int targets; + int finished; + int exit; + unsigned long int todo_all; + unsigned long int todo; + unsigned long int sent; + unsigned long int found; + unsigned long int countlogin; + unsigned long int countpass; + size_t sizelogin; + size_t sizepass; + FILE *ofp; } hydra_brain; typedef struct { - int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined - int loop_mode; // valid modes: 0 = password, 1 = user - int ssl; - int restore; - int debug; // is external - for restore - int verbose; // is external - for restore - int showAttempt; - int tasks; - int try_null_password; - int try_password_same_as_login; - int try_password_reverse_login; - int exit_found; - int max_use; - int cidr; - char *login; - char *loginfile; - char *pass; - char *passfile; - char *outfile_ptr; - char *infile_ptr; - char *colonfile; - int waittime; // is external - for restore - int conwait; // is external - for restore - unsigned int port; // is external - for restore - char *miscptr; - char *server; - char *service; - char bfg; + int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined + int loop_mode; // valid modes: 0 = password, 1 = user + int ssl; + int restore; + int debug; // is external - for restore + int verbose; // is external - for restore + int showAttempt; + int tasks; + int try_null_password; + int try_password_same_as_login; + int try_password_reverse_login; + int exit_found; + int max_use; + int cidr; + char *login; + char *loginfile; + char *pass; + char *passfile; + char *outfile_ptr; + char *infile_ptr; + char *colonfile; + int waittime; // is external - for restore + int conwait; // is external - for restore + unsigned int port; // is external - for restore + char *miscptr; + char *server; + char *service; + char bfg; } hydra_option; typedef struct { - char *name; - int port; - int port_ssl; + char *name; + int port; + int port_ssl; } hydra_portlist; // external vars @@ -312,3567 +311,3598 @@ int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" void help(int ext) { - printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" + printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" #ifdef HAVE_MATH_H - " [-x MIN:MAX:CHARSET]" + " [-x MIN:MAX:CHARSET]" #endif - " [-SOuvVd46] " - //"[server service [OPT]]|" - "[service://server[:PORT][/OPT]]\n"); - printf("\nOptions:\n"); - if (ext) - printf(" -R restore a previous aborted/crashed session\n"); + " [-SOuvVd46] " + //"[server service [OPT]]|" + "[service://server[:PORT][/OPT]]\n"); + printf("\nOptions:\n"); + if (ext) + printf(" -R restore a previous aborted/crashed session\n"); #ifdef LIBOPENSSL - if (ext) - printf(" -S perform an SSL connect\n"); + if (ext) + printf(" -S perform an SSL connect\n"); #endif - if (ext) - printf(" -s PORT if the service is on a different default port, define it here\n"); - printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); - printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); + if (ext) + printf(" -s PORT if the service is on a different default port, define it here\n"); + printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); + printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); #ifdef HAVE_MATH_H - if (ext) - printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); + if (ext) + printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); #endif - if (ext) - printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); - if (ext) - printf(" -u loop around users, not passwords (effective! implied with -x)\n"); - printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); - printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); - if (ext) - printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); - if (ext) - printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); - printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); - if (ext) - printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); - if (ext) - printf(" -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n"); - if (ext) - printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); - if (ext) - printf(" -O use old SSL v2 and v3\n"); - if (ext) - printf(" -q do not print messages about connection errors\n"); - printf(" -U service module usage details\n"); - if (ext == 0) - printf(" -h more command line options (COMPLETE HELP)\n"); - printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); - printf(" service the service to crack (see below for supported protocols)\n"); - printf(" OPT some service modules support additional input (-U for module help)\n"); - - printf("\nSupported services: %s\n", SERVICES); - printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); - printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); - if (ext && strlen(unsupported) > 0) { - if (unsupported[strlen(unsupported) - 1] == ' ') - unsupported[strlen(unsupported) - 1] = 0; - printf("These services were not compiled in: %s.\n", unsupported); - } - if (ext) { - printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); - printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); - printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); - printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); - } - - printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); - if (ext) { - printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); - printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); - printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); - printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); - } - exit(-1); + if (ext) + printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); + if (ext) + printf(" -u loop around users, not passwords (effective! implied with -x)\n"); + printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); + printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); + if (ext) + printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); + if (ext) + printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); + printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); + if (ext) + printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); + if (ext) + printf(" -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n"); + if (ext) + printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); + if (ext) + printf(" -O use old SSL v2 and v3\n"); + if (ext) + printf(" -q do not print messages about connection errors\n"); + printf(" -U service module usage details\n"); + if (ext == 0) + printf(" -h more command line options (COMPLETE HELP)\n"); + printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); + printf(" service the service to crack (see below for supported protocols)\n"); + printf(" OPT some service modules support additional input (-U for module help)\n"); + + printf("\nSupported services: %s\n", SERVICES); + printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); + printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); + if (ext && strlen(unsupported) > 0) { + if (unsupported[strlen(unsupported) - 1] == ' ') + unsupported[strlen(unsupported) - 1] = 0; + printf("These services were not compiled in: %s.\n", unsupported); + } + if (ext) { + printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); + printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); + printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); + printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); + } + + printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); + if (ext) { + printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); + printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); + printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); + printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); + } + exit(-1); } void help_bfg() { - printf("Hydra bruteforce password generation option usage:\n\n" - " -x MIN:MAX:CHARSET\n\n" - " MIN is the minimum number of characters in the password\n" - " MAX is the maximum number of characters in the password\n" - " CHARSET is a specification of the characters to use in the generation\n" - " valid CHARSET values are: 'a' for lowercase letters,\n" - " 'A' for uppercase letters, '1' for numbers, and for all others,\n" - " just add their real representation.\n\n" - "Examples:\n" - " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" - " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" - " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); - printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); - exit(-1); + printf("Hydra bruteforce password generation option usage:\n\n" + " -x MIN:MAX:CHARSET\n\n" + " MIN is the minimum number of characters in the password\n" + " MAX is the maximum number of characters in the password\n" + " CHARSET is a specification of the characters to use in the generation\n" + " valid CHARSET values are: 'a' for lowercase letters,\n" + " 'A' for uppercase letters, '1' for numbers, and for all others,\n" + " just add their real representation.\n\n" + "Examples:\n" + " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" + " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" + " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); + printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + exit(-1); } void module_usage() { - int find = 0; - - if (hydra_options.service) { - printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); - if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); - find = 1; - } - if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "cvs") == 0) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "xmpp") == 0) { - printf("Module xmpp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { - printf("Module pop3 is optionally taking one authentication type of:\n" - " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "imap") == 0)) { - printf("Module imap is optionally taking one authentication type of:\n" - " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { - printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" - "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { - printf("Module smtp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "svn") == 0)) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "irc") == 0)) { - printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { - printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { - printf("Module sshkey does not provide additional options, although the semantic for\n" - "options -p and -P is changed:\n" - " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" - "and the optional parameter for the password of the user.\n" - "Examples:\n" - " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) - || (strcmp(hydra_options.service, "ldap3") == 0) - || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) - ) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" - "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" - "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directy ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" - "Note: you can set the group type using LOCAL or DOMAIN keyword\n" - " or other_domain:{value} to specify a trusted domain.\n" - " you can set the password type using HASH or MACHINE keyword\n" - " (to use the Machine's NetBIOS name as the password).\n" - " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" - "Example: \n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) - || (strcmp(hydra_options.service, "https-get-form") == 0) - || (strcmp(hydra_options.service, "http-post-form") == 0) - || (strcmp(hydra_options.service, "https-post-form") == 0) - || (strncmp(hydra_options.service, "http-form", 9) == 0) - || (strncmp(hydra_options.service, "https-form", 10) == 0) - ) - ) { - printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: ::[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" - " placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" - " C=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note: 'h' will add the user-defined header at the end\n" - " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" - "\nExamples:\n" - " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", - hydra_options.service); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { - printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" - "The -L loginfile must contain the URL list to try through the proxy.\n" - "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); - find = 1; - } - if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { - printf("Module snmp is optionally taking the following parameters:\n"); - printf(" READ perform read requests (default)\n"); - printf(" WRITE perform write requests\n"); - printf(" 1 use SNMP version 1 (default)\n"); - printf(" 2 use SNMP version 2\n"); - printf(" 3 use SNMP version 3\n"); - printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); - printf(" SNMP version 3 has the following optional sub parameters:\n"); - printf(" MD5 use MD5 authentication (default)\n"); - printf(" SHA use SHA authentication\n"); - printf(" DES use DES encryption\n"); - printf(" AES use AES encryption\n"); - printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); - printf(" only requires a password (or username) not both.\n"); - printf("To combine the options, use colons (\":\"), e.g.:\n"); - printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); - printf(" hydra -P pass.txt -m 2 target.com snmp\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get") == 0) - || (strcmp(hydra_options.service, "https-get") == 0) - || (strcmp(hydra_options.service, "http-post") == 0) - || (strcmp(hydra_options.service, "https-post") == 0)) - ) { - printf("Module %s requires the page to authenticate.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); - find = 1; - } + int find = 0; + + if (hydra_options.service) { + printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); + find = 1; } - if (!find) // this is also printed if the module does not exist at all - printf("The Module %s does not need or support optional parameters\n", hydra_options.service); - exit(0); + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "cvs") == 0) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "xmpp") == 0) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "imap") == 0)) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "svn") == 0)) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "irc") == 0)) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) + || (strcmp(hydra_options.service, "ldap3") == 0) + || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) + ) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) + || (strcmp(hydra_options.service, "https-get-form") == 0) + || (strcmp(hydra_options.service, "http-post-form") == 0) + || (strcmp(hydra_options.service, "https-post-form") == 0) + || (strncmp(hydra_options.service, "http-form", 9) == 0) + || (strncmp(hydra_options.service, "https-form", 10) == 0) + ) + ) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: ::[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it exists, by the\n" + " one supplied by the user, or add the header at the end\n" + "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the examples above and below).\n" + " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as option separators.\n" + "\nExamples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + hydra_options.service); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + find = 1; + } + if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { + printf("Module snmp is optionally taking the following parameters:\n"); + printf(" READ perform read requests (default)\n"); + printf(" WRITE perform write requests\n"); + printf(" 1 use SNMP version 1 (default)\n"); + printf(" 2 use SNMP version 2\n"); + printf(" 3 use SNMP version 3\n"); + printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); + printf(" SNMP version 3 has the following optional sub parameters:\n"); + printf(" MD5 use MD5 authentication (default)\n"); + printf(" SHA use SHA authentication\n"); + printf(" DES use DES encryption\n"); + printf(" AES use AES encryption\n"); + printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); + printf(" only requires a password (or username) not both.\n"); + printf("To combine the options, use colons (\":\"), e.g.:\n"); + printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); + printf(" hydra -P pass.txt -m 2 target.com snmp\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get") == 0) + || (strcmp(hydra_options.service, "https-get") == 0) + || (strcmp(hydra_options.service, "http-post") == 0) + || (strcmp(hydra_options.service, "https-post") == 0)) + ) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); + find = 1; + } + } + if (!find) // this is also printed if the module does not exist at all + printf("The Module %s does not need or support optional parameters\n", hydra_options.service); + exit(0); } void hydra_debug(int force, char *string) { - int i; - - if (!debug && !force) - return; - - printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); - printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", - hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, - hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, - hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); - printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", - hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, - (unsigned long int) hydra_brains.sizepass); - for (i = 0; i < hydra_brains.targets; i++) - printf - ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", - i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, - hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, - hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, - hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); - if (hydra_heads != NULL) - for (i = 0; i < hydra_options.max_use; i++) - printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", - i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, - hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, - hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); + int i; + + if (!debug && !force) + return; + + printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); + printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", + hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, + hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, + hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", + hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, + (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, + (unsigned long int) hydra_brains.sizepass); + for (i = 0; i < hydra_brains.targets; i++) + printf + ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", + i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, + hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, + hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, + hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); + if (hydra_heads != NULL) + for (i = 0; i < hydra_options.max_use; i++) + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", + i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, + hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, + hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); } void bail(char *text) { - fprintf(stderr, "[ERROR] %s\n", text); - exit(-1); + fprintf(stderr, "[ERROR] %s\n", text); + exit(-1); } void hydra_restore_write(int print_msg) { - FILE *f; - hydra_brain brain; - char mynull[4] = { 0, 0, 0, 0 }; - int i = 0, j = 0; - hydra_head hh; - - if (process_restore != 1) - return; - - for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) - j++; - if (j == 0) { - process_restore = 0; - return; + FILE *f; + hydra_brain brain; + char mynull[4] = { 0, 0, 0, 0 }; + int i = 0, j = 0; + hydra_head hh; + + if (process_restore != 1) + return; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) + j++; + if (j == 0) { + process_restore = 0; + return; + } + + if ((f = fopen(RESTOREFILE, "w")) == NULL) { + fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); + perror(""); + process_restore = 0; + return; + } else if (debug) + printf("[DEBUG] Writing restore file... "); + + fprintf(f, "%s\n", PROGRAM); + memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); + brain.targets = i; + brain.ofp = NULL; + brain.finished = brain.active = 0; + fck = fwrite(&bf_options, sizeof(bf_options), 1, f); + if (bf_options.crs != NULL) + fck = fwrite(bf_options.crs, BF_CHARSMAX, 1, f); + else + fck = fwrite(mynull, sizeof(mynull), 1, f); + fck = fwrite(&brain, sizeof(hydra_brain), 1, f); + fck = fwrite(&hydra_options, sizeof(hydra_option), 1, f); + fprintf(f, "%s\n", hydra_options.server == NULL ? "" : hydra_options.server); + if (hydra_options.outfile_ptr == NULL) + fprintf(f, "\n"); + else + fprintf(f, "%s\n", hydra_options.outfile_ptr); + fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); + fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); + if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) + fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done != 1) { + fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); + fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), + (int) (hydra_targets[j]->pass_ptr - pass_ptr)); + fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); + if (hydra_targets[j]->redo) + for (i = 0; i < hydra_targets[j]->redo; i++) + fprintf(f, "%s\n%s\n", hydra_targets[j]->redo_login[i], hydra_targets[j]->redo_pass[i]); + if (hydra_targets[j]->skipcnt) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) + fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); } - - if ((f = fopen(RESTOREFILE, "w")) == NULL) { - fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); - perror(""); - process_restore = 0; - return; - } else if (debug) - printf("[DEBUG] Writing restore file... "); - - fprintf(f, "%s\n", PROGRAM); - memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); - brain.targets = i; - brain.ofp = NULL; - brain.finished = brain.active = 0; - fck = fwrite(&bf_options, sizeof(bf_options), 1, f); - if (bf_options.crs != NULL) - fck = fwrite(bf_options.crs, BF_CHARSMAX, 1, f); - else - fck = fwrite(mynull, sizeof(mynull), 1, f); - fck = fwrite(&brain, sizeof(hydra_brain), 1, f); - fck = fwrite(&hydra_options, sizeof(hydra_option), 1, f); - fprintf(f, "%s\n", hydra_options.server == NULL ? "" : hydra_options.server); - if (hydra_options.outfile_ptr == NULL) - fprintf(f, "\n"); - else - fprintf(f, "%s\n", hydra_options.outfile_ptr); - fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); - fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); - if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) - fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); - for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done != 1) { - fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); - fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), - (int) (hydra_targets[j]->pass_ptr - pass_ptr)); - fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); - if (hydra_targets[j]->redo) - for (i = 0; i < hydra_targets[j]->redo; i++) - fprintf(f, "%s\n%s\n", hydra_targets[j]->redo_login[i], hydra_targets[j]->redo_pass[i]); - if (hydra_targets[j]->skipcnt) - for (i = 0; i < hydra_targets[j]->skipcnt; i++) - fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); - } - for (j = 0; j < hydra_options.max_use; j++) { - memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); - if (j == 0 && debug) { - printf("[DEBUG] sizeof hydra_head: %d\n", sizeof(hydra_head)); - printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); - } - hh.active = 0; // re-enable disabled heads - if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) - || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { - hh.redo = 1; - if (print_msg && debug) - printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, - hh.current_login_ptr, hh.current_pass_ptr); - } - fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); - if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) - fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); - else - fprintf(f, "\n\n"); + for (j = 0; j < hydra_options.max_use; j++) { + memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); + if (j == 0 && debug) { + printf("[DEBUG] sizeof hydra_head: %d\n", sizeof(hydra_head)); + printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); } - - fprintf(f, "%s\n", PROGRAM); - fclose(f); - if (debug) - printf("done\n"); - if (print_msg) - printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); - hydra_debug(0, "hydra_restore_write()"); + hh.active = 0; // re-enable disabled heads + if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) + || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { + hh.redo = 1; + if (print_msg && debug) + printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, + hh.current_login_ptr, hh.current_pass_ptr); + } + fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); + if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) + fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); + else + fprintf(f, "\n\n"); + } + + fprintf(f, "%s\n", PROGRAM); + fclose(f); + if (debug) + printf("done\n"); + if (print_msg) + printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); + hydra_debug(0, "hydra_restore_write()"); } void hydra_restore_read() { - FILE *f; - char mynull[4]; - int i, j, orig_debug = debug; - char out[1024]; - - if (debug) printf("[DEBUG] reading restore file %s\n", RESTOREFILE); - if ((f = fopen(RESTOREFILE, "r")) == NULL) { - fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); - perror(""); - exit(-1); - } - + FILE *f; + char mynull[4]; + int i, j, orig_debug = debug; + char out[1024]; + + if (debug) + printf("[DEBUG] reading restore file %s\n", RESTOREFILE); + if ((f = fopen(RESTOREFILE, "r")) == NULL) { + fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); + perror(""); + exit(-1); + } + + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); + exit(-1); + } + fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); + fck = (int) fread(mynull, sizeof(mynull), 1, f); + if (debug) + printf("[DEBUG] reading restore file: Step 1 complete\n"); + if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { + bf_options.crs = NULL; + } else { + bf_options.crs = malloc(BF_CHARSMAX); + memcpy(bf_options.crs, mynull, sizeof(mynull)); + fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); + } + if (debug) + printf("[DEBUG] reading restore file: Step 2 complete\n"); + + fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); + hydra_brains.ofp = stdout; + fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); + hydra_options.restore = 1; + verbose = hydra_options.verbose; + debug = hydra_options.debug; + if (debug || orig_debug) + printf("[DEBUG] run_debug %d, orig_debug %d\n", debug, orig_debug); + if (orig_debug) { + debug = 1; + hydra_options.debug = 1; + } + waittime = hydra_options.waittime; + conwait = hydra_options.conwait; + port = hydra_options.port; + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_options.server = strdup(out); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) + printf("[DEBUG] reading restore file: Step 3 complete\n"); + if (strlen(out) > 0) { + hydra_options.outfile_ptr = malloc(strlen(out) + 1); + strcpy(hydra_options.outfile_ptr, out); + } else + hydra_options.outfile_ptr = NULL; + if (debug) + printf("[DEBUG] reading restore file: Step 4 complete\n"); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) + printf("[DEBUG] reading restore file: Step 5 complete\n"); + if (strlen(out) == 0) + hydra_options.miscptr = NULL; + else { + hydra_options.miscptr = malloc(strlen(out) + 1); + strcpy(hydra_options.miscptr, out); + } + if (debug) + printf("[DEBUG] reading restore file: Step 6 complete\n"); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) + printf("[DEBUG] reading restore file: Step 7 complete\n"); + hydra_options.service = malloc(strlen(out) + 1); + strcpy(hydra_options.service, out); + if (debug) + printf("[DEBUG] reading restore file: Step 8 complete\n"); + + login_ptr = malloc(hydra_brains.sizelogin); + fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); + if (debug) + printf("[DEBUG] reading restore file: Step 9 complete\n"); + if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode + pass_ptr = malloc(hydra_brains.sizepass); + fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); + } else { // colonfile mode + hydra_options.colonfile = empty_login; // dummy + pass_ptr = csv_ptr = login_ptr; + } + if (debug) + printf("[DEBUG] reading restore file: Step 10 complete\n"); + + hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); + for (j = 0; j < hydra_brains.targets; j++) { + hydra_targets[j] = malloc(sizeof(hydra_target)); + fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (strcmp(out, PROGRAM) != 0) { - fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); - exit(-1); - } - fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); - fck = (int) fread(mynull, sizeof(mynull), 1, f); - if (debug) printf("[DEBUG] reading restore file: Step 1 complete\n"); - if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { - bf_options.crs = NULL; - } else { - bf_options.crs = malloc(BF_CHARSMAX); - memcpy(bf_options.crs, mynull, sizeof(mynull)); - fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); - } - if (debug) printf("[DEBUG] reading restore file: Step 2 complete\n"); - - fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); - hydra_brains.ofp = stdout; - fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); - hydra_options.restore = 1; - verbose = hydra_options.verbose; - debug = hydra_options.debug; - if (debug || orig_debug) printf("[DEBUG] run_debug %d, orig_debug %d\n", debug, orig_debug); - if (orig_debug) { - debug = 1; - hydra_options.debug = 1; - } - waittime = hydra_options.waittime; - conwait = hydra_options.conwait; - port = hydra_options.port; + out[strlen(out) - 1] = 0; + hydra_targets[j]->target = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->target, out); sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_options.server = strdup(out); + hydra_targets[j]->login_ptr = login_ptr + atoi(out); sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 3 complete\n"); - if (strlen(out) > 0) { - hydra_options.outfile_ptr = malloc(strlen(out) + 1); - strcpy(hydra_options.outfile_ptr, out); - } else - hydra_options.outfile_ptr = NULL; - if (debug) printf("[DEBUG] reading restore file: Step 4 complete\n"); + hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); + sck = fgets(out, sizeof(out), f); // target login_ptr, ignord sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') + if (hydra_options.bfg) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 5 complete\n"); - if (strlen(out) == 0) - hydra_options.miscptr = NULL; - else { - hydra_options.miscptr = malloc(strlen(out) + 1); - strcpy(hydra_options.miscptr, out); + hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->pass_ptr, out); } - if (debug) printf("[DEBUG] reading restore file: Step 6 complete\n"); - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 7 complete\n"); - hydra_options.service = malloc(strlen(out) + 1); - strcpy(hydra_options.service, out); - if (debug) printf("[DEBUG] reading restore file: Step 8 complete\n"); - - login_ptr = malloc(hydra_brains.sizelogin); - fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); - if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); - if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode - pass_ptr = malloc(hydra_brains.sizepass); - fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); - } else { // colonfile mode - hydra_options.colonfile = empty_login; // dummy - pass_ptr = csv_ptr = login_ptr; - } - if (debug) printf("[DEBUG] reading restore file: Step 10 complete\n"); - - hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); - for (j = 0; j < hydra_brains.targets; j++) { - hydra_targets[j] = malloc(sizeof(hydra_target)); - fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + if (hydra_targets[j]->redo > 0) + for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->target = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->target, out); + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_login[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_login[i], out); sck = fgets(out, sizeof(out), f); - hydra_targets[j]->login_ptr = login_ptr + atoi(out); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_pass[i], out); + } + if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) + hydra_targets[j]->skipcnt = 0; + if (hydra_targets[j]->skipcnt > 0) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) { sck = fgets(out, sizeof(out), f); - hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); - sck = fgets(out, sizeof(out), f); // target login_ptr, ignord - sck = fgets(out, sizeof(out), f); - if (hydra_options.bfg) { - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->pass_ptr, out); - } - if (hydra_targets[j]->redo > 0) - for (i = 0; i < hydra_targets[j]->redo; i++) { - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->redo_login[i] = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->redo_login[i], out); - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->redo_pass[i], out); - } - if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) - hydra_targets[j]->skipcnt = 0; - if (hydra_targets[j]->skipcnt > 0) - for (i = 0; i < hydra_targets[j]->skipcnt; i++) { - sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_targets[j]->skiplogin[i] = malloc(strlen(out) + 1); - strcpy(hydra_targets[j]->skiplogin[i], out); - } - hydra_targets[j]->fail_count = 0; - hydra_targets[j]->use_count = 0; - hydra_targets[j]->failed = 0; - } - if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); - hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); - for (j = 0; j < hydra_options.max_use; j++) { - hydra_heads[j] = malloc(sizeof(hydra_head)); - fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); - hydra_heads[j]->sp[0] = -1; - hydra_heads[j]->sp[1] = -1; - sck = fgets(out, sizeof(out), f); - if (hydra_heads[j]->redo) { - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); - strcpy(hydra_heads[j]->current_login_ptr, out); - } - sck = fgets(out, sizeof(out), f); - if (hydra_heads[j]->redo) { - if (out[0] != 0 && out[strlen(out) - 1] == '\n') - out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_login_ptr[0] == %d\n", j, out[0], hydra_heads[j]->current_login_ptr[0]); - if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { - hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); - strcpy(hydra_heads[j]->current_pass_ptr, out); - if (debug) - printf("[DEBUG] redo: %d %s/%s\n", j, hydra_heads[j]->current_login_ptr, hydra_heads[j]->current_pass_ptr); - } else { - hydra_heads[j]->redo = 0; - free(hydra_heads[j]->current_login_ptr); - hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; - } - } else { - hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; - } - } - if (debug) printf("[DEBUG] reading restore file: Step 12 complete\n"); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->skiplogin[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->skiplogin[i], out); + } + hydra_targets[j]->fail_count = 0; + hydra_targets[j]->use_count = 0; + hydra_targets[j]->failed = 0; + } + if (debug) + printf("[DEBUG] reading restore file: Step 11 complete\n"); + hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); + for (j = 0; j < hydra_options.max_use; j++) { + hydra_heads[j] = malloc(sizeof(hydra_head)); + fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); + hydra_heads[j]->sp[0] = -1; + hydra_heads[j]->sp[1] = -1; sck = fgets(out, sizeof(out), f); - if (out[0] != 0 && out[strlen(out) - 1] == '\n') + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; - if (strcmp(out, PROGRAM) != 0) { - fprintf(stderr, "[ERROR] invalid restore file (end)\n"); - exit(-1); + hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_login_ptr, out); } - fclose(f); - hydra_debug(0, "hydra_restore_read"); + sck = fgets(out, sizeof(out), f); + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (debug) + printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_login_ptr[0] == %d\n", j, out[0], hydra_heads[j]->current_login_ptr[0]); + if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { + hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_pass_ptr, out); + if (debug) + printf("[DEBUG] redo: %d %s/%s\n", j, hydra_heads[j]->current_login_ptr, hydra_heads[j]->current_pass_ptr); + } else { + hydra_heads[j]->redo = 0; + free(hydra_heads[j]->current_login_ptr); + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } else { + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } + if (debug) + printf("[DEBUG] reading restore file: Step 12 complete\n"); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (end)\n"); + exit(-1); + } + fclose(f); + hydra_debug(0, "hydra_restore_read"); } void killed_childs(int signo) { - int pid, i; - - killed++; - pid = wait3(NULL, WNOHANG, NULL); - for (i = 0; i < hydra_options.max_use; i++) { - if (pid == hydra_heads[i]->pid) { - hydra_heads[i]->pid = -1; - hydra_kill_head(i, 1, 0); - return; - } + int pid, i; + + killed++; + pid = wait3(NULL, WNOHANG, NULL); + for (i = 0; i < hydra_options.max_use; i++) { + if (pid == hydra_heads[i]->pid) { + hydra_heads[i]->pid = -1; + hydra_kill_head(i, 1, 0); + return; } + } } void killed_childs_report(int signo) { - if (debug) - printf("[DEBUG] children crashed! (%d)\n", child_head_no); - fck = write(child_socket, "E", 1); - _exit(-1); + if (debug) + printf("[DEBUG] children crashed! (%d)\n", child_head_no); + fck = write(child_socket, "E", 1); + _exit(-1); } void kill_children(int signo) { - int i; - - if (verbose) - fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); - if (process_restore == 1) - hydra_restore_write(1); - if (hydra_heads != NULL) { - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) - kill(hydra_heads[i]->pid, SIGTERM); - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) - kill(hydra_heads[i]->pid, SIGKILL); - } - exit(0); + int i; + + if (verbose) + fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); + if (process_restore == 1) + hydra_restore_write(1); + if (hydra_heads != NULL) { + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGTERM); + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGKILL); + } + exit(0); } unsigned long int countlines(FILE * fp, int colonmode) { - size_t lines = 0; - char *buf = malloc(MAXLINESIZE); - int only_one_empty_line = 0; - struct stat st; - - while (!feof(fp)) { - if (fgets(buf, MAXLINESIZE, fp) != NULL) { - if (buf[0] != 0) { - if (buf[0] == '\r' || buf[0] == '\n') { - if (only_one_empty_line == 0) { - only_one_empty_line = 1; - lines++; - } - } else { - lines++; - } - } + size_t lines = 0; + char *buf = malloc(MAXLINESIZE); + int only_one_empty_line = 0; + struct stat st; + + while (!feof(fp)) { + if (fgets(buf, MAXLINESIZE, fp) != NULL) { + if (buf[0] != 0) { + if (buf[0] == '\r' || buf[0] == '\n') { + if (only_one_empty_line == 0) { + only_one_empty_line = 1; + lines++; + } + } else { + lines++; } + } } - rewind(fp); - free(buf); - (void) fstat(fileno(fp), &st); - size_of_data = st.st_size + 1; - return lines; + } + rewind(fp); + free(buf); + (void) fstat(fileno(fp), &st); + size_of_data = st.st_size + 1; + return lines; } void fill_mem(char *ptr, FILE * fp, int colonmode) { - char tmp[MAXBUF + 4] = "", *ptr2; - unsigned int len; - int only_one_empty_line = 0; - - while (!feof(fp)) { - if (fgets(tmp, MAXLINESIZE, fp) != NULL) { - if (tmp[0] != 0) { - if (tmp[strlen(tmp) - 1] == '\n') - tmp[strlen(tmp) - 1] = '\0'; - if (tmp[0] != 0 && tmp[strlen(tmp) - 1] == '\r') - tmp[strlen(tmp) - 1] = '\0'; - if ((len = strlen(tmp)) > 0 || (only_one_empty_line == 0 && colonmode == 0)) { - if (len == 0 && colonmode == 0) { - only_one_empty_line = 1; - len = 1; - tmp[len] = 0; - } - if (colonmode) { - if ((ptr2 = index(tmp, ':')) == NULL) { - fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); - exit(-1); - } else { - // if (tmp[0] == ':') { - // *ptr = 0; - // ptr++; - // } - // if (tmp[len - 1] == ':' && len > 1) { - // len++; - // tmp[len - 1] = 0; - // } - *ptr2 = 0; - } - } - memcpy(ptr, tmp, len); - ptr += len; - *ptr = '\0'; - ptr++; - } + char tmp[MAXBUF + 4] = "", *ptr2; + unsigned int len; + int only_one_empty_line = 0; + + while (!feof(fp)) { + if (fgets(tmp, MAXLINESIZE, fp) != NULL) { + if (tmp[0] != 0) { + if (tmp[strlen(tmp) - 1] == '\n') + tmp[strlen(tmp) - 1] = '\0'; + if (tmp[0] != 0 && tmp[strlen(tmp) - 1] == '\r') + tmp[strlen(tmp) - 1] = '\0'; + if ((len = strlen(tmp)) > 0 || (only_one_empty_line == 0 && colonmode == 0)) { + if (len == 0 && colonmode == 0) { + only_one_empty_line = 1; + len = 1; + tmp[len] = 0; + } + if (colonmode) { + if ((ptr2 = index(tmp, ':')) == NULL) { + fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); + exit(-1); + } else { + // if (tmp[0] == ':') { + // *ptr = 0; + // ptr++; + // } + // if (tmp[len - 1] == ':' && len > 1) { + // len++; + // tmp[len - 1] = 0; + // } + *ptr2 = 0; } + } + memcpy(ptr, tmp, len); + ptr += len; + *ptr = '\0'; + ptr++; } + } } - fclose(fp); + } + fclose(fp); } char *hydra_build_time() { - static char datetime[24]; - struct tm *the_time; - time_t epoch; - - time(&epoch); - the_time = localtime(&epoch); - strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); - return (char *) &datetime; + static char datetime[24]; + struct tm *the_time; + time_t epoch; + + time(&epoch); + the_time = localtime(&epoch); + strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); + return (char *) &datetime; } void hydra_service_init(int target_no) { - int x = 99; - + int x = 99; + #ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "afp") == 0) + x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "asterisk") == 0) - x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cvs") == 0) - x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco") == 0) - x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "asterisk") == 0) + x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cvs") == 0) + x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco") == 0) + x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "firebird") == 0) + x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) - x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) - x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) - x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) - x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy") == 0) - x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "icq") == 0) - x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "imap") == 0) - x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "irc") == 0) - x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strncmp(hydra_options.service, "ldap", 4) == 0) - x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) + x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) + x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) + x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) + x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "icq") == 0) + x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "imap") == 0) + x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "irc") == 0) + x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strncmp(hydra_options.service, "ldap", 4) == 0) + x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) - x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-listener") == 0) - x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rdp") == 0) - x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sip") == 0) + x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) + x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-listener") == 0) + x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rdp") == 0) + x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "mssql") == 0) - x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "mssql") == 0) + x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "mysql") == 0) + x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ncp") == 0) + x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "nntp") == 0) - x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "nntp") == 0) + x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle") == 0) + x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pcnfs") == 0) - x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pop3") == 0) - x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcanywhere") == 0) + x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pop3") == 0) + x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "postgres") == 0) + x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "rexec") == 0) - x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rlogin") == 0) - x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rsh") == 0) - x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rexec") == 0) + x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rlogin") == 0) + x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rsh") == 0) + x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sapr3") == 0) + x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "smtp") == 0) - x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "snmp") == 0) - x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "socks5") == 0) - x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp") == 0) + x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "snmp") == 0) + x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "socks5") == 0) + x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSSH - if (strcmp(hydra_options.service, "ssh") == 0) - x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "sshkey") == 0) - x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ssh") == 0) + x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sshkey") == 0) + x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "svn") == 0) + x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "teamspeak") == 0) - x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "telnet") == 0) - x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vmauthd") == 0) - x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vnc") == 0) - x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "xmpp") == 0) - x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "s7-300") == 0) - x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - // ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "teamspeak") == 0) + x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "telnet") == 0) + x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vnc") == 0) + x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "xmpp") == 0) + x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "s7-300") == 0) + x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rtsp") == 0) + x = service_rtsp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + // ADD NEW SERVICES HERE - if (strcmp(hydra_options.service, "rtsp") == 0) - x = service_rtsp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - - if (x != 0 && x != 99) { - if (x > 0 && x < 4) - hydra_targets[target_no]->done = x; - else - hydra_targets[target_no]->done = 2; - hydra_brains.finished++; - if (hydra_brains.targets == 1) - exit(-1); - } + + if (x != 0 && x != 99) { + if (x > 0 && x < 4) + hydra_targets[target_no]->done = x; + else + hydra_targets[target_no]->done = 2; + hydra_brains.finished++; + if (hydra_brains.targets == 1) + exit(-1); + } } int hydra_spawn_head(int head_no, int target_no) { - int i; - - if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { - if (verbose > 1 || debug) - printf("[DEBUG-ERROR] spawn_head: head_no %d, target_no %d\n", head_no, target_no); - return -1; - } - - if (hydra_heads[head_no]->active < 0) { - printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); - return -1; - } - - if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { - child_head_no = head_no; - if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD - // set new signals for child - process_restore = 0; - child_socket = hydra_heads[head_no]->sp[1]; - signal(SIGCHLD, killed_childs); - signal(SIGTERM, exit); -#ifdef SIGBUS - signal(SIGBUS, exit); -#endif - signal(SIGSEGV, killed_childs_report); - signal(SIGHUP, exit); - signal(SIGINT, exit); - signal(SIGPIPE, exit); - // free structures to make memory available - cmdlinetarget = hydra_targets[target_no]->target; - for (i = 0; i < hydra_options.max_use; i++) - if (i != head_no) - free(hydra_heads[i]); - for (i = 0; i < hydra_brains.targets; i++) - if (i != target_no) - free(hydra_targets[i]); - if (hydra_options.loginfile != NULL) - free(login_ptr); - if (hydra_options.passfile != NULL) - free(pass_ptr); - if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) - free(csv_ptr); - // we must keep servers_ptr for cmdlinetarget to work - if (debug) - printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); - - // now call crack module - if (strcmp(hydra_options.service, "asterisk") == 0) - service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "telnet") == 0) - service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ftp") == 0){ - - service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + int i; -} - if (strcmp(hydra_options.service, "ftps") == 0) - service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "redis") == 0) - service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pop3") == 0) - service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "imap") == 0) - service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vmauthd") == 0) - service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap2") == 0) - service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3") == 0) - service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-head") == 0) - service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) - service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get") == 0) - service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get-form") == 0) - service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-post-form") == 0) - service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy") == 0) - service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco") == 0) - service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "socks5") == 0) - service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vnc") == 0) - service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rexec") == 0) - service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rlogin") == 0) - service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rsh") == 0) - service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "nntp") == 0) - service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "icq") == 0) - service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pcnfs") == 0) - service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { + if (verbose > 1 || debug) + printf("[DEBUG-ERROR] spawn_head: head_no %d, target_no %d\n", head_no, target_no); + return -1; + } + + if (hydra_heads[head_no]->active < 0) { + printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); + return -1; + } + + if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { + child_head_no = head_no; + if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD + // set new signals for child + process_restore = 0; + child_socket = hydra_heads[head_no]->sp[1]; + signal(SIGCHLD, killed_childs); + signal(SIGTERM, exit); +#ifdef SIGBUS + signal(SIGBUS, exit); #endif - if (strcmp(hydra_options.service, "mssql") == 0) - service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + signal(SIGSEGV, killed_childs_report); + signal(SIGHUP, exit); + signal(SIGINT, exit); + signal(SIGPIPE, exit); + // free structures to make memory available + cmdlinetarget = hydra_targets[target_no]->target; + for (i = 0; i < hydra_options.max_use; i++) + if (i != head_no) + free(hydra_heads[i]); + for (i = 0; i < hydra_brains.targets; i++) + if (i != target_no) + free(hydra_targets[i]); + if (hydra_options.loginfile != NULL) + free(login_ptr); + if (hydra_options.passfile != NULL) + free(pass_ptr); + if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) + free(csv_ptr); + // we must keep servers_ptr for cmdlinetarget to work + if (debug) + printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); + + // now call crack module + if (strcmp(hydra_options.service, "asterisk") == 0) + service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "telnet") == 0) + service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ftp") == 0) { + + service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + + } + if (strcmp(hydra_options.service, "ftps") == 0) + service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "redis") == 0) + service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pop3") == 0) + service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "imap") == 0) + service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap2") == 0) + service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap3") == 0) + service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-head") == 0) + service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) + service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-get") == 0) + service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-get-form") == 0) + service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-post-form") == 0) + service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco") == 0) + service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "socks5") == 0) + service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "vnc") == 0) + service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rexec") == 0) + service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rlogin") == 0) + service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rsh") == 0) + service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "nntp") == 0) + service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "icq") == 0) + service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); +#ifdef HAVE_MATH_H + if (strcmp(hydra_options.service, "mysql") == 0) + service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); +#endif + if (strcmp(hydra_options.service, "mssql") == 0) + service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "oracle-listener") == 0) - service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-listener") == 0) + service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "oracle") == 0) + service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "postgres") == 0) + service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "firebird") == 0) + service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "afp") == 0) + service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ncp") == 0) + service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cvs") == 0) - service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "pcanywhere") == 0) + service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "cvs") == 0) + service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "svn") == 0) + service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "snmp") == 0) - service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "snmp") == 0) + service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) - service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) + service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sapr3") == 0) + service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif #ifdef LIBSSH - if (strcmp(hydra_options.service, "ssh") == 0) - service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "sshkey") == 0) - service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "ssh") == 0) + service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sshkey") == 0) + service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "smtp") == 0) - service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "teamspeak") == 0) - service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp") == 0) + service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "teamspeak") == 0) + service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "sip") == 0) + service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "xmpp") == 0) - service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, - hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "irc") == 0) - service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "xmpp") == 0) + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, + hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "irc") == 0) + service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "rdp") == 0) - service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rdp") == 0) + service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); #endif - if (strcmp(hydra_options.service, "s7-300") == 0) - service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - // ADD NEW SERVICES HERE - - if (strcmp(hydra_options.service, "rtsp") == 0){ - - service_rtsp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - } - // just in case a module returns (which it shouldnt) we let it exit here - exit(-1); - } else { - child_head_no = -1; - if (hydra_heads[head_no]->pid > 0) { - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that - (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); - if (hydra_heads[head_no]->redo != 1) - hydra_heads[head_no]->target_no = target_no; - hydra_heads[head_no]->active = 1; - hydra_targets[hydra_heads[head_no]->target_no]->use_count++; - hydra_brains.active++; - hydra_heads[head_no]->last_seen = time(NULL); - if (debug) - printf("[DEBUG] child %d spawned for target %d with pid %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->pid); - } else { - perror("[ERROR] Fork for children failed"); - hydra_heads[head_no]->sp[0] = -1; - hydra_heads[head_no]->active = 0; - return -1; - } - } + if (strcmp(hydra_options.service, "s7-300") == 0) + service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + if (strcmp(hydra_options.service, "rtsp") == 0) + service_rtsp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + // ADD NEW SERVICES HERE + + + // just in case a module returns (which it shouldnt) we let it exit here + exit(-1); } else { - perror("[ERROR] socketpair creation failed"); + child_head_no = -1; + if (hydra_heads[head_no]->pid > 0) { + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that + (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + if (hydra_heads[head_no]->redo != 1) + hydra_heads[head_no]->target_no = target_no; + hydra_heads[head_no]->active = 1; + hydra_targets[hydra_heads[head_no]->target_no]->use_count++; + hydra_brains.active++; + hydra_heads[head_no]->last_seen = time(NULL); + if (debug) + printf("[DEBUG] child %d spawned for target %d with pid %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->pid); + } else { + perror("[ERROR] Fork for children failed"); hydra_heads[head_no]->sp[0] = -1; hydra_heads[head_no]->active = 0; return -1; + } } - return 0; + } else { + perror("[ERROR] socketpair creation failed"); + hydra_heads[head_no]->sp[0] = -1; + hydra_heads[head_no]->active = 0; + return -1; + } + return 0; } int hydra_lookup_port(char *service) { - int i = 0, port = -2; - - hydra_portlist hydra_portlists[] = { - {"ftp", PORT_FTP, PORT_FTP_SSL}, - {"ftps", PORT_FTP, PORT_FTP_SSL}, - {"http-head", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-head", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"icq", PORT_ICQ, PORT_ICQ_SSL}, - {"imap", PORT_IMAP, PORT_IMAP_SSL}, - {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, - {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, - {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, - {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, - {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, - {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, - {"nntp", PORT_NNTP, PORT_NNTP_SSL}, - {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, - {"pop3", PORT_POP3, PORT_POP3_SSL}, - {"redis", PORT_REDIS, PORT_REDIS_SSL}, - {"rexec", PORT_REXEC, PORT_REXEC_SSL}, - {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, - {"rsh", PORT_RSH, PORT_RSH_SSL}, - {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, - {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, - {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, - {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, - {"ssh", PORT_SSH, PORT_SSH_SSL}, - {"sshkey", PORT_SSH, PORT_SSH_SSL}, - {"telnet", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, - {"vnc", PORT_VNC, PORT_VNC_SSL}, - {"snmp", PORT_SNMP, PORT_SNMP_SSL}, - {"cvs", PORT_CVS, PORT_CVS_SSL}, - {"svn", PORT_SVN, PORT_SVN_SSL}, - {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, - {"afp", PORT_AFP, PORT_AFP_SSL}, - {"ncp", PORT_NCP, PORT_NCP_SSL}, - {"smtp", PORT_SMTP, PORT_SMTP_SSL}, - {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, - {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, - {"sip", PORT_SIP, PORT_SIP_SSL}, - {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, - {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, - {"irc", PORT_IRC, PORT_IRC_SSL}, - {"rdp", PORT_RDP, PORT_RDP_SSL}, - {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, - {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, - // ADD NEW SERVICES HERE - add new port numbers to hydra.h - {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, - {"", PORT_NOPORT, PORT_NOPORT} - }; - - while (strlen(hydra_portlists[i].name) > 0 && port == -2) { - if (strcmp(service, hydra_portlists[i].name) == 0) { - if (hydra_options.ssl) - port = hydra_portlists[i].port_ssl; - else - port = hydra_portlists[i].port; - } - i++; + int i = 0, port = -2; + + hydra_portlist hydra_portlists[] = { + {"ftp", PORT_FTP, PORT_FTP_SSL}, + {"ftps", PORT_FTP, PORT_FTP_SSL}, + {"http-head", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-head", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"icq", PORT_ICQ, PORT_ICQ_SSL}, + {"imap", PORT_IMAP, PORT_IMAP_SSL}, + {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, + {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, + {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, + {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, + {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, + {"nntp", PORT_NNTP, PORT_NNTP_SSL}, + {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, + {"pop3", PORT_POP3, PORT_POP3_SSL}, + {"redis", PORT_REDIS, PORT_REDIS_SSL}, + {"rexec", PORT_REXEC, PORT_REXEC_SSL}, + {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, + {"rsh", PORT_RSH, PORT_RSH_SSL}, + {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, + {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, + {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, + {"ssh", PORT_SSH, PORT_SSH_SSL}, + {"sshkey", PORT_SSH, PORT_SSH_SSL}, + {"telnet", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, + {"vnc", PORT_VNC, PORT_VNC_SSL}, + {"snmp", PORT_SNMP, PORT_SNMP_SSL}, + {"cvs", PORT_CVS, PORT_CVS_SSL}, + {"svn", PORT_SVN, PORT_SVN_SSL}, + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, + {"afp", PORT_AFP, PORT_AFP_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, + {"smtp", PORT_SMTP, PORT_SMTP_SSL}, + {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, + {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, + {"sip", PORT_SIP, PORT_SIP_SSL}, + {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, + {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, + {"irc", PORT_IRC, PORT_IRC_SSL}, + {"rdp", PORT_RDP, PORT_RDP_SSL}, + {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, + {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, + {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, + // ADD NEW SERVICES HERE - add new port numbers to hydra.h + {"", PORT_NOPORT, PORT_NOPORT} + }; + + while (strlen(hydra_portlists[i].name) > 0 && port == -2) { + if (strcmp(service, hydra_portlists[i].name) == 0) { + if (hydra_options.ssl) + port = hydra_portlists[i].port_ssl; + else + port = hydra_portlists[i].port; } - if (port < 1) - return -1; - else - return port; + i++; + } + if (port < 1) + return -1; + else + return port; } // killit = 1 : kill(pid); fail = 1 : redo, fail = 2/3 : disable void hydra_kill_head(int head_no, int killit, int fail) { - if (debug) printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); - if (head_no < 0) - return; - if (hydra_heads[head_no]->active > 0) { - close(hydra_heads[head_no]->sp[0]); - close(hydra_heads[head_no]->sp[1]); - } - if (killit) { - if (hydra_heads[head_no]->pid > 0) - kill(hydra_heads[head_no]->pid, SIGTERM); - hydra_brains.active--; - } - if (hydra_heads[head_no]->active > 0) { - hydra_heads[head_no]->active = 0; - hydra_targets[hydra_heads[head_no]->target_no]->use_count--; - } - if (fail == 1) { - if (hydra_options.cidr != 1) - hydra_heads[head_no]->redo = 1; - } else if (fail == 2) { - if (hydra_options.cidr != 1) - hydra_heads[head_no]->active = -1; - if (hydra_heads[head_no]->target_no >= 0) - hydra_targets[hydra_heads[head_no]->target_no]->failed++; - } else if (fail == 3) { - hydra_heads[head_no]->active = -1; - if (hydra_heads[head_no]->target_no >= 0) - hydra_targets[hydra_heads[head_no]->target_no]->failed++; - } - if (hydra_heads[head_no]->pid > 0 && killit) - kill(hydra_heads[head_no]->pid, SIGKILL); - hydra_heads[head_no]->pid = -1; - if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 - && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { - free(hydra_heads[head_no]->current_pass_ptr); - hydra_heads[head_no]->current_pass_ptr = empty_login; - // hydra_bfg_remove(head_no); - // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; - } - (void) wait3(NULL, WNOHANG, NULL); + if (debug) + printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); + if (head_no < 0) + return; + if (hydra_heads[head_no]->active > 0) { + close(hydra_heads[head_no]->sp[0]); + close(hydra_heads[head_no]->sp[1]); + } + if (killit) { + if (hydra_heads[head_no]->pid > 0) + kill(hydra_heads[head_no]->pid, SIGTERM); + hydra_brains.active--; + } + if (hydra_heads[head_no]->active > 0) { + hydra_heads[head_no]->active = 0; + hydra_targets[hydra_heads[head_no]->target_no]->use_count--; + } + if (fail == 1) { + if (hydra_options.cidr != 1) + hydra_heads[head_no]->redo = 1; + } else if (fail == 2) { + if (hydra_options.cidr != 1) + hydra_heads[head_no]->active = -1; + if (hydra_heads[head_no]->target_no >= 0) + hydra_targets[hydra_heads[head_no]->target_no]->failed++; + } else if (fail == 3) { + hydra_heads[head_no]->active = -1; + if (hydra_heads[head_no]->target_no >= 0) + hydra_targets[hydra_heads[head_no]->target_no]->failed++; + } + if (hydra_heads[head_no]->pid > 0 && killit) + kill(hydra_heads[head_no]->pid, SIGKILL); + hydra_heads[head_no]->pid = -1; + if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 + && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = empty_login; + // hydra_bfg_remove(head_no); + // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; + } + (void) wait3(NULL, WNOHANG, NULL); } void hydra_increase_fail_count(int target_no, int head_no) { - int i, k; - - if (target_no < 0) - return; - - hydra_targets[target_no]->fail_count++; - if (debug) - printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) - + (hydra_targets[target_no]->ok ? 2 : -2)); - if (hydra_targets[target_no]->fail_count >= - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) + - (hydra_targets[target_no]->ok ? 2 : -2) - ) { - k = 0; - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) - k++; - if (k <= 1) { - // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { - hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; - hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; - hydra_targets[target_no]->redo++; - if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); - hydra_heads[head_no]->current_login_ptr = empty_login; - hydra_heads[head_no]->current_pass_ptr = empty_login; - } - if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { - if (hydra_targets[target_no]->ok == 1) - hydra_targets[target_no]->done = 2; // mark target as done by errors - else - hydra_targets[target_no]->done = 3; // mark target as done by unable to connect - hydra_brains.finished++; - fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); - } - if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); - else - hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense - } else { - // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { - hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; - hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; - hydra_targets[target_no]->redo++; - if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); - hydra_heads[head_no]->current_login_ptr = empty_login; - hydra_heads[head_no]->current_pass_ptr = empty_login; - } - hydra_targets[target_no]->fail_count--; - if (k < 5 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (k == 2 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); - else { - hydra_kill_head(head_no, 1, 2); - if (verbose) - printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); - } + int i, k; + + if (target_no < 0) + return; + + hydra_targets[target_no]->fail_count++; + if (debug) + printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets + [target_no]->failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2)); + if (hydra_targets[target_no]->fail_count >= + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets + [target_no]->failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2) + ) { + k = 0; + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) + k++; + if (k <= 1) { + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { + if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->ok == 1) + hydra_targets[target_no]->done = 2; // mark target as done by errors + else + hydra_targets[target_no]->done = 3; // mark target as done by unable to connect + hydra_brains.finished++; + fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); } + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(head_no, 1, 0); + else + hydra_kill_head(head_no, 1, 2); + } // we keep the last one alive as long as it make sense } else { - hydra_kill_head(head_no, 1, 1); + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + hydra_targets[target_no]->fail_count--; + if (k < 5 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (k == 2 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(head_no, 1, 0); + else { + hydra_kill_head(head_no, 1, 2); if (verbose) - printf("[VERBOSE] Retrying connection for child %d\n", head_no); + printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); + } } + } else { + hydra_kill_head(head_no, 1, 1); + if (verbose) + printf("[VERBOSE] Retrying connection for child %d\n", head_no); + } } char *hydra_reverse_login(int head_no, char *login) { - int i, j = strlen(login); - - if (j > 248) - j = 248; - else if (j == 0) - return empty_login; - for (i = 0; i < j; i++) - hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; - hydra_heads[head_no]->reverse[j] = 0; - - return hydra_heads[head_no]->reverse; + int i, j = strlen(login); + + if (j > 248) + j = 248; + else if (j == 0) + return empty_login; + for (i = 0; i < j; i++) + hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; + hydra_heads[head_no]->reverse[j] = 0; + + return hydra_heads[head_no]->reverse; } int hydra_send_next_pair(int target_no, int head_no) { - // variables moved to save stack - snpdone = 0; - snp_is_redo = 0; - snpdont = 0; - loop_cnt++; - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { - hydra_heads[head_no]->redo = 0; - snp_is_redo = 1; - snpdone = 1; - } else { - if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; - hydra_brains.finished++; - if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); - } - return -1; - } + // variables moved to save stack + snpdone = 0; + snp_is_redo = 0; + snpdont = 0; + loop_cnt++; + if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + hydra_heads[head_no]->redo = 0; + snp_is_redo = 1; + snpdone = 1; + } else { + if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + if (verbose) + printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + } + return -1; } - + } + + if (debug) + printf + ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", + target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, + hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); + + if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) - printf - ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", - target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, - hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); - - if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { - if (debug) - printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); - return -1; - } - - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { - hydra_heads[head_no]->redo = 0; - snp_is_redo = 1; + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + return -1; + } + + if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + hydra_heads[head_no]->redo = 0; + snp_is_redo = 1; + snpdone = 1; + } else { + if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[target_no]->sent, hydra_brains.todo); + hydra_heads[head_no]->redo = 0; + if (hydra_targets[target_no]->redo_state > 0) { + if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; + hydra_targets[target_no]->redo_state++; snpdone = 1; - } else { - if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) - printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", - hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[target_no]->sent, hydra_brains.todo); - hydra_heads[head_no]->redo = 0; - if (hydra_targets[target_no]->redo_state > 0) { - if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; - hydra_targets[target_no]->redo_state++; - snpdone = 1; - } // no else, that way a later lost pair is still added and done - } else { // normale state, no redo - if (hydra_targets[target_no]->done) { - loop_cnt = 0; - return -1; // head will be disabled by main while() - } - if (hydra_options.loop_mode == 0) { // one user after another - if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - // as we loop password in mode == 0 we set the current login first - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; - // then we do the extra options -e ns handling - if (hydra_targets[target_no]->pass_state == 0 && snpdone == 0) { - if (hydra_options.try_password_same_as_login) { - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->login_ptr; - snpdone = 1; - hydra_targets[target_no]->pass_no++; - } - hydra_targets[target_no]->pass_state++; - } - if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double - if (hydra_options.try_null_password) { - if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { - hydra_heads[head_no]->current_pass_ptr = empty_login; - snpdone = 1; - } else { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } - hydra_targets[target_no]->pass_no++; - } - hydra_targets[target_no]->pass_state++; - } - if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double - if (hydra_options.try_password_reverse_login) { - if ((hydra_options.try_password_same_as_login == 0 - || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) - && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { - hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); - snpdone = 1; - } else { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } - hydra_targets[target_no]->pass_no++; - } - hydra_targets[target_no]->pass_state++; - } - // now we handle the -C -l/-L -p/-P data - if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { - if ((hydra_options.mode & 64) == 64) { // colon mode - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; - hydra_targets[target_no]->login_no++; - snpdone = 1; - hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; - //hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; - //hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; - if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) - hydra_targets[target_no]->pass_state = 0; - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - if (debug) - printf("[DEBUG] double detected (-C)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - } else { // standard -l -L -p -P mode - hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; - hydra_targets[target_no]->pass_no++; - // double check - if (hydra_targets[target_no]->pass_no >= hydra_brains.countpass) { - // all passwords done, next user for next password - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->login_no++; - hydra_targets[target_no]->pass_no = 0; - hydra_targets[target_no]->pass_state = 0; - if (hydra_brains.countpass == hydra_options.try_password_reverse_login + hydra_options.try_null_password + hydra_options.try_password_same_as_login) - return hydra_send_next_pair(target_no, head_no); - } else { - hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; - } - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - if (debug) - printf("[DEBUG] double detected (-Pp)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - snpdone = 1; - } - } - } - } else { // loop_mode == 1 - if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { - hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; - if (hydra_targets[target_no]->pass_state == 0) { - if ((hydra_options.mode & 4) == 4) - hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); - else - hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; - } else if (hydra_targets[target_no]->pass_state == 1) { - if ((hydra_options.mode & 4) == 4) - hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); - else - hydra_heads[head_no]->current_pass_ptr = empty_login; - } else if (hydra_targets[target_no]->pass_state == 2) { - if ((hydra_options.mode & 4) == 4) - hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); - else - hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); - } else { - if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 - && hydra_heads[head_no]->current_pass_ptr != NULL && - strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) - free(hydra_heads[head_no]->current_pass_ptr); - hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); - } - hydra_targets[target_no]->login_no++; - snpdone = 1; - - if (hydra_targets[target_no]->login_no >= hydra_brains.countlogin) { - if (hydra_targets[target_no]->pass_state < 3) { - hydra_targets[target_no]->pass_state++; - if (hydra_targets[target_no]->pass_state == 1 && hydra_options.try_null_password == 0) - hydra_targets[target_no]->pass_state++; - if (hydra_targets[target_no]->pass_state == 2 && hydra_options.try_password_reverse_login == 0) - hydra_targets[target_no]->pass_state++; - if (hydra_targets[target_no]->pass_state == 3) - snpdont = 1; - hydra_targets[target_no]->pass_no++; - } - - if (hydra_targets[target_no]->pass_state == 3) { - if (snpdont) { - hydra_targets[target_no]->pass_ptr = pass_ptr; - } else { - if ((hydra_options.mode & 4) == 4) { // bfg mode -#ifndef HAVE_MATH_H - sleep(1); -#else - hydra_targets[target_no]->pass_ptr = bf_next(); - if (debug) - printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); -#endif - } else { // -p -P mode - hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; - } - hydra_targets[target_no]->pass_no++; - } - } - - hydra_targets[target_no]->login_no = 0; - hydra_targets[target_no]->login_ptr = login_ptr; - } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - } - if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { - if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) - || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - if (debug) - printf("[DEBUG] double detected (1)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - } - } - } - } - - if (debug) - printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); - - // no pair? then we go for redo state - if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { - if (debug) - printf("[DEBUG] Entering redo_state\n"); - hydra_targets[target_no]->redo_state++; - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - } - - if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { - fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); - if (hydra_targets[target_no]->use_count <= 1) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; - hydra_brains.finished++; - printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); - } - } - if (hydra_brains.targets > hydra_brains.finished) - hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop - } else { - if (hydra_targets[target_no]->skipcnt > 0) { - snpj = 0; - for (snpi = 0; snpi < hydra_targets[target_no]->skipcnt && snpj == 0; snpi++) - if (strcmp(hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi]) == 0) - snpj = 1; - if (snpj) { - if (snp_is_redo == 0) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } - if (debug) - printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); - // only if -l/L -p/P with -u and if loginptr was not justed increased - if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) - // increase login_ptr to next - hydra_targets[target_no]->login_no++; - if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - } - // add count - hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - // reset password list - hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->pass_no = 0; - hydra_targets[target_no]->pass_state = 0; - } - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small - } - } - - memset(&snpbuf, 0, sizeof(snpbuf)); - strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); - if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) - snpbuflen = MAXLINESIZE - 2; - else - snpbuflen = strlen(hydra_heads[head_no]->current_login_ptr) + 1; - strncpy(snpbuf + snpbuflen, hydra_heads[head_no]->current_pass_ptr, MAXLINESIZE - snpbuflen - 1); - if (strlen(hydra_heads[head_no]->current_pass_ptr) > MAXLINESIZE - snpbuflen - 1) - snpbuflen += MAXLINESIZE - snpbuflen - 1; - else - snpbuflen += strlen(hydra_heads[head_no]->current_pass_ptr) + 1; - if (snp_is_redo == 0) { - hydra_brains.sent++; - hydra_targets[target_no]->sent++; - } else if (debug) - printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, snp_is_redo); - //hydra_dump_data(snpbuf, snpbuflen, "SENT"); - fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); - if (fck < snpbuflen) { - if (verbose) - fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); - hydra_increase_fail_count(target_no, head_no); - loop_cnt = 0; - return 0; // not prevent disabling it, if its needed its already done in the above line - } - if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", - hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, - hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); - } + } // no else, that way a later lost pair is still added and done + } else { // normale state, no redo + if (hydra_targets[target_no]->done) { loop_cnt = 0; - return 0; + return -1; // head will be disabled by main while() + } + if (hydra_options.loop_mode == 0) { // one user after another + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + // as we loop password in mode == 0 we set the current login first + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + // then we do the extra options -e ns handling + if (hydra_targets[target_no]->pass_state == 0 && snpdone == 0) { + if (hydra_options.try_password_same_as_login) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->login_ptr; + snpdone = 1; + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_null_password) { + if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { + hydra_heads[head_no]->current_pass_ptr = empty_login; + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_password_reverse_login) { + if ((hydra_options.try_password_same_as_login == 0 + || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) + && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + // now we handle the -C -l/-L -p/-P data + if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { + if ((hydra_options.mode & 64) == 64) { // colon mode + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->login_no++; + snpdone = 1; + hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; + //hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; + //hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) + hydra_targets[target_no]->pass_state = 0; + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-C)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } else { // standard -l -L -p -P mode + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->pass_no++; + // double check + if (hydra_targets[target_no]->pass_no >= hydra_brains.countpass) { + // all passwords done, next user for next password + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->login_no++; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + if (hydra_brains.countpass == hydra_options.try_password_reverse_login + hydra_options.try_null_password + hydra_options.try_password_same_as_login) + return hydra_send_next_pair(target_no, head_no); + } else { + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-Pp)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + snpdone = 1; + } + } + } + } else { // loop_mode == 1 + if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + if (hydra_targets[target_no]->pass_state == 0) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); + else + hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; + } else if (hydra_targets[target_no]->pass_state == 1) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); + else + hydra_heads[head_no]->current_pass_ptr = empty_login; + } else if (hydra_targets[target_no]->pass_state == 2) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); + else + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + } else { + if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 + && hydra_heads[head_no]->current_pass_ptr != NULL && + strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); + } + hydra_targets[target_no]->login_no++; + snpdone = 1; + + if (hydra_targets[target_no]->login_no >= hydra_brains.countlogin) { + if (hydra_targets[target_no]->pass_state < 3) { + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 1 && hydra_options.try_null_password == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 2 && hydra_options.try_password_reverse_login == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 3) + snpdont = 1; + hydra_targets[target_no]->pass_no++; + } + + if (hydra_targets[target_no]->pass_state == 3) { + if (snpdont) { + hydra_targets[target_no]->pass_ptr = pass_ptr; + } else { + if ((hydra_options.mode & 4) == 4) { // bfg mode +#ifndef HAVE_MATH_H + sleep(1); +#else + hydra_targets[target_no]->pass_ptr = bf_next(); + if (debug) + printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); +#endif + } else { // -p -P mode + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + hydra_targets[target_no]->pass_no++; + } + } + + hydra_targets[target_no]->login_no = 0; + hydra_targets[target_no]->login_ptr = login_ptr; + } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { + if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) + || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (1)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + } + } + } + + if (debug) + printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); + + // no pair? then we go for redo state + if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { + if (debug) + printf("[DEBUG] Entering redo_state\n"); + hydra_targets[target_no]->redo_state++; + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + + if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { + fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); + if (hydra_targets[target_no]->use_count <= 1) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); + } + } + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(head_no, 1, 0); // otherwise done in main while loop + } else { + if (hydra_targets[target_no]->skipcnt > 0) { + snpj = 0; + for (snpi = 0; snpi < hydra_targets[target_no]->skipcnt && snpj == 0; snpi++) + if (strcmp(hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi]) == 0) + snpj = 1; + if (snpj) { + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + if (debug) + printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); + // only if -l/L -p/P with -u and if loginptr was not justed increased + if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) + // increase login_ptr to next + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // add count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // reset password list + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + } + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + + memset(&snpbuf, 0, sizeof(snpbuf)); + strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); + if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) + snpbuflen = MAXLINESIZE - 2; + else + snpbuflen = strlen(hydra_heads[head_no]->current_login_ptr) + 1; + strncpy(snpbuf + snpbuflen, hydra_heads[head_no]->current_pass_ptr, MAXLINESIZE - snpbuflen - 1); + if (strlen(hydra_heads[head_no]->current_pass_ptr) > MAXLINESIZE - snpbuflen - 1) + snpbuflen += MAXLINESIZE - snpbuflen - 1; + else + snpbuflen += strlen(hydra_heads[head_no]->current_pass_ptr) + 1; + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } else if (debug) + printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, snp_is_redo); + //hydra_dump_data(snpbuf, snpbuflen, "SENT"); + fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); + if (fck < snpbuflen) { + if (verbose) + fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); + hydra_increase_fail_count(target_no, head_no); + loop_cnt = 0; + return 0; // not prevent disabling it, if its needed its already done in the above line + } + if (debug || hydra_options.showAttempt) { + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", + hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, + hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); } loop_cnt = 0; - return -1; + return 0; + } + loop_cnt = 0; + return -1; } void hydra_skip_user(int target_no, char *username) { - int i; - - if (username == NULL || *username == 0) - return; - - // double check - for (i = 0; i < hydra_targets[target_no]->skipcnt; i++) - if (strcmp(username, hydra_targets[target_no]->skiplogin[i]) == 0) - return; - - if (hydra_targets[target_no]->skipcnt < SKIPLOGIN && (hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt] = malloc(strlen(username) + 1)) != NULL) { - strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); - hydra_targets[target_no]->skipcnt++; - } - if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { - if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { - if (debug) - printf("[DEBUG] skipping username %s\n", username); - // increase count - hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; - // step to next login - hydra_targets[target_no]->login_no++; - if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { - hydra_targets[target_no]->login_ptr++; - while (*hydra_targets[target_no]->login_ptr != 0) - hydra_targets[target_no]->login_ptr++; - hydra_targets[target_no]->login_ptr++; - } - // reset password state - hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->pass_no = 0; - hydra_targets[target_no]->pass_state = 0; - } + int i; + + if (username == NULL || *username == 0) + return; + + // double check + for (i = 0; i < hydra_targets[target_no]->skipcnt; i++) + if (strcmp(username, hydra_targets[target_no]->skiplogin[i]) == 0) + return; + + if (hydra_targets[target_no]->skipcnt < SKIPLOGIN && (hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt] = malloc(strlen(username) + 1)) != NULL) { + strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); + hydra_targets[target_no]->skipcnt++; + } + if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { + if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { + if (debug) + printf("[DEBUG] skipping username %s\n", username); + // increase count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // step to next login + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // reset password state + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; } + } } int hydra_check_for_exit_condition() { - int i, k = 0; - - if (hydra_brains.exit) { - if (debug) - printf("[DEBUG] exit was forced\n"); - return -1; + int i, k = 0; + + if (hydra_brains.exit) { + if (debug) + printf("[DEBUG] exit was forced\n"); + return -1; + } + if (hydra_brains.targets <= hydra_brains.finished && hydra_brains.active < 1) { + if (debug) + printf("[DEBUG] all targets done and all heads finished\n"); + return 1; + } + if (hydra_brains.active < 1) { + // no head active?! check if they are all disabled, if so, we are done + for (i = 0; i < hydra_options.max_use && k == 0; i++) + if (hydra_heads[i]->active >= 0) + k = 1; + if (k == 0) { + fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); + return -1; } - if (hydra_brains.targets <= hydra_brains.finished && hydra_brains.active < 1) { - if (debug) - printf("[DEBUG] all targets done and all heads finished\n"); - return 1; - } - if (hydra_brains.active < 1) { - // no head active?! check if they are all disabled, if so, we are done - for (i = 0; i < hydra_options.max_use && k == 0; i++) - if (hydra_heads[i]->active >= 0) - k = 1; - if (k == 0) { - fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); - return -1; - } - } - return 0; + } + return 0; } int hydra_select_target() { - int target_no = -1, i, j = -1000; - - for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == 0) - if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { - target_no = i; - j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; - } - return target_no; + int target_no = -1, i, j = -1000; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == 0) + if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { + target_no = i; + j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; + } + return target_no; } int main(int argc, char *argv[]) { - char *proxy_string = NULL, *device = NULL, *memcheck; - FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; - size_t countinfile = 1, sizeinfile = 0; - unsigned long int math2; - int i = 0, j = 0, k, error = 0, modusage = 0; - int head_no = 0, target_no = 0, exit_condition = 0, readres; - time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; - char *tmpptr, *tmpptr2; - char rc, buf[MAXBUF]; - fd_set fdreadheads; - int max_fd; - struct addrinfo hints, *res, *p; - struct sockaddr_in6 *ipv6 = NULL; - struct sockaddr_in *ipv4 = NULL; - - printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); + char *proxy_string = NULL, *device = NULL, *memcheck; + FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; + size_t countinfile = 1, sizeinfile = 0; + unsigned long int math2; + int i = 0, j = 0, k, error = 0, modusage = 0; + int head_no = 0, target_no = 0, exit_condition = 0, readres; + time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; + char *tmpptr, *tmpptr2; + char rc, buf[MAXBUF]; + fd_set fdreadheads; + int max_fd; + struct addrinfo hints, *res, *p; + struct sockaddr_in6 *ipv6 = NULL; + struct sockaddr_in *ipv4 = NULL; + + printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); #ifndef LIBPOSTGRES - SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); - strcat(unsupported, "postgres "); + SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); + strcat(unsupported, "postgres "); #endif #ifndef LIBSAPR3 - SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); - strcat(unsupported, "sapr3 "); + SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); + strcat(unsupported, "sapr3 "); #endif #ifndef LIBFIREBIRD - SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); - strcat(unsupported, "firebird "); + SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); + strcat(unsupported, "firebird "); #endif #ifndef LIBAFP - SERVICES = hydra_string_replace(SERVICES, "afp ", ""); - strcat(unsupported, "afp "); + SERVICES = hydra_string_replace(SERVICES, "afp ", ""); + strcat(unsupported, "afp "); #endif #ifndef LIBNCP - SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); - strcat(unsupported, "ncp "); + SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); + strcat(unsupported, "ncp "); #endif #ifndef LIBSSH - SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); - strcat(unsupported, "ssh "); - SERVICES = hydra_string_replace(SERVICES, "sshkey ", ""); - strcat(unsupported, "sshkey "); + SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); + strcat(unsupported, "ssh "); + SERVICES = hydra_string_replace(SERVICES, "sshkey ", ""); + strcat(unsupported, "sshkey "); #endif #ifndef LIBSVN - SERVICES = hydra_string_replace(SERVICES, "svn ", ""); - strcat(unsupported, "svn "); + SERVICES = hydra_string_replace(SERVICES, "svn ", ""); + strcat(unsupported, "svn "); #endif #ifndef LIBORACLE - SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); - strcat(unsupported, "oracle "); + SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); + strcat(unsupported, "oracle "); #endif #ifndef LIBMYSQLCLIENT - SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); - strcat(unsupported, "mysql5 "); + SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); + strcat(unsupported, "mysql5 "); #endif #ifndef LIBOPENSSL - // for ftps - SERVICES = hydra_string_replace(SERVICES, " ftps", ""); - // for pop3 - SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); - // for imap - SERVICES = hydra_string_replace(SERVICES, "imap[s]", "imap"); - // for smtp - SERVICES = hydra_string_replace(SERVICES, "smtp[s]", "smtp"); - // for telnet - SERVICES = hydra_string_replace(SERVICES, "telnet[s]", "telnet"); - // for http[s]-{head|get} - SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); - // for http[s]-{get|post}-form - SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); - // for ldap3 - SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); - // for sip - SERVICES = hydra_string_replace(SERVICES, " sip", ""); - // for rdp - SERVICES = hydra_string_replace(SERVICES, " rdp", ""); - // for oracle-listener - SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); - // general - SERVICES = hydra_string_replace(SERVICES, "[s]", ""); - // for oracle-sid - SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); - strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); + // for ftps + SERVICES = hydra_string_replace(SERVICES, " ftps", ""); + // for pop3 + SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); + // for imap + SERVICES = hydra_string_replace(SERVICES, "imap[s]", "imap"); + // for smtp + SERVICES = hydra_string_replace(SERVICES, "smtp[s]", "smtp"); + // for telnet + SERVICES = hydra_string_replace(SERVICES, "telnet[s]", "telnet"); + // for http[s]-{head|get} + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for http[s]-{get|post}-form + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for ldap3 + SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); + // for sip + SERVICES = hydra_string_replace(SERVICES, " sip", ""); + // for rdp + SERVICES = hydra_string_replace(SERVICES, " rdp", ""); + // for oracle-listener + SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); + // general + SERVICES = hydra_string_replace(SERVICES, "[s]", ""); + // for oracle-sid + SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); + strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif #ifndef HAVE_MATH_H - if (strlen(unsupported) > 0) - strcat(unsupported, "and "); - strcat(unsupported, "password bruteforce generation "); + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "password bruteforce generation "); #endif #ifndef HAVE_PCRE - if (strlen(unsupported) > 0) - strcat(unsupported, "and "); - strcat(unsupported, "regex support "); + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "regex support "); #endif - - (void) setvbuf(stdout, NULL, _IONBF, 0); - (void) setvbuf(stderr, NULL, _IONBF, 0); - // set defaults - memset(&hydra_options, 0, sizeof(hydra_options)); - memset(&hydra_brains, 0, sizeof(hydra_brains)); - prg = argv[0]; - hydra_options.debug = debug = 0; - hydra_options.verbose = verbose = 0; - found = 0; - use_proxy = 0; - proxy_string_ip[0] = 0; - proxy_string_port = 0; - strcpy(proxy_string_type, "connect"); - proxy_authentication = cmdlinetarget = NULL; - hydra_options.login = NULL; - hydra_options.loginfile = NULL; - hydra_options.pass = NULL; - hydra_options.passfile = NULL; - hydra_options.tasks = TASKS; - hydra_options.max_use = MAXTASKS; - hydra_brains.ofp = stdout; - hydra_brains.targets = 1; - hydra_options.waittime = waittime = WAITTIME; - - // command line processing - if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) - help(1); - if (argc < 2) - help(0); - while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { - switch (i) { - case 'h': - help(1); - break; - case 'q': - quiet = 1; - break; - case 'O': - old_ssl = 1; - break; - case 'u': - hydra_options.loop_mode = 1; - break; - case '6': - prefer_ipv6 = 1; - break; - case '4': - prefer_ipv6 = 0; - break; - case 'R': - hydra_options.restore = 1; - break; - case 'd': - hydra_options.debug = debug = 1; - ++verbose; - break; - case 'e': - i = 0; - while (i < strlen(optarg)) { - switch (optarg[i]) { - case 'r': - hydra_options.try_password_reverse_login = 1; - hydra_options.mode = hydra_options.mode | 8; - break; - case 'n': - hydra_options.try_null_password = 1; - hydra_options.mode = hydra_options.mode | 16; - break; - case 's': - hydra_options.try_password_same_as_login = 1; - hydra_options.mode = hydra_options.mode | 32; - break; - default: - fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); - exit(-1); - } - i++; - } - break; - case 'v': - hydra_options.verbose = verbose = 1; - break; - case 'V': - hydra_options.showAttempt = 1; - break; - case 'l': - hydra_options.login = optarg; - break; - case 'L': - hydra_options.loginfile = optarg; - hydra_options.mode = hydra_options.mode | 2; - break; - case 'p': - hydra_options.pass = optarg; - break; - case 'P': - hydra_options.passfile = optarg; - hydra_options.mode = hydra_options.mode | 1; - break; - case 'f': - hydra_options.exit_found = 1; - break; - case 'F': - hydra_options.exit_found = 2; - break; - case 'o': - hydra_options.outfile_ptr = optarg; - // colored_output = 0; - break; - case 'M': - hydra_options.infile_ptr = optarg; - break; - case 'C': - hydra_options.colonfile = optarg; - hydra_options.mode = 64; - break; - case 'm': - hydra_options.miscptr = optarg; - break; - case 'w': - hydra_options.waittime = waittime = atoi(optarg); - if (waittime < 1) { - fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); - exit(-1); - } else if (waittime < 5) - fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); - break; - case 'W': - hydra_options.conwait = conwait = atoi(optarg); - break; - case 's': - hydra_options.port = port = atoi(optarg); - break; - case 'S': + + (void) setvbuf(stdout, NULL, _IONBF, 0); + (void) setvbuf(stderr, NULL, _IONBF, 0); + // set defaults + memset(&hydra_options, 0, sizeof(hydra_options)); + memset(&hydra_brains, 0, sizeof(hydra_brains)); + prg = argv[0]; + hydra_options.debug = debug = 0; + hydra_options.verbose = verbose = 0; + found = 0; + use_proxy = 0; + proxy_string_ip[0] = 0; + proxy_string_port = 0; + strcpy(proxy_string_type, "connect"); + proxy_authentication = cmdlinetarget = NULL; + hydra_options.login = NULL; + hydra_options.loginfile = NULL; + hydra_options.pass = NULL; + hydra_options.passfile = NULL; + hydra_options.tasks = TASKS; + hydra_options.max_use = MAXTASKS; + hydra_brains.ofp = stdout; + hydra_brains.targets = 1; + hydra_options.waittime = waittime = WAITTIME; + + // command line processing + if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) + help(1); + if (argc < 2) + help(0); + while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { + switch (i) { + case 'h': + help(1); + break; + case 'q': + quiet = 1; + break; + case 'O': + old_ssl = 1; + break; + case 'u': + hydra_options.loop_mode = 1; + break; + case '6': + prefer_ipv6 = 1; + break; + case '4': + prefer_ipv6 = 0; + break; + case 'R': + hydra_options.restore = 1; + break; + case 'd': + hydra_options.debug = debug = 1; + ++verbose; + break; + case 'e': + i = 0; + while (i < strlen(optarg)) { + switch (optarg[i]) { + case 'r': + hydra_options.try_password_reverse_login = 1; + hydra_options.mode = hydra_options.mode | 8; + break; + case 'n': + hydra_options.try_null_password = 1; + hydra_options.mode = hydra_options.mode | 16; + break; + case 's': + hydra_options.try_password_same_as_login = 1; + hydra_options.mode = hydra_options.mode | 32; + break; + default: + fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); + exit(-1); + } + i++; + } + break; + case 'v': + hydra_options.verbose = verbose = 1; + break; + case 'V': + hydra_options.showAttempt = 1; + break; + case 'l': + hydra_options.login = optarg; + break; + case 'L': + hydra_options.loginfile = optarg; + hydra_options.mode = hydra_options.mode | 2; + break; + case 'p': + hydra_options.pass = optarg; + break; + case 'P': + hydra_options.passfile = optarg; + hydra_options.mode = hydra_options.mode | 1; + break; + case 'f': + hydra_options.exit_found = 1; + break; + case 'F': + hydra_options.exit_found = 2; + break; + case 'o': + hydra_options.outfile_ptr = optarg; + // colored_output = 0; + break; + case 'M': + hydra_options.infile_ptr = optarg; + break; + case 'C': + hydra_options.colonfile = optarg; + hydra_options.mode = 64; + break; + case 'm': + hydra_options.miscptr = optarg; + break; + case 'w': + hydra_options.waittime = waittime = atoi(optarg); + if (waittime < 1) { + fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); + exit(-1); + } else if (waittime < 5) + fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); + break; + case 'W': + hydra_options.conwait = conwait = atoi(optarg); + break; + case 's': + hydra_options.port = port = atoi(optarg); + break; + case 'S': #ifndef LIBOPENSSL - fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); - hydra_options.ssl = 0; - break; + fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); + hydra_options.ssl = 0; + break; #else - hydra_options.ssl = 1; - break; + hydra_options.ssl = 1; + break; #endif - case 't': - hydra_options.tasks = atoi(optarg); - break; - case 'T': - hydra_options.max_use = atoi(optarg); - break; - case 'U': - modusage = 1; - break; - case 'x': + case 't': + hydra_options.tasks = atoi(optarg); + break; + case 'T': + hydra_options.max_use = atoi(optarg); + break; + case 'U': + modusage = 1; + break; + case 'x': #ifndef HAVE_MATH_H - fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); - exit(-1); + fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); + exit(-1); #else - if (strcmp(optarg, "-h") == 0) - help_bfg(); - bf_options.arg = optarg; - hydra_options.bfg = 1; - hydra_options.mode = hydra_options.mode | 4; - hydra_options.loop_mode = 1; - break; + if (strcmp(optarg, "-h") == 0) + help_bfg(); + bf_options.arg = optarg; + hydra_options.bfg = 1; + hydra_options.mode = hydra_options.mode | 4; + hydra_options.loop_mode = 1; + break; #endif - default: - exit(-1); - } + default: + exit(-1); } - - //check if output is redirected from the shell or in a file - if (colored_output && !isatty(fileno(stdout))) - colored_output = 0; - -#ifdef LIBNCURSES - //then check if the term is color enabled using ncurses lib - if (colored_output) { - if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { - colored_output = 0; - } - } -#else - //don't want border line effect so disabling color output - //if we are not sure about the term + } + + //check if output is redirected from the shell or in a file + if (colored_output && !isatty(fileno(stdout))) colored_output = 0; -#endif - - if (debug) - printf("[DEBUG] Ouput color flag is %d\n", colored_output); - - if (hydra_options.restore && argc > 2 + debug + verbose) - bail("no option may be supplied together with -R"); - - printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); - if (debug) { - printf("[DEBUG] cmdline: "); - for (i = 0; i < argc; i++) - printf("%s ", argv[i]); - printf("\n"); + +#ifdef LIBNCURSES + //then check if the term is color enabled using ncurses lib + if (colored_output) { + if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { + colored_output = 0; } - if (hydra_options.login != NULL && hydra_options.loginfile != NULL) - bail("You can only use -L OR -l, not both\n"); - if (hydra_options.pass != NULL && hydra_options.passfile != NULL) - bail("You can only use -P OR -p, not both\n"); - if (hydra_options.restore) { - hydra_restore_read(); - // stuff we have to copy from the non-restore part - if (strncmp(hydra_options.service, "http-", 5) == 0) { - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - } - } else { // normal mode, aka non-restore mode - if (hydra_options.colonfile) - hydra_options.loop_mode = 0; // just to be sure - if (hydra_options.infile_ptr != NULL) { - if (optind + 2 < argc) - bail("The -M FILE option can not be used together with a host on the commandline"); - if (optind + 1 > argc) - bail("You need to define a service to attack"); - if (optind + 2 == argc) - fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); - hydra_options.server = NULL; - hydra_options.service = argv[optind]; - if (optind + 2 == argc) - hydra_options.miscptr = argv[optind + 1]; - } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { - // check if targetdef follow syntax ://[:][/] or it's a syntax error - char *targetdef = strdup(argv[optind]); - char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; - - if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { - service_pos = strstr(targetdef, "://"); - if ((service_pos - targetdef) == 0) - bail("could not identify service"); - if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) - bail("could not alloc memory"); - strncpy(hydra_options.service, targetdef, service_pos - targetdef); - hydra_options.service[service_pos - targetdef] = 0; - target_pos = targetdef + (service_pos - targetdef + 3); - - if (*target_pos == '[') { - target_pos++; - if ((param_pos = index(target_pos, ']')) == NULL) - bail("no closing ']' found in target definition"); - *param_pos++ = 0; - if (*param_pos == ':') - port_pos = ++param_pos; - if ((param_pos = index(param_pos, '/')) != NULL) - *param_pos++ = 0; - } else { - port_pos = index(target_pos, ':'); - param_pos = index(target_pos, '/'); - if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) - port_pos = NULL; - if (port_pos != NULL) - *port_pos++ = 0; - if (param_pos != NULL) - *param_pos++ = 0; - if (port_pos != NULL && index(port_pos, ':') != NULL) { - if (prefer_ipv6) - bail("Illegal IPv6 target definition must be written within '[' ']'"); - else - bail("Illegal port definition"); - } - } - if (*target_pos == 0) - hydra_options.server = NULL; - else - hydra_options.server = target_pos; - if (port_pos != NULL) - hydra_options.port = port = atoi(port_pos); - if (param_pos != NULL) { - if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') - *--param_pos = '/'; - hydra_options.miscptr = param_pos; - } - //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); - if (debug) - printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); - } else { - hydra_options.server = NULL; - hydra_options.service = NULL; - - if (modusage) - hydra_options.service = targetdef; - else - help(0); - } - } else { - hydra_options.server = argv[optind]; - cmdlinetarget = argv[optind]; - hydra_options.service = argv[optind + 1]; - if (optind + 3 == argc) - hydra_options.miscptr = argv[optind + 2]; - } - - if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 - || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { - hydra_options.ssl = 1; - hydra_options.service[strlen(hydra_options.service) - 1] = 0; - } - - if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { - if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || - strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || - strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || - strcmp(hydra_options.service, "sapr3") == 0) { - fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); - proxy_string = NULL; - } - } - - /* here start the services */ - - if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 - || strcmp(hydra_options.service, "https") == 0) { - fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); - if (strcmp(hydra_options.service, "http") == 0) { - hydra_options.service = malloc(strlen("http-get") + 1); - strcpy(hydra_options.service, "http-get"); - } - if (strcmp(hydra_options.service, "https") == 0) { - hydra_options.service = malloc(strlen("https-get") + 1); - strcpy(hydra_options.service, "https-get"); - } - } - - if (strcmp(hydra_options.service, "http-form-get") == 0) - strcpy(hydra_options.service, "http-get-form"); - if (strcmp(hydra_options.service, "https-form-get") == 0) - strcpy(hydra_options.service, "https-get-form"); - if (strcmp(hydra_options.service, "http-form-post") == 0) - strcpy(hydra_options.service, "http-post-form"); - if (strcmp(hydra_options.service, "https-form-post") == 0) - strcpy(hydra_options.service, "https-post-form"); - - if (modusage == 1) - module_usage(); - - i = 0; - if (strcmp(hydra_options.service, "telnet") == 0) { - fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); - i = 1; - } - if (strcmp(hydra_options.service, "ftp") == 0) - i = 1; - if (strcmp(hydra_options.service, "ftps") == 0) { - fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); - i = 1; - } - if (strcmp(hydra_options.service, "pop3") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); - i = 1; - } - if (strcmp(hydra_options.service, "imap") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); - i = 1; - } - if (strcmp(hydra_options.service, "redis") == 0) - i = 2; - if (strcmp(hydra_options.service, "asterisk") == 0) - i = 1; - if (strcmp(hydra_options.service, "vmauthd") == 0) - i = 1; - if (strcmp(hydra_options.service, "rexec") == 0) - i = 1; - if (strcmp(hydra_options.service, "rlogin") == 0) - i = 1; - if (strcmp(hydra_options.service, "rsh") == 0) - i = 3; - if (strcmp(hydra_options.service, "nntp") == 0) - i = 1; - if (strcmp(hydra_options.service, "socks5") == 0) - i = 1; - if (strcmp(hydra_options.service, "icq") == 0) { - fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); - i = 1; - } - if (strcmp(hydra_options.service, "mysql") == 0) { - i = 1; - if (hydra_options.tasks > 4) { - fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); - hydra_options.tasks = 4; - } - } - if (strcmp(hydra_options.service, "mssql") == 0) - i = 1; - if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - i = 2; - hydra_options.service = malloc(strlen("oracle-listener") + 1); - strcpy(hydra_options.service, "oracle-listener"); - } - if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { - i = 3; - hydra_options.service = malloc(strlen("oracle-sid") + 1); - strcpy(hydra_options.service, "oracle-sid"); - } -#ifdef LIBORACLE - if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - i = 1; - hydra_options.service = malloc(strlen("oracle") + 1); - strcpy(hydra_options.service, "oracle"); - } -#endif - if (strcmp(hydra_options.service, "postgres") == 0) -#ifdef LIBPOSTGRES - i = 1; + } #else - bail("Compiled without LIBPOSTGRES support, module not available!"); + //don't want border line effect so disabling color output + //if we are not sure about the term + colored_output = 0; #endif - if (strcmp(hydra_options.service, "firebird") == 0) -#ifdef LIBFIREBIRD - i = 1; -#else - bail("Compiled without LIBFIREBIRD support, module not available!"); -#endif - if (strcmp(hydra_options.service, "afp") == 0) -#ifdef LIBAFP - i = 1; -#else - bail("Compiled without LIBAFP support, module not available!"); -#endif - if (strcmp(hydra_options.service, "svn") == 0) -#ifdef LIBSVN - i = 1; -#else - bail("Compiled without LIBSVN support, module not available!"); -#endif - if (strcmp(hydra_options.service, "ncp") == 0) -#ifdef LIBNCP - i = 1; -#else - bail("Compiled without LIBNCP support, module not available!"); -#endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - i = 1; - if (strcmp(hydra_options.service, "http-proxy") == 0) { - i = 1; - if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) - - bail("module option must start with http://"); - } - if (strcmp(hydra_options.service, "cvs") == 0) { - i = 1; - if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); - } - } - if (strcmp(hydra_options.service, "svn") == 0) { - i = 1; - if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); - } - } - if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { - if (hydra_options.tasks > 8) - fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); -#ifdef LIBSSH - i = 1; -#else - bail("Compiled without LIBSSH v0.4.x support, module is not available!"); -#endif - } - if (strcmp(hydra_options.service, "smtp") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); - i = 1; - } - if (strcmp(hydra_options.service, "smtp-enum") == 0) - i = 1; - if (strcmp(hydra_options.service, "teamspeak") == 0) - i = 1; - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { - if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); - hydra_options.tasks = 1; - } - i = 1; - } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { -#ifdef LIBOPENSSL - if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); - hydra_options.tasks = 1; - } - i = 1; -#endif - } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || - (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || - (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { -#ifndef LIBOPENSSL - bail("Compiled without OPENSSL support, module not available!"); -#endif - } - if (strcmp(hydra_options.service, "pcnfs") == 0) { - i = 1; - if (port == 0) - bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); - } - if (strcmp(hydra_options.service, "sapr3") == 0) { -#ifdef LIBSAPR3 - i = 1; - if (port == PORT_SAPR3) - bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); - if (port < 3200 || port > 3699) - fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); - if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) - bail("You must set the client ID (0-999) as an additional option or via -m"); -#else - bail("Compiled without LIBSAPR3 support, module not available!"); -#endif - } - if (strcmp(hydra_options.service, "cisco") == 0) { - i = 2; - if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); - } - if (strncmp(hydra_options.service, "snmpv", 5) == 0) { - hydra_options.service[4] = hydra_options.service[5]; - hydra_options.service[5] = 0; - } - if (strcmp(hydra_options.service, "snmp") == 0 || strcmp(hydra_options.service, "snmp1") == 0) { - hydra_options.service[4] = 0; - i = 2; - } - if (strcmp(hydra_options.service, "snmp2") == 0 || strcmp(hydra_options.service, "snmp3") == 0) { - if (hydra_options.miscptr == NULL) - hydra_options.miscptr = strdup(hydra_options.service + 4); - else { - tmpptr = malloc(strlen(hydra_options.miscptr) + 4); - strcpy(tmpptr, hydra_options.miscptr); - strcat(tmpptr, ":"); - strcat(tmpptr, hydra_options.service + 4); - hydra_options.miscptr = tmpptr; - } - hydra_options.service[4] = 0; - i = 2; - } - if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { - char *lptr; - - j = 1; - tmpptr = strdup(hydra_options.miscptr); - lptr = strtok(tmpptr, ":"); - while (lptr != NULL) { - i = 0; - if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { - i = 1; - j = lptr[0] - '0' + (j & 252); - } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) - i = 1; - else if (strcasecmp(lptr, "MD5") == 0) { - i = 1; - j = 4 + (j & 51); - } else if (strcasecmp(lptr, "SHA") == 0 || strcasecmp(lptr, "SHA1") == 0) { - i = 1; - j = 8 + (j & 51); - } else if (strcasecmp(lptr, "DES") == 0) { - i = 1; - j = 16 + (j & 15); - } else if (strcasecmp(lptr, "AES") == 0) { - i = 1; - j = 32 + (j & 15); - } - if (i == 0) { - fprintf(stderr, "[ERROR] unknown parameter in module option: %s\n", lptr); - exit(-1); - } - lptr = strtok(NULL, ":"); - } - i = 2; - if ((j & 3) < 3 && j > 2) - fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); - if ((j & 3) == 3) { - fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); - if (j >= 16) - bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); - if (hydra_options.colonfile == NULL - && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { - if (j > 3) { - fprintf(stderr, - "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); - exit(-1); - } - fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); - tmpptr = malloc(strlen(hydra_options.miscptr) + 8); - strcpy(tmpptr, hydra_options.miscptr); - strcat(tmpptr, ":"); - strcat(tmpptr, "PLAIN"); - hydra_options.miscptr = tmpptr; - } else { - i = 1; // snmpv3 with login+pass mode -#ifndef LIBOPENSSL - bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); -#endif - printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", - (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); - } - } - } - if (strcmp(hydra_options.service, "sip") == 0) { - if (hydra_options.miscptr == NULL) { - if (hydra_options.server != NULL) { - hydra_options.miscptr = hydra_options.server; - i = 1; - } else { - bail("The sip module does not work with multiple servers (-M)\n"); - } - } else { - i = 1; - } - } - if (strcmp(hydra_options.service, "ldap") == 0) { - bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); - } - if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { - i = 1; - if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) - || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) - bail("you may only use one of -l, -L or -m\n"); - if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); - if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { - i = 2; - } - } - if (strcmp(hydra_options.service, "ldap3-crammd5") == 0 || strcmp(hydra_options.service, "ldap3-digestmd5") == 0) { - i = 1; - if (hydra_options.login == NULL && hydra_options.loginfile == NULL) - bail("-l or -L option is required to specify the login\n"); - if (hydra_options.miscptr == NULL) - bail("-m option is required to specify the DN\n"); - } - // ADD NEW SERVICES HERE - if (strcmp(hydra_options.service, "rtsp") == 0) - i = 1; - if (strcmp(hydra_options.service, "s7-300") == 0) { - if (hydra_options.tasks > 8) { - fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); - hydra_options.tasks = 8; - } - i = 2; - } - if (strcmp(hydra_options.service, "cisco-enable") == 0) { - if (hydra_options.login != NULL || hydra_options.loginfile != NULL) - i = 1; // login will be the initial Username: login, or line Password: - else - i = 2; - if (hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); - if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); - } - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { - i = 4; - hydra_options.pass = empty_login; - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); - } - if (hydra_options.bfg || hydra_options.passfile != NULL) - bail("the http-proxy-urlenum does not need the -p/-P or -x option"); - } - if (strcmp(hydra_options.service, "vnc") == 0) { - i = 2; - if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); - } - if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { -#ifdef LIBOPENSSL - i = 1; - hydra_options.ssl = 1; - if (strcmp(hydra_options.service, "https-head") == 0) - strcpy(hydra_options.service, "http-head"); - else - strcpy(hydra_options.service, "http-get"); -#else - bail("Compiled without SSL support, module not available"); -#endif - } - if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { - i = 1; - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); - hydra_options.miscptr = malloc(2); - hydra_options.miscptr = "/"; - } - if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - if (strcmp(hydra_options.service, "http-head") == 0) - fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); - } - - if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 - || strcmp(hydra_options.service, "https-post-form") == 0) { - char bufferurl[1024], *url, *variables, *cond, *optional1; - - if (strncmp(hydra_options.service, "http-", 5) == 0) { - i = 1; - } else { // https -#ifdef LIBOPENSSL - i = 1; - hydra_options.ssl = 1; - if (strcmp(hydra_options.service, "https-post-form") == 0) - strcpy(hydra_options.service, "http-post-form"); - else - strcpy(hydra_options.service, "http-get-form"); -#else - bail("Compiled without SSL support, module not available"); -#endif - } - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); - hydra_options.miscptr = malloc(2); - hydra_options.miscptr = "/"; - } - //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); - if (hydra_options.miscptr[0] != '/') - bail("optional parameter must start with a '/' slash!\n"); - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - - if (strstr(hydra_options.miscptr, "\\:") != NULL) { - fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); - } else { - sprintf(bufferurl, "%.1000s", hydra_options.miscptr); - url = strtok(bufferurl, ":"); - variables = strtok(NULL, ":"); - cond = strtok(NULL, ":"); - optional1 = strtok(NULL, "\n"); - if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { - fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); - exit(-1); - } - if ((url == NULL) || (cond == NULL)) { - fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); - exit(-1); - } - while ((optional1 = strtok(NULL, ":")) != NULL) { - if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { - fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); - exit(-1); - } - switch (optional1[0]) { - case 'C': // fall through - case 'c': - if (optional1[1] != '=' || optional1[2] != '/') { - fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); - exit(-1); - } - break; - case 'H': // fall through - case 'h': - if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { - fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); - exit(-1); - } - break; - default: - fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); - } - } - } - } - - if (strcmp(hydra_options.service, "xmpp") == 0) - i = 1; - if (strcmp(hydra_options.service, "irc") == 0) - i = 1; - if (strcmp(hydra_options.service, "rdp") == 0) { - if (hydra_options.tasks > 4) - fprintf(stderr, - "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); - //if (hydra_options.tasks > 4) { - // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); - // hydra_options.tasks = 4; - //} - //if (conwait == 0) - // hydra_options.conwait = conwait = 1; - i = 1; - } - // ADD NEW SERVICES HERE - - if (i == 0) { - fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); - exit(-1); - } - if (port < 1 || port > 65535) { - if ((port = hydra_lookup_port(hydra_options.service)) < 1) { - fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); - exit(-1); - } - hydra_options.port = port; - } - - if (hydra_options.ssl == 0 && hydra_options.port == 443) - fprintf(stderr, - "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); - - if (hydra_options.loop_mode && hydra_options.colonfile != NULL) - bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); - if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) - fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); - if (i == 2) { - if (hydra_options.colonfile != NULL - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) - bail - ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); - if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { - hydra_options.pass = hydra_options.login; - hydra_options.passfile = hydra_options.loginfile; - } - hydra_options.login = empty_login; - hydra_options.loginfile = NULL; - } - if (i == 3) { - if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) - bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); - if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { - hydra_options.login = hydra_options.pass; - hydra_options.loginfile = hydra_options.passfile; - } - hydra_options.pass = empty_login; - hydra_options.passfile = NULL; - } - if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) - bail("I need at least either the -l or -L option to know the login"); - if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) - bail("I need at least either the -p, -P or -x option to have a password to try"); - if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) - bail("I need at least either the -l, -L or -C option to know the login"); - if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) - || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) - bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); - if ((hydra_options.bfg) - && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) - || (hydra_options.colonfile != NULL))) - bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); - if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 - && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { - // test if the service is smtp-enum as it could be used either with a login+pass or only a login - if (strstr(hydra_options.service, "smtp-enum") != NULL) - hydra_options.pass = empty_login; - else - bail("I need at least the -e, -p, -P or -x option to have some passwords!"); - } - if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { - fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); - exit(-1); - } - if (hydra_options.max_use > MAXTASKS) { - fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); - hydra_options.max_use = MAXTASKS; - } - - // script kiddie patch - if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) - fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); - - if (hydra_options.colonfile == NULL) { - if (hydra_options.loginfile != NULL) { - if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile); - exit(-1); - } - hydra_brains.countlogin = countlines(lfp, 0); - hydra_brains.sizelogin = size_of_data; - if (hydra_brains.countlogin == 0) { - fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile); - exit(-1); - } - if (hydra_brains.countlogin > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); - exit(-1); - } - if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); - exit(-1); - } - login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); - if (login_ptr == NULL) - bail("Could not allocate enough memory for login file data"); - memset(login_ptr, 0, hydra_brains.sizelogin + hydra_brains.countlogin + 8); - fill_mem(login_ptr, lfp, 0); - } else { - login_ptr = hydra_options.login; - hydra_brains.sizelogin = strlen(hydra_options.login) + 1; - hydra_brains.countlogin = 1; - } - if (hydra_options.passfile != NULL) { - if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile); - exit(-1); - } - hydra_brains.countpass = countlines(pfp, 0); - hydra_brains.sizepass = size_of_data; - if (hydra_brains.countpass == 0) { - fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile); - exit(-1); - } - if (hydra_brains.countpass > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); - exit(-1); - } - if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); - exit(-1); - } - pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); - if (pass_ptr == NULL) - bail("Could not allocate enough memory for password file data"); - memset(pass_ptr, 0, hydra_brains.sizepass + hydra_brains.countpass + 8); - fill_mem(pass_ptr, pfp, 0); - } else { - if (hydra_options.pass != NULL) { - pass_ptr = hydra_options.pass; - hydra_brains.countpass = 1; - hydra_brains.sizepass = strlen(hydra_options.pass) + 1; - } else { - if (hydra_options.bfg) { -#ifdef HAVE_MATH_H - if (bf_init(bf_options.arg)) - exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(); - hydra_brains.countpass += bf_get_pcount(); - hydra_brains.sizepass += BF_BUFLEN; -#else - sleep(1); -#endif - } else { - pass_ptr = hydra_options.pass = empty_login; - hydra_brains.countpass = 0; - hydra_brains.sizepass = 1; - } - } - } - } else { - if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile); - exit(-1); - } - hydra_brains.countlogin = countlines(cfp, 1); - hydra_brains.sizelogin = size_of_data; - if (hydra_brains.countlogin == 0) { - fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile); - exit(-1); - } - if (hydra_brains.countlogin > MAX_LINES / 2) { - fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); - exit(-1); - } - if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); - exit(-1); - } - csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); - if (csv_ptr == NULL) - bail("Could not allocate enough memory for colon file data"); - memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); - fill_mem(csv_ptr, cfp, 1); - //printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); - //hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); - hydra_brains.countpass = 1; - pass_ptr = login_ptr = csv_ptr; - while (*pass_ptr != 0) - pass_ptr++; - pass_ptr++; - } - - hydra_brains.countpass += hydra_options.try_password_reverse_login + hydra_options.try_password_same_as_login + hydra_options.try_null_password; - if ((memcheck = malloc(102400)) == NULL) { - fprintf(stderr, "[ERROR] your wordlist is too large, not enough memory!\n"); - exit(-1); - } - free(memcheck); - if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { - fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); - sleep(10); - fclose(rfp); - } - - if (hydra_options.infile_ptr != NULL) { - if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr); - exit(-1); - } - hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); - if (countinfile == 0) { - fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr); - exit(-1); - } - // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); - hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); - if (hydra_targets == NULL) - bail("Could not allocate enough memory for target data"); - sizeinfile = size_of_data; - if (countinfile > MAX_LINES / 1000) { - fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); - exit(-1); - } - if (sizeinfile > MAX_BYTES / 1000) { - fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); - exit(-1); - } - if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) - bail("Could not allocate enough memory for target file data"); - memset(servers_ptr, 0, sizeinfile + countservers + 8); - fill_mem(servers_ptr, ifp, 0); - sizeservers = sizeinfile; - tmpptr = servers_ptr; - for (i = 0; i < countinfile; i++) { - hydra_targets[i] = malloc(sizeof(hydra_target)); - memset(hydra_targets[i], 0, sizeof(hydra_target)); - if (*tmpptr == '[') { - tmpptr++; - hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(tmpptr, ']')) != NULL) { - *tmpptr2++ = 0; - tmpptr = tmpptr2; - } - } else - hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { - *tmpptr2++ = 0; - tmpptr = tmpptr2; - hydra_targets[i]->port = atoi(tmpptr2); - if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) - hydra_targets[i]->port = 0; - } - if (hydra_targets[i]->port == 0) - hydra_targets[i]->port = hydra_options.port; - while (*tmpptr != 0) - tmpptr++; - tmpptr++; - } - } else if (index(hydra_options.server, '/') != NULL) { - /* CIDR notation on command line, e.g. 192.168.0.0/24 */ - unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; - in_addr_t addr4; - struct sockaddr_in target; - - hydra_options.cidr = 1; - do_retry = 0; - if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { - fprintf(stderr, "Error: can not allocate memory\n"); - exit(-1); - } - strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); - *tmpptr2++ = 0; - if ((k = atoi(tmpptr2)) < 16 || k > 31) { - fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); - exit(-1); - } - if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { - fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); - exit(-1); - } - free(tmpptr); - l = 1 << (32 - k); - l--; - four_to = (addr4 | l); - l = 0xffffffff - l; - four_from = (addr4 & l); - l = 1 << (32 - k); - hydra_brains.targets = countservers = l; - hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); - if (hydra_targets == NULL) - bail("Could not allocate enough memory for target data"); - i = 0; - addr_cur = four_from; - while (addr_cur <= four_to && i < l) { - hydra_targets[i] = malloc(sizeof(hydra_target)); - memset(hydra_targets[i], 0, sizeof(hydra_target)); - addr_cur2 = htonl(addr_cur); - memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); - hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); - hydra_targets[i]->port = hydra_options.port; - addr_cur++; - i++; - } - if (verbose) - printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); - printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); - } else { // standard: single target on command line - countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(int) * 4); - hydra_targets[0] = malloc(sizeof(hydra_target)); - memset(hydra_targets[0], 0, sizeof(hydra_target)); - hydra_targets[0]->target = servers_ptr = hydra_options.server; - hydra_targets[0]->port = hydra_options.port; - sizeservers = strlen(hydra_options.server) + 1; - } - for (i = 0; i < hydra_brains.targets; i++) { - hydra_targets[i]->login_ptr = login_ptr; - hydra_targets[i]->pass_ptr = pass_ptr; - if (hydra_options.loop_mode) { - if (hydra_options.try_password_same_as_login) - hydra_targets[i]->pass_state = 0; - else if (hydra_options.try_null_password) { - hydra_targets[i]->pass_ptr = empty_login; - hydra_targets[i]->pass_state = 1; - } else if (hydra_options.try_password_reverse_login) - hydra_targets[i]->pass_state = 2; - else - hydra_targets[i]->pass_state = 3; - } - } - } // END OF restore == 0 - - if (getenv("HYDRA_PROXY") && use_proxy == 0) { - printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); - use_proxy = 2; + + if (debug) + printf("[DEBUG] Ouput color flag is %d\n", colored_output); + + if (hydra_options.restore && argc > 2 + debug + verbose) + bail("no option may be supplied together with -R"); + + printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (debug) { + printf("[DEBUG] cmdline: "); + for (i = 0; i < argc; i++) + printf("%s ", argv[i]); + printf("\n"); + } + if (hydra_options.login != NULL && hydra_options.loginfile != NULL) + bail("You can only use -L OR -l, not both\n"); + if (hydra_options.pass != NULL && hydra_options.passfile != NULL) + bail("You can only use -P OR -p, not both\n"); + if (hydra_options.restore) { + hydra_restore_read(); + // stuff we have to copy from the non-restore part + if (strncmp(hydra_options.service, "http-", 5) == 0) { + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } } - if (use_proxy == 1) - proxy_string = getenv("HYDRA_PROXY_HTTP"); - if (use_proxy == 2) - proxy_string = getenv("HYDRA_PROXY"); - if (proxy_string != NULL && proxy_string[0] != 0) { - if (strstr(proxy_string, "//") != NULL) { - char *dslash = strstr(proxy_string, "://"); - - if (dslash) { - proxy_string[dslash - proxy_string] = 0; - strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1); - proxy_string_type[sizeof(proxy_string_type) - 1] = 0; - } - - proxy_string = dslash; - proxy_string += 3; - } - if (proxy_string[strlen(proxy_string) - 1] == '/') - proxy_string[strlen(proxy_string) - 1] = 0; - if ((tmpptr = index(proxy_string, ':')) == NULL) - use_proxy = 0; - else { - *tmpptr = 0; - tmpptr++; - memset(&hints, 0, sizeof hints); - if ((device = index(proxy_string, '%')) != NULL) - *device++ = 0; - if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { - fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); - exit(-1); - } else { - for (p = res; p != NULL; p = p->ai_next) { -#ifdef AF_INET6 - if (p->ai_family == AF_INET6) { - if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; - } else -#endif - if (p->ai_family == AF_INET) { - if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; - } - } - freeaddrinfo(res); -#ifdef AF_INET6 - if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { - proxy_string_ip[0] = 16; - memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); - if (device != NULL && strlen(device) <= 16) - strcpy(proxy_string_ip + 17, device); - if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { - if (device == NULL) { - fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); - exit(-1); - } - } - } else -#endif - if (ipv4 != NULL) { - proxy_string_ip[0] = 4; - memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); - } else { - fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); - exit(-1); - } - } - proxy_string_port = atoi(tmpptr); - } - if (use_proxy == 0) - fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); - } else - use_proxy = 0; - if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { - if (index(tmpptr, ':') == NULL) { - fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); + } else { // normal mode, aka non-restore mode + if (hydra_options.colonfile) + hydra_options.loop_mode = 0; // just to be sure + if (hydra_options.infile_ptr != NULL) { + if (optind + 2 < argc) + bail("The -M FILE option can not be used together with a host on the commandline"); + if (optind + 1 > argc) + bail("You need to define a service to attack"); + if (optind + 2 == argc) + fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); + hydra_options.server = NULL; + hydra_options.service = argv[optind]; + if (optind + 2 == argc) + hydra_options.miscptr = argv[optind + 1]; + } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { + // check if targetdef follow syntax ://[:][/] or it's a syntax error + char *targetdef = strdup(argv[optind]); + char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; + + if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { + service_pos = strstr(targetdef, "://"); + if ((service_pos - targetdef) == 0) + bail("could not identify service"); + if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) + bail("could not alloc memory"); + strncpy(hydra_options.service, targetdef, service_pos - targetdef); + hydra_options.service[service_pos - targetdef] = 0; + target_pos = targetdef + (service_pos - targetdef + 3); + + if (*target_pos == '[') { + target_pos++; + if ((param_pos = index(target_pos, ']')) == NULL) + bail("no closing ']' found in target definition"); + *param_pos++ = 0; + if (*param_pos == ':') + port_pos = ++param_pos; + if ((param_pos = index(param_pos, '/')) != NULL) + *param_pos++ = 0; } else { - proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); - strcpy(proxy_authentication, tmpptr); - if (hydra_strcasestr(proxy_string_type, "socks") == NULL) - hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); + port_pos = index(target_pos, ':'); + param_pos = index(target_pos, '/'); + if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) + port_pos = NULL; + if (port_pos != NULL) + *port_pos++ = 0; + if (param_pos != NULL) + *param_pos++ = 0; + if (port_pos != NULL && index(port_pos, ':') != NULL) { + if (prefer_ipv6) + bail("Illegal IPv6 target definition must be written within '[' ']'"); + else + bail("Illegal port definition"); + } } - } - - if (hydra_options.restore == 0) { - if ((strcmp(hydra_options.service, "rsh") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) - math2 = hydra_brains.countlogin; + if (*target_pos == 0) + hydra_options.server = NULL; else - math2 = hydra_brains.countlogin * hydra_brains.countpass; - -#ifdef HAVE_MATH_H - if (hydra_options.bfg) { - math2 = hydra_brains.countlogin * bf_get_pcount(); + hydra_options.server = target_pos; + if (port_pos != NULL) + hydra_options.port = port = atoi(port_pos); + if (param_pos != NULL) { + if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') + *--param_pos = '/'; + hydra_options.miscptr = param_pos; } -#endif - - hydra_brains.todo = math2; - math2 = math2 * hydra_brains.targets; - hydra_brains.todo_all = math2; - if (hydra_brains.todo_all == 0) - bail("No login/password combination given!"); - if (hydra_brains.todo < hydra_options.tasks) { - if (verbose && hydra_options.tasks != TASKS) - printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); - hydra_options.tasks = hydra_brains.todo; - } - } - if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T - if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) - hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; - if (hydra_options.max_use > MAXTASKS) - hydra_options.max_use = MAXTASKS; - } - if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { - if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) - hydra_options.tasks = 1; - //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); - } else { - if (hydra_options.tasks > MAXTASKS) { - //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); - hydra_options.tasks = MAXTASKS; - } - } - // hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; - // if (hydra_options.max_use > MAXTASKS) - // hydra_options.max_use = MAXTASKS; - math2 = (hydra_brains.todo / hydra_options.tasks); - if (hydra_brains.todo % hydra_options.tasks) - math2++; - math2 = (math2 * hydra_brains.targets) / hydra_options.max_use; - // set options (bits!) - options = 0; - if (hydra_options.ssl) - options = options | OPTION_SSL; - if (hydra_options.colonfile != NULL) - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, - math2 == 1 ? "y" : "ies"); - else - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); - - printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); - - if (hydra_options.outfile_ptr != NULL) { - if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { - perror("[ERROR] Error creating outputfile"); - exit(-1); - } - fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), - hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); - for (i = 1; i < argc; i++) - fprintf(hydra_brains.ofp, " %s", argv[i]); - fprintf(hydra_brains.ofp, ")\n"); - } - // we have to flush all writeable buffered file pointers before forking - // set appropriate signals for mother - signal(SIGCHLD, killed_childs); - if (debug == 0) - signal(SIGTERM, kill_children); - if (debug == 0) { -#ifdef SIGBUS - signal(SIGBUS, kill_children); -#endif - signal(SIGSEGV, kill_children); - } - signal(SIGHUP, kill_children); - signal(SIGINT, kill_children); - signal(SIGPIPE, SIG_IGN); - if (verbose) - printf("[VERBOSE] Resolving addresses ... "); - if (debug) - printf("\n"); - for (i = 0; i < hydra_brains.targets; i++) { + //printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); if (debug) - printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); - memset(&hints, 0, sizeof(hints)); - ipv4 = NULL; -#ifdef AF_INET6 - ipv6 = NULL; - if ((device = index(hydra_targets[i]->target, '%')) != NULL) - *device++ = 0; -#endif - if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { - if (use_proxy == 0) { - if (verbose) - printf("[failed for %s] ", hydra_targets[i]->target); - else - fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; - hydra_brains.finished++; - } - } else { - for (p = res; p != NULL; p = p->ai_next) { -#ifdef AF_INET6 - if (p->ai_family == AF_INET6) { - if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; - } else -#endif - if (p->ai_family == AF_INET) { - if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; - } - } -#ifdef AF_INET6 - if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { - // IPV6 FIXME - if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { - fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", - hydra_targets[i]->target, hydra_options.service); - hydra_targets[i]->done = 3; - hydra_brains.finished++; - } else { - hydra_targets[i]->ip[0] = 16; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); - if (device != NULL && strlen(device) <= 16) - strcpy(&hydra_targets[i]->ip[17], device); - if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { - if (device == NULL) { - fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", - hydra_targets[i]->target); - exit(-1); - } - } - } - } else -#endif - if (ipv4 != NULL) { - hydra_targets[i]->ip[0] = 4; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); - } else { - if (verbose) - printf("[failed for %s] ", hydra_targets[i]->target); - else - fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; - hydra_brains.finished++; - } - freeaddrinfo(res); - } - } - if (verbose) - printf("done\n"); - if (hydra_brains.targets == 0) - bail("No server to scan!"); - -#ifndef SO_BINDTODEVICE - if (device != NULL) { - fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); - } -#endif - - if (hydra_options.restore == 0) { - hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); - target_no = 0; - for (i = 0; i < hydra_options.max_use; i++) { - hydra_heads[i] = malloc(sizeof(hydra_head)); - memset(hydra_heads[i], 0, sizeof(hydra_head)); - } - } - // here we call the init function of the relevant service module - // should we do the init centrally or should each child do that? - // that depends largely on the number of targets and maximum tasks - // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) - for (i = 0; i < hydra_brains.targets; i++) - hydra_service_init(i); - - starttime = elapsed_status = elapsed_restore = time(NULL); - fflush(stdout); - fflush(stderr); - fflush(hydra_brains.ofp); - - hydra_debug(0, "attack"); - process_restore = 1; - - // this is the big function which starts the attacking children, feeds login/password pairs, etc.! - while (exit_condition == 0) { - FD_ZERO(&fdreadheads); - for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { - if (hydra_heads[head_no]->active > 0) { - FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); - if (max_fd < hydra_heads[head_no]->sp[0]) - max_fd = hydra_heads[head_no]->sp[0]; - } - } - my_select(max_fd + 1, &fdreadheads, NULL, NULL, 0, 200000); - tmp_time = time(NULL); - - for (head_no = 0; head_no < hydra_options.max_use; head_no++) { - if (debug && hydra_heads[head_no]->active != -1) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); - switch (hydra_heads[head_no]->active) { - case -1: - // disabled head, ignored - break; - case 0: - if (hydra_heads[head_no]->redo) { - hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); - } else { - if (hydra_brains.targets > hydra_brains.finished) - hydra_heads[head_no]->target_no = hydra_select_target(); - else - hydra_heads[head_no]->target_no = -1; - if (debug) - printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); - if (hydra_heads[head_no]->target_no < 0) { - if (debug) printf("[DEBUG] hydra_select_target() reports no more targets left\n"); - hydra_kill_head(head_no, 0, 3); - } else - hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 - } - break; - case 1: - if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { - readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); - if (readres > 0) { - FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); - hydra_heads[head_no]->last_seen = tmp_time; - if (debug) - printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); - switch (rc) { - // Valid Results: - // n - mother says to itself that child requests next login/password pair - // N - child requests next login/password pair - // Q - child reports that it is quitting - // C - child reports connect error (and is quitting) - // E - child reports protocol error (and is quitting) - // f - child reports that the username does not exist - // F - child reports that it found a valid login/password pair - // and requests next pair. Sends login/pw pair with next msg! - case 'N': // head wants next pair - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - // no break here - case 'n': // mother sends this to itself initially - loop_cnt = 0; - if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) - hydra_kill_head(head_no, 1, 0); - break; - - case 'F': // valid password found - hydra_brains.found++; - if (colored_output) { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } else { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } - if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } - if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found - if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { - hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done - hydra_brains.finished++; - printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); - } - if (hydra_options.exit_found == 2) { - for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done == 0) { - hydra_targets[j]->done = 1; - hydra_brains.finished++; - } - } - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { - if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) - hydra_kill_head(j, 1, 0); // kill all heads working on the target - else - hydra_kill_head(j, 1, 2); // kill all heads working on the target - } - continue; - } - // fall through - case 'f': // username identified as invalid - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - memset(buf, 0, sizeof(buf)); - read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); - hydra_skip_user(hydra_heads[head_no]->target_no, buf); - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack - break; - - // we do not make a difference between 'C' and 'E' results - yet - case 'E': // head reports protocol error - case 'C': // head reports connect error - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); - if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); - } - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - break; - - case 'Q': // head reports its quitting - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); - if (debug) - printf("[DEBUG] child %d reported it quit\n", head_no); - hydra_kill_head(head_no, 1, 0); - break; - - default: - fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } - } - if (readres == -1) { - if (verbose) - fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } - } else { - if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { - // check if recover of timed-out head is necessary - if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { - if (kill(hydra_heads[head_no]->pid, 0) < 0) { - if (verbose) - fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } - } - // if we do not get to hear anything for a longer time assume its dead - if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { - if (verbose) - fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } - } - } - break; - default: - fprintf(stderr, "[ERROR] child %d in unknown state, restarting!\n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } - } - - usleep(USLEEP_LOOP); - (void) wait3(NULL, WNOHANG, NULL); - // write restore file and report status - if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { - hydra_restore_write(0); - elapsed_restore = time(NULL); - } - - if (time(NULL) - elapsed_status > status_print) { - elapsed_status = time(NULL); - tmp_time = elapsed_status - starttime; - if (tmp_time < 1) - tmp_time = 1; - tmp_time = hydra_brains.sent / tmp_time; - if (tmp_time < 1) - tmp_time = 1; - if (status_print < 15 * 59) - status_print = ((status_print + 1) * 2) - 1; - if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) - status_print = 299; - if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) - status_print = 59; - k = 0; - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0) - k++; - printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min - hydra_brains.sent, // tries - (long unsigned int) ((elapsed_status - starttime) / 3600), // hours - (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes - hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo - (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) / 3600, // hours - (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) % 3600) / 60) + 1, // min - k); - hydra_debug(0, "STATUS"); - } - - exit_condition = hydra_check_for_exit_condition(); - } - process_restore = 0; - if (debug) - printf("[DEBUG] while loop left with %d\n", exit_condition); - - j = k = error = 0; - for (i = 0; i < hydra_brains.targets; i++) - switch (hydra_targets[i]->done) { - case 3: - k++; - break; - case 2: - if (hydra_targets[i]->ok == 0) - k++; - else - error++; - break; - case 1: - break; - case 0: - if (hydra_targets[i]->ok == 0) - k++; - else - j++; - break; - default: - error++; - fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); - } - - if (debug) printf("[DEBUG] killing all remaining childs now that might be stuck\n"); - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) - hydra_kill_head(i, 1, 3); - (void) wait3(NULL, WNOHANG, NULL); - - printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", - hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); - if (error == 0 && j == 0) { - process_restore = 0; - unlink(RESTOREFILE); + printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); + } else { + hydra_options.server = NULL; + hydra_options.service = NULL; + + if (modusage) + hydra_options.service = targetdef; + else + help(0); + } } else { - if (hydra_options.cidr == 0) { - printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); - hydra_restore_write(1); + hydra_options.server = argv[optind]; + cmdlinetarget = argv[optind]; + hydra_options.service = argv[optind + 1]; + if (optind + 3 == argc) + hydra_options.miscptr = argv[optind + 2]; + } + + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 + || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { + hydra_options.ssl = 1; + hydra_options.service[strlen(hydra_options.service) - 1] = 0; + } + + if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { + if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || + strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || + strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || + strcmp(hydra_options.service, "sapr3") == 0) { + fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); + proxy_string = NULL; + } + } + + /* here start the services */ + + if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 + || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); + if (strcmp(hydra_options.service, "http") == 0) { + hydra_options.service = malloc(strlen("http-get") + 1); + strcpy(hydra_options.service, "http-get"); + } + if (strcmp(hydra_options.service, "https") == 0) { + hydra_options.service = malloc(strlen("https-get") + 1); + strcpy(hydra_options.service, "https-get"); + } + } + + if (strcmp(hydra_options.service, "http-form-get") == 0) + strcpy(hydra_options.service, "http-get-form"); + if (strcmp(hydra_options.service, "https-form-get") == 0) + strcpy(hydra_options.service, "https-get-form"); + if (strcmp(hydra_options.service, "http-form-post") == 0) + strcpy(hydra_options.service, "http-post-form"); + if (strcmp(hydra_options.service, "https-form-post") == 0) + strcpy(hydra_options.service, "https-post-form"); + + if (modusage == 1) + module_usage(); + + i = 0; + if (strcmp(hydra_options.service, "telnet") == 0) { + fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); + i = 1; + } + if (strcmp(hydra_options.service, "ftp") == 0) + i = 1; + if (strcmp(hydra_options.service, "ftps") == 0) { + fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); + i = 1; + } + if (strcmp(hydra_options.service, "pop3") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "imap") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "redis") == 0) + i = 2; + if (strcmp(hydra_options.service, "asterisk") == 0) + i = 1; + if (strcmp(hydra_options.service, "vmauthd") == 0) + i = 1; + if (strcmp(hydra_options.service, "rexec") == 0) + i = 1; + if (strcmp(hydra_options.service, "rlogin") == 0) + i = 1; + if (strcmp(hydra_options.service, "rsh") == 0) + i = 3; + if (strcmp(hydra_options.service, "nntp") == 0) + i = 1; + if (strcmp(hydra_options.service, "socks5") == 0) + i = 1; + if (strcmp(hydra_options.service, "icq") == 0) { + fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); + i = 1; + } + if (strcmp(hydra_options.service, "mysql") == 0) { + i = 1; + if (hydra_options.tasks > 4) { + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); + hydra_options.tasks = 4; + } + } + if (strcmp(hydra_options.service, "mssql") == 0) + i = 1; + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + i = 2; + hydra_options.service = malloc(strlen("oracle-listener") + 1); + strcpy(hydra_options.service, "oracle-listener"); + } + if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { + i = 3; + hydra_options.service = malloc(strlen("oracle-sid") + 1); + strcpy(hydra_options.service, "oracle-sid"); + } +#ifdef LIBORACLE + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + i = 1; + hydra_options.service = malloc(strlen("oracle") + 1); + strcpy(hydra_options.service, "oracle"); + } +#endif + if (strcmp(hydra_options.service, "postgres") == 0) +#ifdef LIBPOSTGRES + i = 1; +#else + bail("Compiled without LIBPOSTGRES support, module not available!"); +#endif + if (strcmp(hydra_options.service, "firebird") == 0) +#ifdef LIBFIREBIRD + i = 1; +#else + bail("Compiled without LIBFIREBIRD support, module not available!"); +#endif + if (strcmp(hydra_options.service, "afp") == 0) +#ifdef LIBAFP + i = 1; +#else + bail("Compiled without LIBAFP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "svn") == 0) +#ifdef LIBSVN + i = 1; +#else + bail("Compiled without LIBSVN support, module not available!"); +#endif + if (strcmp(hydra_options.service, "ncp") == 0) +#ifdef LIBNCP + i = 1; +#else + bail("Compiled without LIBNCP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + i = 1; + if (strcmp(hydra_options.service, "http-proxy") == 0) { + i = 1; + if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) + + bail("module option must start with http://"); + } + if (strcmp(hydra_options.service, "cvs") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); + } + } + if (strcmp(hydra_options.service, "svn") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); + } + } + if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { + if (hydra_options.tasks > 8) + fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); +#ifdef LIBSSH + i = 1; +#else + bail("Compiled without LIBSSH v0.4.x support, module is not available!"); +#endif + } + if (strcmp(hydra_options.service, "smtp") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "smtp-enum") == 0) + i = 1; + if (strcmp(hydra_options.service, "teamspeak") == 0) + i = 1; + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { +#ifdef LIBOPENSSL + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; +#endif + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || + (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || + (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { +#ifndef LIBOPENSSL + bail("Compiled without OPENSSL support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "pcnfs") == 0) { + i = 1; + if (port == 0) + bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); + } + if (strcmp(hydra_options.service, "sapr3") == 0) { +#ifdef LIBSAPR3 + i = 1; + if (port == PORT_SAPR3) + bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); + if (port < 3200 || port > 3699) + fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); + if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) + bail("You must set the client ID (0-999) as an additional option or via -m"); +#else + bail("Compiled without LIBSAPR3 support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "cisco") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); + } + if (strncmp(hydra_options.service, "snmpv", 5) == 0) { + hydra_options.service[4] = hydra_options.service[5]; + hydra_options.service[5] = 0; + } + if (strcmp(hydra_options.service, "snmp") == 0 || strcmp(hydra_options.service, "snmp1") == 0) { + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp2") == 0 || strcmp(hydra_options.service, "snmp3") == 0) { + if (hydra_options.miscptr == NULL) + hydra_options.miscptr = strdup(hydra_options.service + 4); + else { + tmpptr = malloc(strlen(hydra_options.miscptr) + 4); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, hydra_options.service + 4); + hydra_options.miscptr = tmpptr; + } + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { + char *lptr; + + j = 1; + tmpptr = strdup(hydra_options.miscptr); + lptr = strtok(tmpptr, ":"); + while (lptr != NULL) { + i = 0; + if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { + i = 1; + j = lptr[0] - '0' + (j & 252); + } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) + i = 1; + else if (strcasecmp(lptr, "MD5") == 0) { + i = 1; + j = 4 + (j & 51); + } else if (strcasecmp(lptr, "SHA") == 0 || strcasecmp(lptr, "SHA1") == 0) { + i = 1; + j = 8 + (j & 51); + } else if (strcasecmp(lptr, "DES") == 0) { + i = 1; + j = 16 + (j & 15); + } else if (strcasecmp(lptr, "AES") == 0) { + i = 1; + j = 32 + (j & 15); } + if (i == 0) { + fprintf(stderr, "[ERROR] unknown parameter in module option: %s\n", lptr); + exit(-1); + } + lptr = strtok(NULL, ":"); + } + i = 2; + if ((j & 3) < 3 && j > 2) + fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); + if ((j & 3) == 3) { + fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); + if (j >= 16) + bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); + if (hydra_options.colonfile == NULL + && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { + if (j > 3) { + fprintf(stderr, + "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); + exit(-1); + } + fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); + tmpptr = malloc(strlen(hydra_options.miscptr) + 8); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, "PLAIN"); + hydra_options.miscptr = tmpptr; + } else { + i = 1; // snmpv3 with login+pass mode +#ifndef LIBOPENSSL + bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); +#endif + printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", + (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); + } + } } - if (error) { - fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); - error = 1; + if (strcmp(hydra_options.service, "sip") == 0) { + if (hydra_options.miscptr == NULL) { + if (hydra_options.server != NULL) { + hydra_options.miscptr = hydra_options.server; + i = 1; + } else { + bail("The sip module does not work with multiple servers (-M)\n"); + } + } else { + i = 1; + } } - if (k) { - fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); - error = 1; + if (strcmp(hydra_options.service, "ldap") == 0) { + bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); } - if (j) { - fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); - error = 1; + if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { + i = 1; + if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) + || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) + bail("you may only use one of -l, -L or -m\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) + fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { + i = 2; + } } - // yeah we did it - printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); - if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) - fclose(hydra_brains.ofp); - - fflush(NULL); - if (error || j || exit_condition < 0) - return -1; + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0 || strcmp(hydra_options.service, "ldap3-digestmd5") == 0) { + i = 1; + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("-l or -L option is required to specify the login\n"); + if (hydra_options.miscptr == NULL) + bail("-m option is required to specify the DN\n"); + } + // ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "rtsp") == 0) + i = 1; + if (strcmp(hydra_options.service, "s7-300") == 0) { + if (hydra_options.tasks > 8) { + fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); + hydra_options.tasks = 8; + } + i = 2; + } + if (strcmp(hydra_options.service, "cisco-enable") == 0) { + if (hydra_options.login != NULL || hydra_options.loginfile != NULL) + i = 1; // login will be the initial Username: login, or line Password: + else + i = 2; + if (hydra_options.miscptr == NULL) + fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); + } + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { + i = 4; + hydra_options.pass = empty_login; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); + } + if (hydra_options.bfg || hydra_options.passfile != NULL) + bail("the http-proxy-urlenum does not need the -p/-P or -x option"); + } + if (strcmp(hydra_options.service, "vnc") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); + } + if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-head") == 0) + strcpy(hydra_options.service, "http-head"); + else + strcpy(hydra_options.service, "http-get"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { + i = 1; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + if (strcmp(hydra_options.service, "http-head") == 0) + fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); + } + + if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 + || strcmp(hydra_options.service, "https-post-form") == 0) { + char bufferurl[1024], *url, *variables, *cond, *optional1; + + if (strncmp(hydra_options.service, "http-", 5) == 0) { + i = 1; + } else { // https +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-post-form") == 0) + strcpy(hydra_options.service, "http-post-form"); + else + strcpy(hydra_options.service, "http-get-form"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (hydra_options.miscptr[0] != '/') + bail("optional parameter must start with a '/' slash!\n"); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + + if (strstr(hydra_options.miscptr, "\\:") != NULL) { + fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); + } else { + sprintf(bufferurl, "%.1000s", hydra_options.miscptr); + url = strtok(bufferurl, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { + fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); + exit(-1); + } + if ((url == NULL) || (cond == NULL)) { + fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); + exit(-1); + } + while ((optional1 = strtok(NULL, ":")) != NULL) { + if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { + fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + exit(-1); + } + switch (optional1[0]) { + case 'C': // fall through + case 'c': + if (optional1[1] != '=' || optional1[2] != '/') { + fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); + exit(-1); + } + break; + case 'H': // fall through + case 'h': + if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { + fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); + exit(-1); + } + break; + default: + fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); + } + } + } + } + + if (strcmp(hydra_options.service, "xmpp") == 0) + i = 1; + if (strcmp(hydra_options.service, "irc") == 0) + i = 1; + if (strcmp(hydra_options.service, "rdp") == 0) { + if (hydra_options.tasks > 4) + fprintf(stderr, + "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); + //if (hydra_options.tasks > 4) { + // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); + // hydra_options.tasks = 4; + //} + //if (conwait == 0) + // hydra_options.conwait = conwait = 1; + i = 1; + } + // ADD NEW SERVICES HERE + + + if (i == 0) { + fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); + exit(-1); + } + if (port < 1 || port > 65535) { + if ((port = hydra_lookup_port(hydra_options.service)) < 1) { + fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); + exit(-1); + } + hydra_options.port = port; + } + + if (hydra_options.ssl == 0 && hydra_options.port == 443) + fprintf(stderr, + "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); + + if (hydra_options.loop_mode && hydra_options.colonfile != NULL) + bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); + if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) + fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); + if (i == 2) { + if (hydra_options.colonfile != NULL + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) + bail + ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); + if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { + hydra_options.pass = hydra_options.login; + hydra_options.passfile = hydra_options.loginfile; + } + hydra_options.login = empty_login; + hydra_options.loginfile = NULL; + } + if (i == 3) { + if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) + bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); + if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { + hydra_options.login = hydra_options.pass; + hydra_options.loginfile = hydra_options.passfile; + } + hydra_options.pass = empty_login; + hydra_options.passfile = NULL; + } + if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("I need at least either the -l or -L option to know the login"); + if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) + bail("I need at least either the -p, -P or -x option to have a password to try"); + if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) + bail("I need at least either the -l, -L or -C option to know the login"); + if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) + || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) + bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); + if ((hydra_options.bfg) + && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) + || (hydra_options.colonfile != NULL))) + bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); + if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 + && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { + // test if the service is smtp-enum as it could be used either with a login+pass or only a login + if (strstr(hydra_options.service, "smtp-enum") != NULL) + hydra_options.pass = empty_login; + else + bail("I need at least the -e, -p, -P or -x option to have some passwords!"); + } + if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { + fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); + exit(-1); + } + if (hydra_options.max_use > MAXTASKS) { + fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.max_use = MAXTASKS; + } + // script kiddie patch + if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) + fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); + + if (hydra_options.colonfile == NULL) { + if (hydra_options.loginfile != NULL) { + if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile); + exit(-1); + } + hydra_brains.countlogin = countlines(lfp, 0); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) { + fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile); + exit(-1); + } + if (hydra_brains.countlogin > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + if (login_ptr == NULL) + bail("Could not allocate enough memory for login file data"); + memset(login_ptr, 0, hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fill_mem(login_ptr, lfp, 0); + } else { + login_ptr = hydra_options.login; + hydra_brains.sizelogin = strlen(hydra_options.login) + 1; + hydra_brains.countlogin = 1; + } + if (hydra_options.passfile != NULL) { + if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile); + exit(-1); + } + hydra_brains.countpass = countlines(pfp, 0); + hydra_brains.sizepass = size_of_data; + if (hydra_brains.countpass == 0) { + fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile); + exit(-1); + } + if (hydra_brains.countpass > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); + exit(-1); + } + if (hydra_brains.sizepass > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); + exit(-1); + } + pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + if (pass_ptr == NULL) + bail("Could not allocate enough memory for password file data"); + memset(pass_ptr, 0, hydra_brains.sizepass + hydra_brains.countpass + 8); + fill_mem(pass_ptr, pfp, 0); + } else { + if (hydra_options.pass != NULL) { + pass_ptr = hydra_options.pass; + hydra_brains.countpass = 1; + hydra_brains.sizepass = strlen(hydra_options.pass) + 1; + } else { + if (hydra_options.bfg) { +#ifdef HAVE_MATH_H + if (bf_init(bf_options.arg)) + exit(-1); // error description is handled by bf_init + pass_ptr = bf_next(); + hydra_brains.countpass += bf_get_pcount(); + hydra_brains.sizepass += BF_BUFLEN; +#else + sleep(1); +#endif + } else { + pass_ptr = hydra_options.pass = empty_login; + hydra_brains.countpass = 0; + hydra_brains.sizepass = 1; + } + } + } + } else { + if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile); + exit(-1); + } + hydra_brains.countlogin = countlines(cfp, 1); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) { + fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile); + exit(-1); + } + if (hydra_brains.countlogin > MAX_LINES / 2) { + fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES / 2) { + fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + if (csv_ptr == NULL) + bail("Could not allocate enough memory for colon file data"); + memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + fill_mem(csv_ptr, cfp, 1); + //printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); + //hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); + hydra_brains.countpass = 1; + pass_ptr = login_ptr = csv_ptr; + while (*pass_ptr != 0) + pass_ptr++; + pass_ptr++; + } + + hydra_brains.countpass += hydra_options.try_password_reverse_login + hydra_options.try_password_same_as_login + hydra_options.try_null_password; + if ((memcheck = malloc(102400)) == NULL) { + fprintf(stderr, "[ERROR] your wordlist is too large, not enough memory!\n"); + exit(-1); + } + free(memcheck); + if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { + fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); + sleep(10); + fclose(rfp); + } + + if (hydra_options.infile_ptr != NULL) { + if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { + fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr); + exit(-1); + } + hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); + if (countinfile == 0) { + fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr); + exit(-1); + } + // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); + hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + sizeinfile = size_of_data; + if (countinfile > MAX_LINES / 1000) { + fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); + exit(-1); + } + if (sizeinfile > MAX_BYTES / 1000) { + fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); + exit(-1); + } + if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) + bail("Could not allocate enough memory for target file data"); + memset(servers_ptr, 0, sizeinfile + countservers + 8); + fill_mem(servers_ptr, ifp, 0); + sizeservers = sizeinfile; + tmpptr = servers_ptr; + for (i = 0; i < countinfile; i++) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + if (*tmpptr == '[') { + tmpptr++; + hydra_targets[i]->target = tmpptr; + if ((tmpptr2 = index(tmpptr, ']')) != NULL) { + *tmpptr2++ = 0; + tmpptr = tmpptr2; + } + } else + hydra_targets[i]->target = tmpptr; + if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { + *tmpptr2++ = 0; + tmpptr = tmpptr2; + hydra_targets[i]->port = atoi(tmpptr2); + if (hydra_targets[i]->port < 1 || hydra_targets[i]->port > 65535) + hydra_targets[i]->port = 0; + } + if (hydra_targets[i]->port == 0) + hydra_targets[i]->port = hydra_options.port; + while (*tmpptr != 0) + tmpptr++; + tmpptr++; + } + } else if (index(hydra_options.server, '/') != NULL) { + /* CIDR notation on command line, e.g. 192.168.0.0/24 */ + unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; + in_addr_t addr4; + struct sockaddr_in target; + + hydra_options.cidr = 1; + do_retry = 0; + if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { + fprintf(stderr, "Error: can not allocate memory\n"); + exit(-1); + } + strcpy(tmpptr, hydra_options.server); + tmpptr2 = index(tmpptr, '/'); + *tmpptr2++ = 0; + if ((k = atoi(tmpptr2)) < 16 || k > 31) { + fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); + exit(-1); + } + if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { + fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); + exit(-1); + } + free(tmpptr); + l = 1 << (32 - k); + l--; + four_to = (addr4 | l); + l = 0xffffffff - l; + four_from = (addr4 & l); + l = 1 << (32 - k); + hydra_brains.targets = countservers = l; + hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + i = 0; + addr_cur = four_from; + while (addr_cur <= four_to && i < l) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + addr_cur2 = htonl(addr_cur); + memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); + hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); + hydra_targets[i]->port = hydra_options.port; + addr_cur++; + i++; + } + if (verbose) + printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); + printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); + } else { // standard: single target on command line + countservers = hydra_brains.targets = 1; + hydra_targets = malloc(sizeof(int) * 4); + hydra_targets[0] = malloc(sizeof(hydra_target)); + memset(hydra_targets[0], 0, sizeof(hydra_target)); + hydra_targets[0]->target = servers_ptr = hydra_options.server; + hydra_targets[0]->port = hydra_options.port; + sizeservers = strlen(hydra_options.server) + 1; + } + for (i = 0; i < hydra_brains.targets; i++) { + hydra_targets[i]->login_ptr = login_ptr; + hydra_targets[i]->pass_ptr = pass_ptr; + if (hydra_options.loop_mode) { + if (hydra_options.try_password_same_as_login) + hydra_targets[i]->pass_state = 0; + else if (hydra_options.try_null_password) { + hydra_targets[i]->pass_ptr = empty_login; + hydra_targets[i]->pass_state = 1; + } else if (hydra_options.try_password_reverse_login) + hydra_targets[i]->pass_state = 2; + else + hydra_targets[i]->pass_state = 3; + } + } + } // END OF restore == 0 + + if (getenv("HYDRA_PROXY") && use_proxy == 0) { + printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); + use_proxy = 2; + } + if (use_proxy == 1) + proxy_string = getenv("HYDRA_PROXY_HTTP"); + if (use_proxy == 2) + proxy_string = getenv("HYDRA_PROXY"); + if (proxy_string != NULL && proxy_string[0] != 0) { + if (strstr(proxy_string, "//") != NULL) { + char *dslash = strstr(proxy_string, "://"); + + if (dslash) { + proxy_string[dslash - proxy_string] = 0; + strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1); + proxy_string_type[sizeof(proxy_string_type) - 1] = 0; + } + + proxy_string = dslash; + proxy_string += 3; + } + if (proxy_string[strlen(proxy_string) - 1] == '/') + proxy_string[strlen(proxy_string) - 1] = 0; + if ((tmpptr = index(proxy_string, ':')) == NULL) + use_proxy = 0; + else { + *tmpptr = 0; + tmpptr++; + memset(&hints, 0, sizeof hints); + if ((device = index(proxy_string, '%')) != NULL) + *device++ = 0; + if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { + fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } + freeaddrinfo(res); +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + proxy_string_ip[0] = 16; + memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(proxy_string_ip + 17, device); + if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); + exit(-1); + } + } + } else +#endif + if (ipv4 != NULL) { + proxy_string_ip[0] = 4; + memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); + } else { + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } + } + proxy_string_port = atoi(tmpptr); + } + if (use_proxy == 0) + fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); + } else + use_proxy = 0; + if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { + if (index(tmpptr, ':') == NULL) { + fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); + } else { + proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); + strcpy(proxy_authentication, tmpptr); + if (hydra_strcasestr(proxy_string_type, "socks") == NULL) + hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); + } + } + + if (hydra_options.restore == 0) { + if ((strcmp(hydra_options.service, "rsh") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) + math2 = hydra_brains.countlogin; else - return 0; + math2 = hydra_brains.countlogin * hydra_brains.countpass; + +#ifdef HAVE_MATH_H + if (hydra_options.bfg) { + math2 = hydra_brains.countlogin * bf_get_pcount(); + } +#endif + + hydra_brains.todo = math2; + math2 = math2 * hydra_brains.targets; + hydra_brains.todo_all = math2; + if (hydra_brains.todo_all == 0) + bail("No login/password combination given!"); + if (hydra_brains.todo < hydra_options.tasks) { + if (verbose && hydra_options.tasks != TASKS) + printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); + hydra_options.tasks = hydra_brains.todo; + } + } + if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T + if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) + hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + if (hydra_options.max_use > MAXTASKS) + hydra_options.max_use = MAXTASKS; + } + if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { + if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) + hydra_options.tasks = 1; + //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); + } else { + if (hydra_options.tasks > MAXTASKS) { + //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.tasks = MAXTASKS; + } + } + // hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + // if (hydra_options.max_use > MAXTASKS) + // hydra_options.max_use = MAXTASKS; + math2 = (hydra_brains.todo / hydra_options.tasks); + if (hydra_brains.todo % hydra_options.tasks) + math2++; + math2 = (math2 * hydra_brains.targets) / hydra_options.max_use; + // set options (bits!) + options = 0; + if (hydra_options.ssl) + options = options | OPTION_SSL; + if (hydra_options.colonfile != NULL) + printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, + math2 == 1 ? "y" : "ies"); + else + printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", + hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", + (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); + + printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); + + if (hydra_options.outfile_ptr != NULL) { + if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { + perror("[ERROR] Error creating outputfile"); + exit(-1); + } + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), + hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + for (i = 1; i < argc; i++) + fprintf(hydra_brains.ofp, " %s", argv[i]); + fprintf(hydra_brains.ofp, ")\n"); + } + // we have to flush all writeable buffered file pointers before forking + // set appropriate signals for mother + signal(SIGCHLD, killed_childs); + if (debug == 0) + signal(SIGTERM, kill_children); + if (debug == 0) { +#ifdef SIGBUS + signal(SIGBUS, kill_children); +#endif + signal(SIGSEGV, kill_children); + } + signal(SIGHUP, kill_children); + signal(SIGINT, kill_children); + signal(SIGPIPE, SIG_IGN); + if (verbose) + printf("[VERBOSE] Resolving addresses ... "); + if (debug) + printf("\n"); + for (i = 0; i < hydra_brains.targets; i++) { + if (debug) + printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); + memset(&hints, 0, sizeof(hints)); + ipv4 = NULL; +#ifdef AF_INET6 + ipv6 = NULL; + if ((device = index(hydra_targets[i]->target, '%')) != NULL) + *device++ = 0; +#endif + if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { + if (use_proxy == 0) { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + // IPV6 FIXME + if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { + fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", + hydra_targets[i]->target, hydra_options.service); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } else { + hydra_targets[i]->ip[0] = 16; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(&hydra_targets[i]->ip[17], device); + if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", + hydra_targets[i]->target); + exit(-1); + } + } + } + } else +#endif + if (ipv4 != NULL) { + hydra_targets[i]->ip[0] = 4; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); + } else { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + freeaddrinfo(res); + } + } + if (verbose) + printf("done\n"); + if (hydra_brains.targets == 0) + bail("No server to scan!"); + +#ifndef SO_BINDTODEVICE + if (device != NULL) { + fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); + } +#endif + + if (hydra_options.restore == 0) { + hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); + target_no = 0; + for (i = 0; i < hydra_options.max_use; i++) { + hydra_heads[i] = malloc(sizeof(hydra_head)); + memset(hydra_heads[i], 0, sizeof(hydra_head)); + } + } + // here we call the init function of the relevant service module + // should we do the init centrally or should each child do that? + // that depends largely on the number of targets and maximum tasks + // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) + for (i = 0; i < hydra_brains.targets; i++) + hydra_service_init(i); + + starttime = elapsed_status = elapsed_restore = time(NULL); + fflush(stdout); + fflush(stderr); + fflush(hydra_brains.ofp); + + hydra_debug(0, "attack"); + process_restore = 1; + + // this is the big function which starts the attacking children, feeds login/password pairs, etc.! + while (exit_condition == 0) { + FD_ZERO(&fdreadheads); + for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { + if (hydra_heads[head_no]->active > 0) { + FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); + if (max_fd < hydra_heads[head_no]->sp[0]) + max_fd = hydra_heads[head_no]->sp[0]; + } + } + my_select(max_fd + 1, &fdreadheads, NULL, NULL, 0, 200000); + tmp_time = time(NULL); + + for (head_no = 0; head_no < hydra_options.max_use; head_no++) { + if (debug && hydra_heads[head_no]->active != -1) + printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); + switch (hydra_heads[head_no]->active) { + case -1: + // disabled head, ignored + break; + case 0: + if (hydra_heads[head_no]->redo) { + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); + } else { + if (hydra_brains.targets > hydra_brains.finished) + hydra_heads[head_no]->target_no = hydra_select_target(); + else + hydra_heads[head_no]->target_no = -1; + if (debug) + printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); + if (hydra_heads[head_no]->target_no < 0) { + if (debug) + printf("[DEBUG] hydra_select_target() reports no more targets left\n"); + hydra_kill_head(head_no, 0, 3); + } else + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 + } + break; + case 1: + if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { + readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); + if (readres > 0) { + FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); + hydra_heads[head_no]->last_seen = tmp_time; + if (debug) + printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); + switch (rc) { + // Valid Results: + // n - mother says to itself that child requests next login/password pair + // N - child requests next login/password pair + // Q - child reports that it is quitting + // C - child reports connect error (and is quitting) + // E - child reports protocol error (and is quitting) + // f - child reports that the username does not exist + // F - child reports that it found a valid login/password pair + // and requests next pair. Sends login/pw pair with next msg! + case 'N': // head wants next pair + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + // no break here + case 'n': // mother sends this to itself initially + loop_cnt = 0; + if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) + hydra_kill_head(head_no, 1, 0); + break; + + case 'F': // valid password found + hydra_brains.found++; + if (colored_output) { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target); + else + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, + hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, + hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } else { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target); + else + printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } + if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target); + else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } + if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found + if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { + hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); + } + if (hydra_options.exit_found == 2) { + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == 0) { + hydra_targets[j]->done = 1; + hydra_brains.finished++; + } + } + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { + if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) + hydra_kill_head(j, 1, 0); // kill all heads working on the target + else + hydra_kill_head(j, 1, 2); // kill all heads working on the target + } + continue; + } + // fall through + case 'f': // username identified as invalid + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + memset(buf, 0, sizeof(buf)); + read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); + hydra_skip_user(hydra_heads[head_no]->target_no, buf); + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack + break; + + // we do not make a difference between 'C' and 'E' results - yet + case 'E': // head reports protocol error + case 'C': // head reports connect error + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) { + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + } + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + break; + + case 'Q': // head reports its quitting + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) + printf("[DEBUG] child %d reported it quit\n", head_no); + hydra_kill_head(head_no, 1, 0); + break; + + default: + fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + if (readres == -1) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } else { + if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { + // check if recover of timed-out head is necessary + if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { + if (kill(hydra_heads[head_no]->pid, 0) < 0) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + // if we do not get to hear anything for a longer time assume its dead + if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { + if (verbose) + fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + } + break; + default: + fprintf(stderr, "[ERROR] child %d in unknown state, restarting!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + + usleep(USLEEP_LOOP); + (void) wait3(NULL, WNOHANG, NULL); + // write restore file and report status + if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { + hydra_restore_write(0); + elapsed_restore = time(NULL); + } + + if (time(NULL) - elapsed_status > status_print) { + elapsed_status = time(NULL); + tmp_time = elapsed_status - starttime; + if (tmp_time < 1) + tmp_time = 1; + tmp_time = hydra_brains.sent / tmp_time; + if (tmp_time < 1) + tmp_time = 1; + if (status_print < 15 * 59) + status_print = ((status_print + 1) * 2) - 1; + if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) + status_print = 299; + if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) + status_print = 59; + k = 0; + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0) + k++; + printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + hydra_brains.sent, // tries + (long unsigned int) ((elapsed_status - starttime) / 3600), // hours + (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes + hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo + (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) / 3600, // hours + (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) % 3600) / 60) + 1, // min + k); + hydra_debug(0, "STATUS"); + } + + exit_condition = hydra_check_for_exit_condition(); + } + process_restore = 0; + if (debug) + printf("[DEBUG] while loop left with %d\n", exit_condition); + + j = k = error = 0; + for (i = 0; i < hydra_brains.targets; i++) + switch (hydra_targets[i]->done) { + case 3: + k++; + break; + case 2: + if (hydra_targets[i]->ok == 0) + k++; + else + error++; + break; + case 1: + break; + case 0: + if (hydra_targets[i]->ok == 0) + k++; + else + j++; + break; + default: + error++; + fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); + } + + if (debug) + printf("[DEBUG] killing all remaining childs now that might be stuck\n"); + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) + hydra_kill_head(i, 1, 3); + (void) wait3(NULL, WNOHANG, NULL); + + printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", + hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); + if (error == 0 && j == 0) { + process_restore = 0; + unlink(RESTOREFILE); + } else { + if (hydra_options.cidr == 0) { + printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + hydra_restore_write(1); + } + } + if (error) { + fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); + error = 1; + } + if (k) { + fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); + error = 1; + } + if (j) { + fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); + error = 1; + } + // yeah we did it + printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) + fclose(hydra_brains.ofp); + + fflush(NULL); + if (error || j || exit_condition < 0) + return -1; + else + return 0; } diff --git a/sasl.c b/sasl.c index 173dbe8..847afca 100644 --- a/sasl.c +++ b/sasl.c @@ -1,59 +1,65 @@ #include "sasl.h" + /* print_hex is used for debug it displays the string buf hexa values of size len */ int print_hex(unsigned char *buf, int len) { -int i; -int n; -for (i = 0, n = 0; i < len; i++) { -if (n > 7) { -printf("\n"); -n = 0; -} -printf("0x%02x, ", buf[i]); -n++; -} -printf("\n"); -return (0); + int i; + int n; + + for (i = 0, n = 0; i < len; i++) { + if (n > 7) { + printf("\n"); + n = 0; + } + printf("0x%02x, ", buf[i]); + n++; + } + printf("\n"); + return (0); } + /* RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords code based on gsasl_saslprep from GSASL project */ int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { #if LIBIDN -int rc; -rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); -if (rc != STRINGPREP_OK) { -*out = NULL; -return -1; -} + int rc; + + rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); + if (rc != STRINGPREP_OK) { + *out = NULL; + return -1; + } #if defined HAVE_PR29_H -if (pr29_8z(*out) != PR29_SUCCESS) { -free(*out); -*out = NULL; -return -1; -} + if (pr29_8z(*out) != PR29_SUCCESS) { + free(*out); + *out = NULL; + return -1; + } #endif #else -size_t i, inlen = strlen(in); -for (i = 0; i < inlen; i++) { -if (in[i] & 0x80) { -*out = NULL; -hydra_report(stderr, "Error: Can't convert UTF-8, you should install libidn\n"); -return -1; -} -} -*out = malloc(inlen + 1); -if (!*out) { -hydra_report(stderr, "Error: Can't allocate memory\n"); -return -1; -} -strcpy(*out, in); + size_t i, inlen = strlen(in); + + for (i = 0; i < inlen; i++) { + if (in[i] & 0x80) { + *out = NULL; + hydra_report(stderr, "Error: Can't convert UTF-8, you should install libidn\n"); + return -1; + } + } + *out = malloc(inlen + 1); + if (!*out) { + hydra_report(stderr, "Error: Can't allocate memory\n"); + return -1; + } + strcpy(*out, in); #endif -return 0; + return 0; } + /* RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism sasl_plain computes the plain authentication from strings login and password @@ -61,29 +67,32 @@ and stored the value in variable result the first parameter result must be able to hold at least 255 bytes! */ void sasl_plain(char *result, char *login, char *pass) { -char *preplogin; -char *preppasswd; -int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); -if (rc) { -result = NULL; -return; -} -rc = sasl_saslprep(pass, 0, &preppasswd); -if (rc) { -free(preplogin); -result = NULL; -return; -} -if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { -strcpy(result, preplogin); -strcpy(result + strlen(preplogin) + 1, preplogin); -strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); -hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); -} -free(preplogin); -free(preppasswd); + char *preplogin; + char *preppasswd; + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + result = NULL; + return; + } + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + free(preplogin); + result = NULL; + return; + } + if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { + strcpy(result, preplogin); + strcpy(result + strlen(preplogin) + 1, preplogin); + strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); + hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); + } + free(preplogin); + free(preppasswd); } + #ifdef LIBOPENSSL + /* RFC 2195: IMAP/POP AUTHorize Extension for Simple Challenge/Response sasl_cram_md5 computes the cram-md5 authentication from password string @@ -92,51 +101,53 @@ result the parameter result must be able to hold at least 100 bytes! */ void sasl_cram_md5(char *result, char *pass, char *challenge) { -char ipad[64]; -char opad[64]; -unsigned char md5_raw[MD5_DIGEST_LENGTH]; -MD5_CTX md5c; -int i, rc; -char *preppasswd; -if (challenge == NULL) { -result = NULL; -return; -} -rc = sasl_saslprep(pass, 0, &preppasswd); -if (rc) { -result = NULL; -return; -} -memset(ipad, 0, sizeof(ipad)); -memset(opad, 0, sizeof(opad)); -if (strlen(preppasswd) >= 64) { -MD5_Init(&md5c); -MD5_Update(&md5c, preppasswd, strlen(preppasswd)); -MD5_Final(md5_raw, &md5c); -memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); -memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); -} else { -strcpy(ipad, preppasswd); // safe -strcpy(opad, preppasswd); // safe -} -for (i = 0; i < 64; i++) { -ipad[i] ^= 0x36; -opad[i] ^= 0x5c; -} -MD5_Init(&md5c); -MD5_Update(&md5c, ipad, 64); -MD5_Update(&md5c, challenge, strlen(challenge)); -MD5_Final(md5_raw, &md5c); -MD5_Init(&md5c); -MD5_Update(&md5c, opad, 64); -MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); -MD5_Final(md5_raw, &md5c); -for (i = 0; i < MD5_DIGEST_LENGTH; i++) { -sprintf(result, "%02x", md5_raw[i]); -result += 2; -} -free(preppasswd); + char ipad[64]; + char opad[64]; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + MD5_CTX md5c; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + if (strlen(preppasswd) >= 64) { + MD5_Init(&md5c); + MD5_Update(&md5c, preppasswd, strlen(preppasswd)); + MD5_Final(md5_raw, &md5c); + memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); + memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + MD5_Init(&md5c); + MD5_Update(&md5c, ipad, 64); + MD5_Update(&md5c, challenge, strlen(challenge)); + MD5_Final(md5_raw, &md5c); + MD5_Init(&md5c); + MD5_Update(&md5c, opad, 64); + MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); + MD5_Final(md5_raw, &md5c); + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", md5_raw[i]); + result += 2; + } + free(preppasswd); } + /* sasl_cram_sha1 computes the cram-sha1 authentication from password string and the challenge sent by the server, and stored the value in variable @@ -144,51 +155,53 @@ result the parameter result must be able to hold at least 100 bytes! */ void sasl_cram_sha1(char *result, char *pass, char *challenge) { -char ipad[64]; -char opad[64]; -unsigned char sha1_raw[SHA_DIGEST_LENGTH]; -SHA_CTX shac; -int i, rc; -char *preppasswd; -if (challenge == NULL) { -result = NULL; -return; -} -rc = sasl_saslprep(pass, 0, &preppasswd); -if (rc) { -result = NULL; -return; -} -memset(ipad, 0, sizeof(ipad)); -memset(opad, 0, sizeof(opad)); -if (strlen(preppasswd) >= 64) { -SHA1_Init(&shac); -SHA1_Update(&shac, preppasswd, strlen(preppasswd)); -SHA1_Final(sha1_raw, &shac); -memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); -memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); -} else { -strcpy(ipad, preppasswd); // safe -strcpy(opad, preppasswd); // safe -} -for (i = 0; i < 64; i++) { -ipad[i] ^= 0x36; -opad[i] ^= 0x5c; -} -SHA1_Init(&shac); -SHA1_Update(&shac, ipad, 64); -SHA1_Update(&shac, challenge, strlen(challenge)); -SHA1_Final(sha1_raw, &shac); -SHA1_Init(&shac); -SHA1_Update(&shac, opad, 64); -SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); -SHA1_Final(sha1_raw, &shac); -for (i = 0; i < SHA_DIGEST_LENGTH; i++) { -sprintf(result, "%02x", sha1_raw[i]); -result += 2; -} -free(preppasswd); + char ipad[64]; + char opad[64]; + unsigned char sha1_raw[SHA_DIGEST_LENGTH]; + SHA_CTX shac; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + if (strlen(preppasswd) >= 64) { + SHA1_Init(&shac); + SHA1_Update(&shac, preppasswd, strlen(preppasswd)); + SHA1_Final(sha1_raw, &shac); + memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); + memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + SHA1_Init(&shac); + SHA1_Update(&shac, ipad, 64); + SHA1_Update(&shac, challenge, strlen(challenge)); + SHA1_Final(sha1_raw, &shac); + SHA1_Init(&shac); + SHA1_Update(&shac, opad, 64); + SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); + SHA1_Final(sha1_raw, &shac); + for (i = 0; i < SHA_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", sha1_raw[i]); + result += 2; + } + free(preppasswd); } + /* sasl_cram_sha256 computes the cram-sha256 authentication from password string and the challenge sent by the server, and stored the value in variable @@ -196,330 +209,345 @@ result the parameter result must be able to hold at least 100 bytes! */ void sasl_cram_sha256(char *result, char *pass, char *challenge) { -char ipad[64]; -char opad[64]; -unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; -SHA256_CTX sha256c; -int i, rc; -char *preppasswd; -if (challenge == NULL) { -result = NULL; -return; -} -memset(ipad, 0, sizeof(ipad)); -memset(opad, 0, sizeof(opad)); -rc = sasl_saslprep(pass, 0, &preppasswd); -if (rc) { -result = NULL; -return; -} -if (strlen(preppasswd) >= 64) { -SHA256_Init(&sha256c); -SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); -SHA256_Final(sha256_raw, &sha256c); -memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); -memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); -} else { -strcpy(ipad, preppasswd); // safe -strcpy(opad, preppasswd); // safe -} -for (i = 0; i < 64; i++) { -ipad[i] ^= 0x36; -opad[i] ^= 0x5c; -} -SHA256_Init(&sha256c); -SHA256_Update(&sha256c, ipad, 64); -SHA256_Update(&sha256c, challenge, strlen(challenge)); -SHA256_Final(sha256_raw, &sha256c); -SHA256_Init(&sha256c); -SHA256_Update(&sha256c, opad, 64); -SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); -SHA256_Final(sha256_raw, &sha256c); -for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { -sprintf(result, "%02x", sha256_raw[i]); -result += 2; -} -free(preppasswd); + char ipad[64]; + char opad[64]; + unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; + SHA256_CTX sha256c; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + if (strlen(preppasswd) >= 64) { + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); + SHA256_Final(sha256_raw, &sha256c); + memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); + memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, ipad, 64); + SHA256_Update(&sha256c, challenge, strlen(challenge)); + SHA256_Final(sha256_raw, &sha256c); + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, opad, 64); + SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); + SHA256_Final(sha256_raw, &sha256c); + for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", sha256_raw[i]); + result += 2; + } + free(preppasswd); } + /* RFC 2831: Using Digest Authentication as a SASL Mechanism the parameter result must be able to hold at least 500 bytes!! */ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) { -char *pbuffer = NULL; -int array_size = 10; -unsigned char response[MD5_DIGEST_LENGTH]; -char *array[array_size]; -char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; -int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; -MD5_CTX md5c; -char *preplogin; -char *preppasswd; -int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); -memset(realm, 0, sizeof(realm)); -if (rc) { -result = NULL; -return; -} -rc = sasl_saslprep(pass, 0, &preppasswd); -if (rc) { -free(preplogin); -result = NULL; -return; -} + char *pbuffer = NULL; + int array_size = 10; + unsigned char response[MD5_DIGEST_LENGTH]; + char *array[array_size]; + char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; + int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; + MD5_CTX md5c; + char *preplogin; + char *preppasswd; + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + memset(realm, 0, sizeof(realm)); + if (rc) { + result = NULL; + return; + } + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + free(preplogin); + result = NULL; + return; + } //DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess //DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess //warning some not well configured xmpp server is sending no realm //DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess -pbuffer = buffer; -do { -currentpos++; -if (pbuffer[0] == '"') { -if (intq == 0) -intq = 1; -else { -intq = 0; -} -} -if ((pbuffer[0] == ',') && (intq == 0)) { -array[ind] = malloc(currentpos); -strncpy(array[ind], buffer + lastpos, currentpos - 1); -array[ind][currentpos - 1] = '\0'; -ind++; -lastpos += currentpos; -currentpos = 0; -} -pbuffer++; -} while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); + pbuffer = buffer; + do { + currentpos++; + if (pbuffer[0] == '"') { + if (intq == 0) + intq = 1; + else { + intq = 0; + } + } + if ((pbuffer[0] == ',') && (intq == 0)) { + array[ind] = malloc(currentpos); + strncpy(array[ind], buffer + lastpos, currentpos - 1); + array[ind][currentpos - 1] = '\0'; + ind++; + lastpos += currentpos; + currentpos = 0; + } + pbuffer++; + } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); //save the latest one -if (ind < array_size) { -array[ind] = malloc(currentpos + 1); -strncpy(array[ind], buffer + lastpos, currentpos); -array[ind][currentpos] = '\0'; -ind++; -} -for (i = 0; i < ind; i++) { + if (ind < array_size) { + array[ind] = malloc(currentpos + 1); + strncpy(array[ind], buffer + lastpos, currentpos); + array[ind][currentpos] = '\0'; + ind++; + } + for (i = 0; i < ind; i++) { //removing space chars between comma separated value if any -while ((array[i] != NULL) && (array[i][0] == ' ')) { -char *tmp = strdup(array[i]); -memset(array[i], 0, sizeof(array[i])); -strcpy(array[i], tmp + 1); -free(tmp); -} -if (strstr(array[i], "nonce=") != NULL) { + while ((array[i] != NULL) && (array[i][0] == ' ')) { + char *tmp = strdup(array[i]); + + memset(array[i], 0, sizeof(array[i])); + strcpy(array[i], tmp + 1); + free(tmp); + } + if (strstr(array[i], "nonce=") != NULL) { //check if it contains double-quote -if (strstr(array[i], "\"") != NULL) { + if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote -int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; -if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { -strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); -nonce[nonce_string_len] = '\0'; -} else { -int j; -for (j = 0; j < ind; j++) -if (array[j] != NULL) -free(array[j]); -hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); -result = NULL; -return; -} -} else { -strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); -nonce[sizeof(nonce) - 1] = '\0'; -} -} -if (strstr(array[i], "realm=") != NULL) { -if (strstr(array[i], "\"") != NULL) { + int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; + + if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { + strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); + nonce[nonce_string_len] = '\0'; + } else { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); + nonce[sizeof(nonce) - 1] = '\0'; + } + } + if (strstr(array[i], "realm=") != NULL) { + if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote -int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; -if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { -strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); -realm[realm_string_len] = '\0'; -} else { -int i; -for (i = 0; i < ind; i++) -if (array[i] != NULL) -free(array[i]); -hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); -result = NULL; -return; -} -} else { -strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); -realm[sizeof(realm) - 1] = '\0'; -} -} -if (strstr(array[i], "qop=") != NULL) { + int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; + + if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { + strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); + realm[realm_string_len] = '\0'; + } else { + int i; + + for (i = 0; i < ind; i++) + if (array[i] != NULL) + free(array[i]); + hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); + realm[sizeof(realm) - 1] = '\0'; + } + } + if (strstr(array[i], "qop=") != NULL) { + /* The value "auth" indicates authentication; the value "auth-int" indicates authentication with integrity protection; the value "auth-conf" indicates authentication with integrity protection and encryption. */ -auth_find = 1; -if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { -int j; -for (j = 0; j < ind; j++) -if (array[j] != NULL) -free(array[j]); -hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); -result = NULL; -return; -} -} -if (strstr(array[i], "algorithm=") != NULL) { -if (strstr(array[i], "\"") != NULL) { + auth_find = 1; + if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); + result = NULL; + return; + } + } + if (strstr(array[i], "algorithm=") != NULL) { + if (strstr(array[i], "\"") != NULL) { //assume last char is also a double-quote -int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; -if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { -strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); -algo[algo_string_len] = '\0'; -} else { -int j; -for (j = 0; j < ind; j++) -if (array[j] != NULL) -free(array[j]); -hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); -result = NULL; -return; -} -} else { -strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); -algo[sizeof(algo) - 1] = '\0'; -} -if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { -int j; -for (j = 0; j < ind; j++) -if (array[j] != NULL) -free(array[j]); -hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); -result = NULL; -return; -} -} -free(array[i]); -array[i] = NULL; -} -if (!strlen(algo)) { + int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; + + if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { + strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); + algo[algo_string_len] = '\0'; + } else { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); + algo[sizeof(algo) - 1] = '\0'; + } + if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); + result = NULL; + return; + } + } + free(array[i]); + array[i] = NULL; + } + if (!strlen(algo)) { //assuming by default algo is MD5 -memset(algo, 0, sizeof(algo)); -strcpy(algo, "MD5"); -} + memset(algo, 0, sizeof(algo)); + strcpy(algo, "MD5"); + } //xmpp case, some xmpp server is not sending the realm so we have to set it up -if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) -snprintf(realm, sizeof(realm), "%s", miscptr); + if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) + snprintf(realm, sizeof(realm), "%s", miscptr); //compute ha1 //support for algo = MD5 -snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); -MD5_Init(&md5c); -MD5_Update(&md5c, buffer, strlen(buffer)); -MD5_Final(response, &md5c); + snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); //for MD5-sess -if (strstr(algo, "5-sess") != NULL) { -buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! + if (strstr(algo, "5-sess") != NULL) { + buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! + /* per RFC 2617 Errata ID 1649 */ -if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { -memset(buffer3, 0, sizeof(buffer3)); -pbuffer = buffer3; -for (i = 0; i < MD5_DIGEST_LENGTH; i++) { -sprintf(pbuffer, "%02x", response[i]); -pbuffer += 2; -} -sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); -} else { -memcpy(buffer, response, sizeof(response)); -sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); -} -MD5_Init(&md5c); -MD5_Update(&md5c, buffer, strlen(buffer)); -MD5_Final(response, &md5c); -} -memset(buffer3, 0, sizeof(buffer3)); -pbuffer = buffer3; -for (i = 0; i < MD5_DIGEST_LENGTH; i++) { -sprintf(pbuffer, "%02x", response[i]); -pbuffer += 2; -} + if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { + memset(buffer3, 0, sizeof(buffer3)); + pbuffer = buffer3; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); + } else { + memcpy(buffer, response, sizeof(response)); + sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); + } + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + } + memset(buffer3, 0, sizeof(buffer3)); + pbuffer = buffer3; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } //compute ha2 //proxy case -if (strstr(type, "proxy") != NULL) -sprintf(buffer, "%s:%s", "HEAD", miscptr); -else + if (strstr(type, "proxy") != NULL) + sprintf(buffer, "%s:%s", "HEAD", miscptr); + else //http case -if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) -sprintf(buffer, "%s:%s", type, miscptr); -else + if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) + sprintf(buffer, "%s:%s", type, miscptr); + else //sip case -if (strstr(type, "sip") != NULL) -sprintf(buffer, "REGISTER:%s:%s", type, miscptr); -else + if (strstr(type, "sip") != NULL) + sprintf(buffer, "REGISTER:%s:%s", type, miscptr); + else //others -if (strstr(type, "rtsp") != NULL) -sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port); -else + if (strstr(type, "rtsp") != NULL) + sprintf(buffer, "DESCRIBE:%s://%s:%i", type, webtarget, port); + else //others -sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); + sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); -MD5_Init(&md5c); -MD5_Update(&md5c, buffer, strlen(buffer)); -MD5_Final(response, &md5c); -pbuffer = buffer2; -for (i = 0; i < MD5_DIGEST_LENGTH; i++) { -sprintf(pbuffer, "%02x", response[i]); -pbuffer += 2; -} + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + pbuffer = buffer2; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } //compute response -if (!auth_find) -snprintf(buffer, 500, "%s:%s", nonce, buffer2); -else -snprintf(buffer, 500, "%s:%s:%s:%s:%s", nonce, "00000001", "hydra", "auth", buffer2); -MD5_Init(&md5c); -MD5_Update(&md5c, buffer3, strlen(buffer3)); -MD5_Update(&md5c, ":", 1); -MD5_Update(&md5c, buffer, strlen(buffer)); -MD5_Final(response, &md5c); -pbuffer = buffer; -for (i = 0; i < MD5_DIGEST_LENGTH; i++) { -sprintf(pbuffer, "%02x", response[i]); -pbuffer += 2; -} + if (!auth_find) + snprintf(buffer, 500, "%s:%s", nonce, buffer2); + else + snprintf(buffer, 500, "%s:%s:%s:%s:%s", nonce, "00000001", "hydra", "auth", buffer2); + MD5_Init(&md5c); + MD5_Update(&md5c, buffer3, strlen(buffer3)); + MD5_Update(&md5c, ":", 1); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + pbuffer = buffer; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } //create the auth response -if (strstr(type, "proxy") != NULL) { -snprintf(result, 500, -"HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", -miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); -} else { -if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || -(strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { -snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, -nonce, algo, type, realm, buffer); -} else { - if (strstr(type, "sip") != NULL) { -snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); -} else{ -if (strstr(type, "rtsp") != NULL) { -snprintf(result, 500, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s://%s:%i\", response=\"%s\"\r\n", preplogin, realm, nonce, type, webtarget, port, buffer); -} else { -if (use_proxy == 1 && proxy_authentication != NULL) -snprintf(result, 500, -"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", -type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); -else { -if (use_proxy == 1) -snprintf(result, 500, -"%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", -type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); -else -snprintf(result, 500, -"%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", -type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); -} -} -} -} -} -free(preplogin); -free(preppasswd); + if (strstr(type, "proxy") != NULL) { + snprintf(result, 500, + "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + } else { + if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || + (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { + snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, + nonce, algo, type, realm, buffer); + } else { + if (strstr(type, "sip") != NULL) { + snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); + } else { + if (strstr(type, "rtsp") != NULL) { + snprintf(result, 500, "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s://%s:%i\", response=\"%s\"\r\n", preplogin, realm, nonce, type, webtarget, port, buffer); + } else { + if (use_proxy == 1 && proxy_authentication != NULL) + snprintf(result, 500, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); + else { + if (use_proxy == 1) + snprintf(result, 500, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + else + snprintf(result, 500, + "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + } + } + } + } + } + free(preplogin); + free(preppasswd); } + /* RFC 5802: Salted Challenge Response Authentication Mechanism Note: SCRAM is a client-first SASL mechanism @@ -528,87 +556,94 @@ and my girlfriend that let me work on that 2 whole nights ;) clientfirstmessagebare must be at least 500 bytes in size! */ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { -int saltlen = 0; -int iter = 4096; -char *salt, *nonce, *ic; -unsigned int resultlen = 0; -char clientfinalmessagewithoutproof[200]; -char buffer[500]; -unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; -unsigned char ClientKey[SHA_DIGEST_LENGTH]; -unsigned char StoredKey[SHA_DIGEST_LENGTH]; -unsigned char ClientSignature[SHA_DIGEST_LENGTH]; -char AuthMessage[1024]; -char ClientProof[SHA_DIGEST_LENGTH]; -unsigned char clientproof_b64[50]; -char *preppasswd; -int rc = sasl_saslprep(pass, 0, &preppasswd); -if (rc) { -result = NULL; -return; -} + int saltlen = 0; + int iter = 4096; + char *salt, *nonce, *ic; + unsigned int resultlen = 0; + char clientfinalmessagewithoutproof[200]; + char buffer[500]; + unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; + unsigned char ClientKey[SHA_DIGEST_LENGTH]; + unsigned char StoredKey[SHA_DIGEST_LENGTH]; + unsigned char ClientSignature[SHA_DIGEST_LENGTH]; + char AuthMessage[1024]; + char ClientProof[SHA_DIGEST_LENGTH]; + unsigned char clientproof_b64[50]; + char *preppasswd; + int rc = sasl_saslprep(pass, 0, &preppasswd); + + if (rc) { + result = NULL; + return; + } + /*client-final-message */ -if (debug) -hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 -if (strstr(serverfirstmessage, "r=") == NULL) { -hydra_report(stderr, "Error: Can't understand server message\n"); -free(preppasswd); -result = NULL; -return; -} -strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); -buffer[sizeof(buffer) - 1] = '\0'; -nonce = strtok(buffer, ","); + if (strstr(serverfirstmessage, "r=") == NULL) { + hydra_report(stderr, "Error: Can't understand server message\n"); + free(preppasswd); + result = NULL; + return; + } + strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + nonce = strtok(buffer, ","); //continue to search from the previous successful call -salt = strtok(NULL, ","); -ic = strtok(NULL, ","); -iter = atoi(ic + 2); -if (iter == 0) { -hydra_report(stderr, "Error: Can't understand server response\n"); -free(preppasswd); -result = NULL; -return; -} -if ((nonce != NULL) && (strlen(nonce) > 2)) -snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); -else { -hydra_report(stderr, "Error: Could not identify server nonce value\n"); -free(preppasswd); -result = NULL; -return; -} -if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) + salt = strtok(NULL, ","); + ic = strtok(NULL, ","); + iter = atoi(ic + 2); + if (iter == 0) { + hydra_report(stderr, "Error: Can't understand server response\n"); + free(preppasswd); + result = NULL; + return; + } + if ((nonce != NULL) && (strlen(nonce) > 2)) + snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); + else { + hydra_report(stderr, "Error: Could not identify server nonce value\n"); + free(preppasswd); + result = NULL; + return; + } + if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= -strcpy(buffer, salt + 2); -else { -hydra_report(stderr, "Error: Could not identify server salt value\n"); -free(preppasswd); -result = NULL; -return; -} + strcpy(buffer, salt + 2); + else { + hydra_report(stderr, "Error: Could not identify server salt value\n"); + free(preppasswd); + result = NULL; + return; + } + /* SaltedPassword := Hi(Normalize(password), salt, i) */ -saltlen = from64tobits((char *) salt, buffer); -if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { -hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); -free(preppasswd); -result = NULL; -return; -} + saltlen = from64tobits((char *) salt, buffer); + if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { + hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); + free(preppasswd); + result = NULL; + return; + } + /* ClientKey := HMAC(SaltedPassword, "Client Key") */ #define CLIENT_KEY "Client Key" -HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); + HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); + /* StoredKey := H(ClientKey) */ -SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); + SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); + /* ClientSignature := HMAC(StoredKey, AuthMessage) */ -snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); -HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); + snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); + HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); + /* ClientProof := ClientKey XOR ClientSignature */ -xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); -to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); -snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); -if (debug) -hydra_report(stderr, "DEBUG C: %s\n", result); -free(preppasswd); + xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); + to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); + snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", result); + free(preppasswd); } #endif From e6b376293c1cb0f47f5b5d3093f9e5a4b62d230e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2015 14:13:50 +0200 Subject: [PATCH 21/33] beautifications --- CHANGES | 1 + hydra-rtsp.c | 33 ++++++++++++++------------------- 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index 43cbe38..6811ffd 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 8.2-pre +* Added RTSP module, thanks to jjavi89 for supplying! * Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! diff --git a/hydra-rtsp.c b/hydra-rtsp.c index e5d2487..bf2a751 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -69,12 +69,11 @@ void create_core_packet(int control,char* ip, int port){ char * target=hydra_address2string(ip); if (control==0){ if (strlen(packet) <= 0){ - sprintf(packet, "DESCRIBE rtsp://%s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n",target,port); - + sprintf(packet, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n",target,port); } }else{ if (strlen(packet2) <= 0){ - sprintf(packet2, "DESCRIBE rtsp://%s:%i RTSP/1.0\r\nCSeq: 3\r\n",target,port); + sprintf(packet2, "DESCRIBE rtsp://%s.260:%i RTSP/1.0\r\nCSeq: 3\r\n",target,port); } } } @@ -89,7 +88,6 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - create_core_packet(0,ip,port); @@ -99,12 +97,12 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, lresp = hydra_receive_line(s); if (lresp == NULL){ - printf("null"); + fprintf(stderr, "[ERROR] no server reply"); return 1; } if (is_NotFound(lresp)){ - printf("Server dont need credentials\r\n"); + printf("[INFO] Server does not need credentials\n"); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ return 3; @@ -116,7 +114,7 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, if (use_Basic_Auth(lresp)==1) { - sprintf(buffer2,"%s:%s",login,pass); + sprintf(buffer2,"%.260s:%.260s",login,pass); hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%sAuthorization: : Basic %s\r\n\r\n",packet2,buffer2); @@ -127,25 +125,24 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, } if(use_Digest_Auth(lresp)==1){ - - char dbuffer[500]; - char aux[500]; - + char *dbuf = dbuffer[500] = ""; + char aux[500] = ""; char *pbuffer = hydra_strcasestr(lresp,"WWW-Authenticate: Digest "); strncpy(aux,pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); aux[sizeof(aux)-1]='\0'; - #ifdef LIBOPENSSL - - sasl_digest_md5(&dbuffer, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); + sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); +#endif + printf("[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n"); + return 3; #endif - if (dbuffer==NULL) { - printf("digest fail, dbuffer null\r\n"); + if (dbuf == NULL) { + fprintf(stderr, "[ERROR] digest generation failed\n"); return 3; } - sprintf(buffer, "%sAuthorization: Digest %s\r\n\r\n", packet2, dbuffer); + sprintf(buffer, "%sAuthorization: Digest %s\r\n\r\n", packet2, dbuf); if (debug){ hydra_report(stderr, "C:%s\n", buffer); @@ -221,8 +218,6 @@ void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * sock = hydra_disconnect(sock); } hydra_child_exit(0); - printf("end"); - return; break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); From 2246030c21c20fb10a019ad60b49a73757f1370f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2015 14:14:19 +0200 Subject: [PATCH 22/33] beautifications --- hydra-rtsp.c | 372 +++++++++++++++++++++++++-------------------------- 1 file changed, 186 insertions(+), 186 deletions(-) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index bf2a751..c348999 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -16,227 +16,227 @@ char *buf; char packet[500]; char packet2[500]; -int is_Unauthorized(char * s){ - - if (strstr(s,"401 Unauthorized")!= NULL){ - return 1; - }else{ - return 0; - } +int is_Unauthorized(char *s) { + + if (strstr(s, "401 Unauthorized") != NULL) { + return 1; + } else { + return 0; + } } -int is_NotFound(char * s){ - - if (strstr(s,"404 Stream Not Found")!= NULL){ - return 1; - }else{ - return 0; - } +int is_NotFound(char *s) { + + if (strstr(s, "404 Stream Not Found") != NULL) { + return 1; + } else { + return 0; + } } -int is_Authorized(char * s){ - - if (strstr(s,"200 OK")!= NULL){ - return 1; - }else{ - return 0; - } +int is_Authorized(char *s) { + + if (strstr(s, "200 OK") != NULL) { + return 1; + } else { + return 0; + } } -int use_Basic_Auth(char * s){ +int use_Basic_Auth(char *s) { - if(strstr(s,"WWW-Authenticate: Basic")!=NULL){ - return 1; - }else{ - return 0; - } + if (strstr(s, "WWW-Authenticate: Basic") != NULL) { + return 1; + } else { + return 0; + } } -int use_Digest_Auth(char * s){ - - if(strstr(s,"WWW-Authenticate: Digest")!=NULL){ - return 1; - }else{ - return 0; - } +int use_Digest_Auth(char *s) { + + if (strstr(s, "WWW-Authenticate: Digest") != NULL) { + return 1; + } else { + return 0; + } } -void create_core_packet(int control,char* ip, int port){ +void create_core_packet(int control, char *ip, int port) { - char buffer[500]; - char * target=hydra_address2string(ip); - if (control==0){ - if (strlen(packet) <= 0){ - sprintf(packet, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n",target,port); - } - }else{ - if (strlen(packet2) <= 0){ - sprintf(packet2, "DESCRIBE rtsp://%s.260:%i RTSP/1.0\r\nCSeq: 3\r\n",target,port); - } - } + char buffer[500]; + char *target = hydra_address2string(ip); + + if (control == 0) { + if (strlen(packet) <= 0) { + sprintf(packet, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n", target, port); + } + } else { + if (strlen(packet2) <= 0) { + sprintf(packet2, "DESCRIBE rtsp://%s.260:%i RTSP/1.0\r\nCSeq: 3\r\n", target, port); + } + } } -int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) -{ - char *empty = ""; - char *login, *pass, buffer[500],buffer2[500]; - - char * lresp; +int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; - if (strlen(login = hydra_get_next_login()) == 0) - login = empty; - if (strlen(pass = hydra_get_next_password()) == 0) - pass = empty; - - create_core_packet(0,ip,port); - - if (hydra_send(s, packet, strlen(packet), 0) < 0) { - return 1; + char *lresp; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + create_core_packet(0, ip, port); + + if (hydra_send(s, packet, strlen(packet), 0) < 0) { + return 1; + } + lresp = hydra_receive_line(s); + + if (lresp == NULL) { + fprintf(stderr, "[ERROR] no server reply"); + return 1; + } + + if (is_NotFound(lresp)) { + printf("[INFO] Server does not need credentials\n"); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; } - lresp = hydra_receive_line(s); - - if (lresp == NULL){ - fprintf(stderr, "[ERROR] no server reply"); - return 1; + return 1; + } else { + + create_core_packet(1, ip, port); + + if (use_Basic_Auth(lresp) == 1) { + + sprintf(buffer2, "%.260s:%.260s", login, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%sAuthorization: : Basic %s\r\n\r\n", packet2, buffer2); + + if (debug) { + hydra_report(stderr, "C:%s\n", buffer); + } } - - if (is_NotFound(lresp)){ - printf("[INFO] Server does not need credentials\n"); - hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ - return 3; - } - return 1; - } else { - - create_core_packet(1,ip, port); - - if (use_Basic_Auth(lresp)==1) { - - sprintf(buffer2,"%.260s:%.260s",login,pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%sAuthorization: : Basic %s\r\n\r\n",packet2,buffer2); + if (use_Digest_Auth(lresp) == 1) { + char *dbuf = dbuffer[500] = ""; + char aux[500] = ""; - if (debug){ - hydra_report(stderr, "C:%s\n", buffer); - } - } - - if(use_Digest_Auth(lresp)==1){ - char *dbuf = dbuffer[500] = ""; - char aux[500] = ""; + char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); - char *pbuffer = hydra_strcasestr(lresp,"WWW-Authenticate: Digest "); - strncpy(aux,pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); - aux[sizeof(aux)-1]='\0'; + strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); + aux[sizeof(aux) - 1] = '\0'; #ifdef LIBOPENSSL - sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); + sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); +#else + printf("[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n"); + return 3; #endif - printf("[ERROR] Digest auth required but compiled without OpenSSL/MD5 support\n"); - return 3; -#endif - - if (dbuf == NULL) { - fprintf(stderr, "[ERROR] digest generation failed\n"); - return 3; - } - sprintf(buffer, "%sAuthorization: Digest %s\r\n\r\n", packet2, dbuf); - - if (debug){ - hydra_report(stderr, "C:%s\n", buffer); - } - } - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - - lresp = NULL; - - lresp = hydra_receive_line(s); - if ((is_NotFound(lresp))){ - - hydra_completed_pair_found(); + if (dbuf == NULL) { + fprintf(stderr, "[ERROR] digest generation failed\n"); + return 3; + } + sprintf(buffer, "%sAuthorization: Digest %s\r\n\r\n", packet2, dbuf); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0){ - return 3; - } - return 1; - - - } - hydra_completed_pair(); - } + if (debug) { + hydra_report(stderr, "C:%s\n", buffer); + } + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + + lresp = NULL; + + lresp = hydra_receive_line(s); + + if ((is_NotFound(lresp))) { + + hydra_completed_pair_found(); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + return 1; + + + } + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; - if(memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 3; - //not rechead - return 2; + return 2; } void service_rtsp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_RTSP, mysslport = PORT_RTSP_SSL; - char *ptr, *ptr2; - - hydra_register_socket(sp); - - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return; - - while (1) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_RTSP, mysslport = PORT_RTSP_SSL; + char *ptr, *ptr2; - switch (run) { - case 1: /* connect and service init function */ - if (sock >= 0){ - sock = hydra_disconnect(sock); - } - if ((options & OPTION_SSL) == 0) { - if (port != 0){ - myport = port; - } - sock = hydra_connect_tcp(ip, myport); - port = myport; - } - if (sock < 0) { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } + hydra_register_socket(sp); - next_run=2; - break; - case 2: /* run the cracking function */ - next_run = start_rtsp(sock, ip, port, options, miscptr, fp); - break; - case 3: /* clean exit */ - if (sock >= 0) { - sock = hydra_disconnect(sock); - } - hydra_child_exit(0); - break; - default: - hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); - hydra_child_exit(0); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + if ((options & OPTION_SSL) == 0) { + if (port != 0) { + myport = port; } - run = next_run; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_rtsp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); } + run = next_run; + } } int service_rtsp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - // called before the childrens are forked off, so this is the function - // which should be filled if initial connections and service setup has to be - // performed once only. - // - // fill if needed. - // - // return codes: - // 0 all OK - // -1 error, hydra will exit, so print a good error message here - return 0; + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + return 0; } - From 7f456cb1dc6171d653637dc0551ef9498384ecaa Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2015 14:30:49 +0200 Subject: [PATCH 23/33] beautifications --- Makefile | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++-- hydra-rtsp.c | 3 +- 2 files changed, 86 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..3ee5fd1 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,87 @@ -all: - @echo Error: you must run "./configure" first +CC=gcc +STRIP=strip +XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBNCURSES -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBSVN -DLIBSSH -DHAVE_MATH_H +XLIBS= -lcurses -lssl -lidn -lpcre -lmysqlclient -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib +XIPATHS= -I/usr/include/mysql -I/usr/include/ncurses -I/usr/include -I/usr/include -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO=hydra-logo.o +PWI_LOGO=pw-inspector-logo.o +SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 + +# +# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC +# +OPTS=-I. -O3 +# -Wall -g -pedantic +LIBS=-lm +DIR=/bin + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ + hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ + hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ + hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ + hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-rdp.c hydra-s7-300.c hydra-redis.c \ + crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ + hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ + hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ + hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ + hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ + hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ + hydra-rdp.o hydra-s7-300.c \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(PREFIX)$(DIR) + cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh + -chmod 755 $(PREFIX)/bin/dpl4hydra.sh + -mkdir -p $(PREFIX)/etc/ + -cp -f *.csv $(PREFIX)/etc/ + -mkdir -p $(PREFIX)/man/man1 + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/hydra-rtsp.c b/hydra-rtsp.c index c348999..32f3ed2 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -125,7 +125,8 @@ int start_rtsp(int s, char *ip, int port, unsigned char options, char *miscptr, } if (use_Digest_Auth(lresp) == 1) { - char *dbuf = dbuffer[500] = ""; + char *dbuf; + char dbuffer[500] = ""; char aux[500] = ""; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); From 7b4c5aee189afec3bad4b9cd6678beae9cce2f06 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2015 14:30:55 +0200 Subject: [PATCH 24/33] beautifications --- Makefile | 86 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 84 deletions(-) diff --git a/Makefile b/Makefile index 3ee5fd1..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,87 +1,5 @@ -CC=gcc -STRIP=strip -XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBNCURSES -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBSVN -DLIBSSH -DHAVE_MATH_H -XLIBS= -lcurses -lssl -lidn -lpcre -lmysqlclient -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib -XIPATHS= -I/usr/include/mysql -I/usr/include/ncurses -I/usr/include -I/usr/include -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO=hydra-logo.o -PWI_LOGO=pw-inspector-logo.o -SEC=-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 - -# -# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC -# -OPTS=-I. -O3 -# -Wall -g -pedantic -LIBS=-lm -DIR=/bin - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ - hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ - hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ - hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ - hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-rdp.c hydra-s7-300.c hydra-redis.c \ - crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c hydra-rtsp.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ - hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ - hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ - hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ - hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ - hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ - hydra-rdp.o hydra-s7-300.c \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-rtsp.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(PREFIX)$(DIR) - cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh - -chmod 755 $(PREFIX)/bin/dpl4hydra.sh - -mkdir -p $(PREFIX)/etc/ - -cp -f *.csv $(PREFIX)/etc/ - -mkdir -p $(PREFIX)/man/man1 - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 392251f218e2ca12db4f20e34103fdb17f0ae0cc Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2015 17:50:25 +0200 Subject: [PATCH 25/33] fix --- hydra-rtsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 32f3ed2..179ca50 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -74,7 +74,7 @@ void create_core_packet(int control, char *ip, int port) { } } else { if (strlen(packet2) <= 0) { - sprintf(packet2, "DESCRIBE rtsp://%s.260:%i RTSP/1.0\r\nCSeq: 3\r\n", target, port); + sprintf(packet2, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 3\r\n", target, port); } } } From fa82feecc457016b65d4d8c28a86cab80ea64e85 Mon Sep 17 00:00:00 2001 From: anthraxx Date: Sat, 6 Jun 2015 18:33:59 +0200 Subject: [PATCH 26/33] adding make location configurations to ease proper packaging this patch introduces DATADIR, MANDIR and DESTDIR to it is possible to configure the csv data location, the man location and also a packaging DESTDIR location which is needed for packaging in a subdir. PREFIX stays like it was so it is properly used in dpl4hydra.sh. --- Makefile.am | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/Makefile.am b/Makefile.am index 142d683..a5c00be 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,10 @@ OPTS=-I. -O3 # -Wall -g -pedantic LIBS=-lm -DIR=/bin +BINDIR = /bin +MANDIR ?= /man/man1 +DATADIR ?= /etc +DESTDIR ?= SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ @@ -57,15 +60,15 @@ strip: all -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null install: strip - -mkdir -p $(PREFIX)$(DIR) - cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh - -chmod 755 $(PREFIX)/bin/dpl4hydra.sh - -mkdir -p $(PREFIX)/etc/ - -cp -f *.csv $(PREFIX)/etc/ - -mkdir -p $(PREFIX)/man/man1 - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile From 5bf16f9e28a44efe74b7cfd9291de3b03e5ef317 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 17 Jun 2015 19:25:29 +0200 Subject: [PATCH 27/33] imap-debug --- hydra-imap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-imap.c b/hydra-imap.c index 6ce7791..4966223 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -104,6 +104,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, memset(buffer, 0, sizeof(buffer)); sasl_plain(buffer, login, pass); + if (debug) printf("[DEBUG] sasl_plain: %s + %s = %s\n", login, pass, buffer); sprintf(buffer, "%.250s\r\n", buffer); break; From cccf259d81d27d917c98fd0d7c20ca7dd6939593 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 17 Jun 2015 19:31:56 +0200 Subject: [PATCH 28/33] imap PLAIN fix --- hydra-imap.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/hydra-imap.c b/hydra-imap.c index 4966223..a360ac4 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -102,10 +102,9 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, } free(buf); - memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); - if (debug) printf("[DEBUG] sasl_plain: %s + %s = %s\n", login, pass, buffer); - sprintf(buffer, "%.250s\r\n", buffer); + memset(buffer2, 0, sizeof(buffer2)); + sasl_plain(buffer2, login, pass); + sprintf(buffer, "%.250s\r\n", buffer2); break; #ifdef LIBOPENSSL From e47d8fda1e95c55318358115f0e1c6098d5a24d3 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 17 Jun 2015 19:39:31 +0200 Subject: [PATCH 29/33] http-form out of memory fix --- hydra-http-form.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index be350da..2f634aa 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -299,11 +299,11 @@ void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue)); + cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, newvalue); else { - hydra_report(stderr, "[ERROR] Out of memory."); + hydra_report(stderr, "[ERROR] Out of memory (hddrep)."); hydra_child_exit(0); } } @@ -318,11 +318,11 @@ void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value)); + cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, new_value); else { - hydra_report(stderr, "[ERROR] Out of memory"); + hydra_report(stderr, "[ERROR] Out of memory (hdrrepv %d)", strlen(new_value) + 1); hydra_child_exit(0); } } @@ -1120,7 +1120,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { break; } // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (h)."); return NULL; case 'H': // add a new header, or replace an existing one's value @@ -1149,7 +1149,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { break; } // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H)."); return NULL; // no default } From 44632760f8d5aab6689cb7e9584b27f068751568 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 18 Jun 2015 19:38:14 +0200 Subject: [PATCH 30/33] debug changes --- CHANGES | 2 ++ hydra.c | 11 ++++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 6811ffd..8a072af 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,8 @@ Release 8.2-pre * Fixed for SSL connection to support TLSv1.2 etc. * Support for different RSA keylengths, thanks to fann95 for the patch * Fixed a bug where the cisco-enable module was not working with the password-only logon mode +* Fixed an out of memory bug in http-form +* Fixed imap PLAIN method * ... your patch? diff --git a/hydra.c b/hydra.c index 9a71294..52d7609 100644 --- a/hydra.c +++ b/hydra.c @@ -1,4 +1,3 @@ - /* * hydra (c) 2001-2014 by van Hauser / THC * http://www.thc.org @@ -742,8 +741,8 @@ void hydra_restore_write(int print_msg) { || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { hh.redo = 1; if (print_msg && debug) - printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, - hh.current_login_ptr, hh.current_pass_ptr); + printf("[DEBUG] we will redo the following combination: target %s child %d login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, + j, hh.current_login_ptr, hh.current_pass_ptr); } fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) @@ -886,6 +885,7 @@ void hydra_restore_read() { strcpy(hydra_targets[j]->pass_ptr, out); } if (hydra_targets[j]->redo > 0) + if (debug) printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -914,7 +914,7 @@ void hydra_restore_read() { } if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); - hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); + hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 16); for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); @@ -922,6 +922,7 @@ void hydra_restore_read() { hydra_heads[j]->sp[1] = -1; sck = fgets(out, sizeof(out), f); if (hydra_heads[j]->redo) { + if (debug) printf("[DEBUG] head %d redo\n", j); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); @@ -932,7 +933,7 @@ void hydra_restore_read() { if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; if (debug) - printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_login_ptr[0] == %d\n", j, out[0], hydra_heads[j]->current_login_ptr[0]); + printf("[DEBUG] TEMP head %d: pass == %s, login == %s\n", j, out, hydra_heads[j]->current_login_ptr); if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); strcpy(hydra_heads[j]->current_pass_ptr, out); From 0847abbead697f2a99cb9e07f357d155a3542fc2 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 18 Jun 2015 20:21:47 +0200 Subject: [PATCH 31/33] DPL update --- dpl4hydra_full.csv | 3776 +++++++++++++++++++++---------------------- dpl4hydra_local.csv | 3776 +++++++++++++++++++++---------------------- 2 files changed, 3770 insertions(+), 3782 deletions(-) diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv index 7d7ce82..8edeb41 100755 --- a/dpl4hydra_full.csv +++ b/dpl4hydra_full.csv @@ -5476,7 +5476,7 @@ planet,Adsl router,,,admin,epicrouter,,, planet,Adsl router,,Multi,admin,epicrouter,,, planet,Akcess Point,,HTTP,admin,admin,Admin,, planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, -planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,,admin,<> just hit ENTER ,,, planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, planet,GRT-501,,http,root,root,full,, planet,WAP-1900/1950/2000,,2.5.0,,default,,, @@ -5880,6 +5880,1890 @@ siemens nixdorf,ROLM PBX,,,admin,pwp,,, siemens nixdorf,ROLM PBX,,,eng,engineer,,, siemens nixdorf,ROLM PBX,,,op,operator,,, siemens nixdorf,ROLM PBX,,,su,super,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZZ,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,zzzzzzzz,,, siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, siemens,APACS,,ACM Controller,,gubed,,, siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, @@ -6916,1893 +8800,3 @@ zyxel,Zywall,,Multi,admin,1234,Admin,, zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, -siemens s7-300,,,,,',,, -siemens s7-300,,,,,'',,, -siemens s7-300,,,,,''',,, -siemens s7-300,,,,,'''',,, -siemens s7-300,,,,,''''',,, -siemens s7-300,,,,,'''''',,, -siemens s7-300,,,,,''''''',,, -siemens s7-300,,,,,'''''''',,, -siemens s7-300,,,,,-,,, -siemens s7-300,,,,,--,,, -siemens s7-300,,,,,---,,, -siemens s7-300,,,,,----,,, -siemens s7-300,,,,,-----,,, -siemens s7-300,,,,,------,,, -siemens s7-300,,,,,-------,,, -siemens s7-300,,,,,--------,,, -siemens s7-300,,,,,!manage,,, -siemens s7-300,,,,,!MANAGE,,, -siemens s7-300,,,,,$secure$,,, -siemens s7-300,,,,,*,,, -siemens s7-300,,,,,**,,, -siemens s7-300,,,,,***,,, -siemens s7-300,,,,,****,,, -siemens s7-300,,,,,*****,,, -siemens s7-300,,,,,******,,, -siemens s7-300,,,,,*******,,, -siemens s7-300,,,,,********,,, -siemens s7-300,,,,,,,,, -siemens s7-300,,,,,,,,,, -siemens s7-300,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,,, -siemens s7-300,,,,,.,,, -siemens s7-300,,,,,..,,, -siemens s7-300,,,,,...,,, -siemens s7-300,,,,,....,,, -siemens s7-300,,,,,.....,,, -siemens s7-300,,,,,......,,, -siemens s7-300,,,,,.......,,, -siemens s7-300,,,,,........,,, -siemens s7-300,,,,,/,,, -siemens s7-300,,,,,//,,, -siemens s7-300,,,,,///,,, -siemens s7-300,,,,,////,,, -siemens s7-300,,,,,/////,,, -siemens s7-300,,,,,//////,,, -siemens s7-300,,,,,///////,,, -siemens s7-300,,,,,////////,,, -siemens s7-300,,,,,;,,, -siemens s7-300,,,,,;;,,, -siemens s7-300,,,,,;;;,,, -siemens s7-300,,,,,;;;;,,, -siemens s7-300,,,,,;;;;;,,, -siemens s7-300,,,,,;;;;;;,,, -siemens s7-300,,,,,;;;;;;;,,, -siemens s7-300,,,,,;;;;;;;;,,, -siemens s7-300,,,,,@#$123,,, -siemens s7-300,,,,,[,,, -siemens s7-300,,,,,[[,,, -siemens s7-300,,,,,[[[,,, -siemens s7-300,,,,,[[[[,,, -siemens s7-300,,,,,[[[[[,,, -siemens s7-300,,,,,[[[[[[,,, -siemens s7-300,,,,,[[[[[[[,,, -siemens s7-300,,,,,[[[[[[[[,,, -siemens s7-300,,,,,],,, -siemens s7-300,,,,,]],,, -siemens s7-300,,,,,]]],,, -siemens s7-300,,,,,]]]],,, -siemens s7-300,,,,,]]]]],,, -siemens s7-300,,,,,]]]]]],,, -siemens s7-300,,,,,]]]]]]],,, -siemens s7-300,,,,,]]]]]]]],,, -siemens s7-300,,,,,_Cisco,,, -siemens s7-300,,,,,`,,, -siemens s7-300,,,,,``,,, -siemens s7-300,,,,,```,,, -siemens s7-300,,,,,````,,, -siemens s7-300,,,,,`````,,, -siemens s7-300,,,,,``````,,, -siemens s7-300,,,,,```````,,, -siemens s7-300,,,,,````````,,, -siemens s7-300,,,,,+,,, -siemens s7-300,,,,,++,,, -siemens s7-300,,,,,+++,,, -siemens s7-300,,,,,++++,,, -siemens s7-300,,,,,+++++,,, -siemens s7-300,,,,,++++++,,, -siemens s7-300,,,,,+++++++,,, -siemens s7-300,,,,,++++++++,,, -siemens s7-300,,,,,=,,, -siemens s7-300,,,,,==,,, -siemens s7-300,,,,,===,,, -siemens s7-300,,,,,====,,, -siemens s7-300,,,,,=====,,, -siemens s7-300,,,,,======,,, -siemens s7-300,,,,,=======,,, -siemens s7-300,,,,,========,,, -siemens s7-300,,,,,0,,, -siemens s7-300,,,,,00,,, -siemens s7-300,,,,,000,,, -siemens s7-300,,,,,0000,,, -siemens s7-300,,,,,00000,,, -siemens s7-300,,,,,000000,,, -siemens s7-300,,,,,0000000,,, -siemens s7-300,,,,,00000000,,, -siemens s7-300,,,,,00000001,,, -siemens s7-300,,,,,0000001,,, -siemens s7-300,,,,,000001,,, -siemens s7-300,,,,,00001,,, -siemens s7-300,,,,,0001,,, -siemens s7-300,,,,,001,,, -siemens s7-300,,,,,050952,,, -siemens s7-300,,,,,0P3N,,, -siemens s7-300,,,,,1,,, -siemens s7-300,,,,,100,,, -siemens s7-300,,,,,1000,,, -siemens s7-300,,,,,10000,,, -siemens s7-300,,,,,100000,,, -siemens s7-300,,,,,1000000,,, -siemens s7-300,,,,,10000000,,, -siemens s7-300,,,,,10041979,,, -siemens s7-300,,,,,1064,,, -siemens s7-300,,,,,11,,, -siemens s7-300,,,,,111,,, -siemens s7-300,,,,,1111,,, -siemens s7-300,,,,,11111,,, -siemens s7-300,,,,,111111,,, -siemens s7-300,,,,,1111111,,, -siemens s7-300,,,,,11111111,,, -siemens s7-300,,,,,11112222,,, -siemens s7-300,,,,,112233,,, -siemens s7-300,,,,,11223344,,, -siemens s7-300,,,,,123,,, -siemens s7-300,,,,,123123,,, -siemens s7-300,,,,,12314500,,, -siemens s7-300,,,,,123321,,, -siemens s7-300,,,,,1234,,, -siemens s7-300,,,,,12344321,,, -siemens s7-300,,,,,12345,,, -siemens s7-300,,,,,123456,,, -siemens s7-300,,,,,1234567,,, -siemens s7-300,,,,,12345678,,, -siemens s7-300,,,,,12348765,,, -siemens s7-300,,,,,123654,,, -siemens s7-300,,,,,123asd,,, -siemens s7-300,,,,,123ASD,,, -siemens s7-300,,,,,123qwe,,, -siemens s7-300,,,,,123QWE,,, -siemens s7-300,,,,,1246,,, -siemens s7-300,,,,,128bit,,, -siemens s7-300,,,,,128BIT,,, -siemens s7-300,,,,,1313,,, -siemens s7-300,,,,,1502,,, -siemens s7-300,,,,,151298,,, -siemens s7-300,,,,,166816,,, -siemens s7-300,,,,,180497,,, -siemens s7-300,,,,,1890agb,,, -siemens s7-300,,,,,1890AGB,,, -siemens s7-300,,,,,1954,,, -siemens s7-300,,,,,1G2W3E,,, -siemens s7-300,,,,,1q2w3e,,, -siemens s7-300,,,,,2,,, -siemens s7-300,,,,,21,,, -siemens s7-300,,,,,21241036,,, -siemens s7-300,,,,,2128506,,, -siemens s7-300,,,,,22,,, -siemens s7-300,,,,,222,,, -siemens s7-300,,,,,2222,,, -siemens s7-300,,,,,22222,,, -siemens s7-300,,,,,222222,,, -siemens s7-300,,,,,2222222,,, -siemens s7-300,,,,,22222222,,, -siemens s7-300,,,,,266344,,, -siemens s7-300,,,,,281067,,, -siemens s7-300,,,,,281068,,, -siemens s7-300,,,,,2BW9,,, -siemens s7-300,,,,,2WSXcder,,, -siemens s7-300,,,,,3,,, -siemens s7-300,,,,,31994,,, -siemens s7-300,,,,,321,,, -siemens s7-300,,,,,33,,, -siemens s7-300,,,,,333,,, -siemens s7-300,,,,,3333,,, -siemens s7-300,,,,,33333,,, -siemens s7-300,,,,,333333,,, -siemens s7-300,,,,,3333333,,, -siemens s7-300,,,,,33333333,,, -siemens s7-300,,,,,3477,,, -siemens s7-300,,,,,355025,,, -siemens s7-300,,,,,3597,,, -siemens s7-300,,,,,3ascotel,,, -siemens s7-300,,,,,3ASCOTEL,,, -siemens s7-300,,,,,3ep5w2u,,, -siemens s7-300,,,,,3orro,,, -siemens s7-300,,,,,3ORRO,,, -siemens s7-300,,,,,3ware,,, -siemens s7-300,,,,,3WARE,,, -siemens s7-300,,,,,4,,, -siemens s7-300,,,,,42296795,,, -siemens s7-300,,,,,4321,,, -siemens s7-300,,,,,44,,, -siemens s7-300,,,,,444,,, -siemens s7-300,,,,,4444,,, -siemens s7-300,,,,,44444,,, -siemens s7-300,,,,,444444,,, -siemens s7-300,,,,,4444444,,, -siemens s7-300,,,,,44444444,,, -siemens s7-300,,,,,4ert,,, -siemens s7-300,,,,,4ERT,,, -siemens s7-300,,,,,4G5K,,, -siemens s7-300,,,,,4G7S,,, -siemens s7-300,,,,,4getme2,,, -siemens s7-300,,,,,4tas,,, -siemens s7-300,,,,,4TAS,,, -siemens s7-300,,,,,5,,, -siemens s7-300,,,,,5001,,, -siemens s7-300,,,,,5150,,, -siemens s7-300,,,,,5201314,,, -siemens s7-300,,,,,54321,,, -siemens s7-300,,,,,55,,, -siemens s7-300,,,,,55055,,, -siemens s7-300,,,,,555,,, -siemens s7-300,,,,,5555,,, -siemens s7-300,,,,,55555,,, -siemens s7-300,,,,,555555,,, -siemens s7-300,,,,,5555555,,, -siemens s7-300,,,,,55555555,,, -siemens s7-300,,,,,56789,,, -siemens s7-300,,,,,5693,,, -siemens s7-300,,,,,5777364,,, -siemens s7-300,,,,,5860,,, -siemens s7-300,,,,,589589,,, -siemens s7-300,,,,,6,,, -siemens s7-300,,,,,60587,,, -siemens s7-300,,,,,654321,,, -siemens s7-300,,,,,66,,, -siemens s7-300,,,,,666,,, -siemens s7-300,,,,,6666,,, -siemens s7-300,,,,,66666,,, -siemens s7-300,,,,,666666,,, -siemens s7-300,,,,,6666666,,, -siemens s7-300,,,,,66666666,,, -siemens s7-300,,,,,66808920,,, -siemens s7-300,,,,,6969,,, -siemens s7-300,,,,,7,,, -siemens s7-300,,,,,7654321,,, -siemens s7-300,,,,,77,,, -siemens s7-300,,,,,777,,, -siemens s7-300,,,,,7777,,, -siemens s7-300,,,,,77777,,, -siemens s7-300,,,,,777777,,, -siemens s7-300,,,,,7777777,,, -siemens s7-300,,,,,77777777,,, -siemens s7-300,,,,,7SH4,,, -siemens s7-300,,,,,8,,, -siemens s7-300,,,,,8111,,, -siemens s7-300,,,,,8429,,, -siemens s7-300,,,,,851141,,, -siemens s7-300,,,,,86844,,, -siemens s7-300,,,,,8746550,,, -siemens s7-300,,,,,87654321,,, -siemens s7-300,,,,,88,,, -siemens s7-300,,,,,888,,, -siemens s7-300,,,,,8888,,, -siemens s7-300,,,,,88888,,, -siemens s7-300,,,,,888888,,, -siemens s7-300,,,,,8888888,,, -siemens s7-300,,,,,88888888,,, -siemens s7-300,,,,,88981684,,, -siemens s7-300,,,,,9,,, -siemens s7-300,,,,,901100,,, -siemens s7-300,,,,,99,,, -siemens s7-300,,,,,999,,, -siemens s7-300,,,,,9999,,, -siemens s7-300,,,,,99999,,, -siemens s7-300,,,,,999999,,, -siemens s7-300,,,,,9999999,,, -siemens s7-300,,,,,99999999,,, -siemens s7-300,,,,,9W5K,,, -siemens s7-300,,,,,a,,, -siemens s7-300,,,,,A,,, -siemens s7-300,,,,,a/d,,, -siemens s7-300,,,,,A/D,,, -siemens s7-300,,,,,aa,,, -siemens s7-300,,,,,AA,,, -siemens s7-300,,,,,aaa,,, -siemens s7-300,,,,,AAA,,, -siemens s7-300,,,,,aaaa,,, -siemens s7-300,,,,,AAAA,,, -siemens s7-300,,,,,aaaaa,,, -siemens s7-300,,,,,AAAAA,,, -siemens s7-300,,,,,aaaaaa,,, -siemens s7-300,,,,,AAAAAA,,, -siemens s7-300,,,,,aaaaaaa,,, -siemens s7-300,,,,,AAAAAAA,,, -siemens s7-300,,,,,aaaaaaaa,,, -siemens s7-300,,,,,AAAAAAAA,,, -siemens s7-300,,,,,aabbcc,,, -siemens s7-300,,,,,AABBCC,,, -siemens s7-300,,,,,aaeon,,, -siemens s7-300,,,,,AAEON,,, -siemens s7-300,,,,,aavid,,, -siemens s7-300,,,,,AAVID,,, -siemens s7-300,,,,,ab,,, -siemens s7-300,,,,,AB,,, -siemens s7-300,,,,,abb,,, -siemens s7-300,,,,,ABB,,, -siemens s7-300,,,,,abc,,, -siemens s7-300,,,,,ABC,,, -siemens s7-300,,,,,abc123,,, -siemens s7-300,,,,,ABC123,,, -siemens s7-300,,,,,abcd,,, -siemens s7-300,,,,,ABCD,,, -siemens s7-300,,,,,abcde,,, -siemens s7-300,,,,,ABCDE,,, -siemens s7-300,,,,,ABCDEF,,, -siemens s7-300,,,,,abcdefg,,, -siemens s7-300,,,,,ABCDEFG,,, -siemens s7-300,,,,,abcdefgh,,, -siemens s7-300,,,,,ABCDEFGH,,, -siemens s7-300,,,,,abelconn,,, -siemens s7-300,,,,,ABELCONN,,, -siemens s7-300,,,,,abov,,, -siemens s7-300,,,,,ABOV,,, -siemens s7-300,,,,,abracon,,, -siemens s7-300,,,,,ABRACON,,, -siemens s7-300,,,,,absopuls,,, -siemens s7-300,,,,,ABSOPULS,,, -siemens s7-300,,,,,abtech,,, -siemens s7-300,,,,,ABTECH,,, -siemens s7-300,,,,,abunlock,,, -siemens s7-300,,,,,ABUNLOCK,,, -siemens s7-300,,,,,acam,,, -siemens s7-300,,,,,ACAM,,, -siemens s7-300,,,,,acc,,, -siemens s7-300,,,,,ACC,,, -siemens s7-300,,,,,access,,, -siemens s7-300,,,,,ACCESS,,, -siemens s7-300,,,,,accord,,, -siemens s7-300,,,,,ACCORD,,, -siemens s7-300,,,,,acon,,, -siemens s7-300,,,,,ACON,,, -siemens s7-300,,,,,acopian,,, -siemens s7-300,,,,,ACOPIAN,,, -siemens s7-300,,,,,acp,,, -siemens s7-300,,,,,ACP,,, -siemens s7-300,,,,,actel,,, -siemens s7-300,,,,,ACTEL,,, -siemens s7-300,,,,,activex,,, -siemens s7-300,,,,,ACTIVEX,,, -siemens s7-300,,,,,adactus,,, -siemens s7-300,,,,,ADACTUS,,, -siemens s7-300,,,,,adam,,, -siemens s7-300,,,,,ADAM,,, -siemens s7-300,,,,,adc,,, -siemens s7-300,,,,,ADC,,, -siemens s7-300,,,,,adcdef,,, -siemens s7-300,,,,,adda,,, -siemens s7-300,,,,,ADDA,,, -siemens s7-300,,,,,adels,,, -siemens s7-300,,,,,ADELS,,, -siemens s7-300,,,,,adfexc,,, -siemens s7-300,,,,,ADFEXC,,, -siemens s7-300,,,,,adi,,, -siemens s7-300,,,,,ADI,,, -siemens s7-300,,,,,admin,,, -siemens s7-300,,,,,ADMIN,,, -siemens s7-300,,,,,admin123,,, -siemens s7-300,,,,,ADMIN123,,, -siemens s7-300,,,,,adminttd,,, -siemens s7-300,,,,,ADMINTTD,,, -siemens s7-300,,,,,adslroot,,, -siemens s7-300,,,,,ADSLROOT,,, -siemens s7-300,,,,,adtran,,, -siemens s7-300,,,,,ADTRAN,,, -siemens s7-300,,,,,advanced,,, -siemens s7-300,,,,,ADVANCED,,, -siemens s7-300,,,,,advantec,,, -siemens s7-300,,,,,ADVANTEC,,, -siemens s7-300,,,,,aeg mis,,, -siemens s7-300,,,,,AEG MIS,,, -siemens s7-300,,,,,aeg,,, -siemens s7-300,,,,,AEG,,, -siemens s7-300,,,,,AEM,,, -siemens s7-300,,,,,aem,,, -siemens s7-300,,,,,aeroflex,,, -siemens s7-300,,,,,Aeroflex,,, -siemens s7-300,,,,,AEROFLEX,,, -siemens s7-300,,,,,aft,,, -siemens s7-300,,,,,AFT,,, -siemens s7-300,,,,,aitech,,, -siemens s7-300,,,,,AITECH,,, -siemens s7-300,,,,,akiwa,,, -siemens s7-300,,,,,AKIWA,,, -siemens s7-300,,,,,albright,,, -siemens s7-300,,,,,ALBRIGHT,,, -siemens s7-300,,,,,alcor,,, -siemens s7-300,,,,,ALCOR,,, -siemens s7-300,,,,,aleph,,, -siemens s7-300,,,,,ALEPH,,, -siemens s7-300,,,,,ALFA,,, -siemens s7-300,,,,,alfaMag,,, -siemens s7-300,,,,,ALFAMAG,,, -siemens s7-300,,,,,alfa'r,,, -siemens s7-300,,,,,ALFA'R,,, -siemens s7-300,,,,,alfatron,,, -siemens s7-300,,,,,ALFATRON,,, -siemens s7-300,,,,,ali,,, -siemens s7-300,,,,,ALI,,, -siemens s7-300,,,,,all,,, -siemens s7-300,,,,,ALL,,, -siemens s7-300,,,,,allegro,,, -siemens s7-300,,,,,ALLEGRO,,, -siemens s7-300,,,,,allen,,, -siemens s7-300,,,,,ALLEN,,, -siemens s7-300,,,,,alliance,,, -siemens s7-300,,,,,ALLIANCE,,, -siemens s7-300,,,,,allied,,, -siemens s7-300,,,,,ALLIED,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpine,,, -siemens s7-300,,,,,ALPINE,,, -siemens s7-300,,,,,alps,,, -siemens s7-300,,,,,ALPS,,, -siemens s7-300,,,,,altera,,, -siemens s7-300,,,,,ALTERA,,, -siemens s7-300,,,,,amber,,, -siemens s7-300,,,,,AMBER,,, -siemens s7-300,,,,,amd,,, -siemens s7-300,,,,,AMD,,, -siemens s7-300,,,,,american,,, -siemens s7-300,,,,,AMERICAN,,, -siemens s7-300,,,,,ametherm,,, -siemens s7-300,,,,,AMETHERM,,, -siemens s7-300,,,,,ami,,, -siemens s7-300,,,,,AMI,,, -siemens s7-300,,,,,amic,,, -siemens s7-300,,,,,AMIC,,, -siemens s7-300,,,,,amis,,, -siemens s7-300,,,,,AMIS,,, -siemens s7-300,,,,,ammc,,, -siemens s7-300,,,,,AMMC,,, -siemens s7-300,,,,,amp,,, -siemens s7-300,,,,,AMP,,, -siemens s7-300,,,,,amperite,,, -siemens s7-300,,,,,AMPERITE,,, -siemens s7-300,,,,,amphenol,,, -siemens s7-300,,,,,AMPHENOL,,, -siemens s7-300,,,,,ampire,,, -siemens s7-300,,,,,AMPIRE,,, -siemens s7-300,,,,,amt,,, -siemens s7-300,,,,,AMT,,, -siemens s7-300,,,,,anachip,,, -siemens s7-300,,,,,ANACHIP,,, -siemens s7-300,,,,,anadigic,,, -siemens s7-300,,,,,ANADIGIC,,, -siemens s7-300,,,,,anadigm,,, -siemens s7-300,,,,,ANADIGM,,, -siemens s7-300,,,,,analog,,, -siemens s7-300,,,,,ANALOG,,, -siemens s7-300,,,,,analogic,,, -siemens s7-300,,,,,ANALOGIC,,, -siemens s7-300,,,,,anaren,,, -siemens s7-300,,,,,ANAREN,,, -siemens s7-300,,,,,angel,,, -siemens s7-300,,,,,ANGEL,,, -siemens s7-300,,,,,angle,,, -siemens s7-300,,,,,ANGLE,,, -siemens s7-300,,,,,anicust,,, -siemens s7-300,,,,,ANICUST,,, -siemens s7-300,,,,,anla,,, -siemens s7-300,,,,,ANLA,,, -siemens s7-300,,,,,anleim,,, -siemens s7-300,,,,,Anleim,,, -siemens s7-300,,,,,ANLEIM,,, -siemens s7-300,,,,,anritsu,,, -siemens s7-300,,,,,ANRITSU,,, -siemens s7-300,,,,,ANS#150,,, -siemens s7-300,,,,,anshan,,, -siemens s7-300,,,,,ANSHAN,,, -siemens s7-300,,,,,ansmann,,, -siemens s7-300,,,,,ANSMANN,,, -siemens s7-300,,,,,any@,,, -siemens s7-300,,,,,anycom,,, -siemens s7-300,,,,,ANYCOM,,, -siemens s7-300,,,,,anydata,,, -siemens s7-300,,,,,ANYDATA,,, -siemens s7-300,,,,,anyone,,, -siemens s7-300,,,,,ANYONE,,, -siemens s7-300,,,,,anyway,,, -siemens s7-300,,,,,ANYWAY,,, -siemens s7-300,,,,,apbodiur,,, -siemens s7-300,,,,,APBODIUR,,, -siemens s7-300,,,,,apc,,, -siemens s7-300,,,,,APC,,, -siemens s7-300,,,,,apem,,, -siemens s7-300,,,,,APEM,,, -siemens s7-300,,,,,apex,,, -siemens s7-300,,,,,APEX,,, -siemens s7-300,,,,,api,,, -siemens s7-300,,,,,API,,, -siemens s7-300,,,,,aplus,,, -siemens s7-300,,,,,APLUS,,, -siemens s7-300,,,,,apm,,, -siemens s7-300,,,,,APM,,, -siemens s7-300,,,,,a-power,,, -siemens s7-300,,,,,A-POWER,,, -siemens s7-300,,,,,app,,, -siemens s7-300,,,,,APP,,, -siemens s7-300,,,,,applied,,, -siemens s7-300,,,,,APPLIED,,, -siemens s7-300,,,,,apra,,, -siemens s7-300,,,,,APRA,,, -siemens s7-300,,,,,arsenal,,, -siemens s7-300,,,,,ARSENAL,,, -siemens s7-300,,,,,articon,,, -siemens s7-300,,,,,ARTICON,,, -siemens s7-300,,,,,asante,,, -siemens s7-300,,,,,Asante,,, -siemens s7-300,,,,,ASANTE,,, -siemens s7-300,,,,,ascend,,, -siemens s7-300,,,,,Ascend,,, -siemens s7-300,,,,,ASCEND,,, -siemens s7-300,,,,,asd,,, -siemens s7-300,,,,,ASD,,, -siemens s7-300,,,,,asdf,,, -siemens s7-300,,,,,ASDF,,, -siemens s7-300,,,,,asdfg,,, -siemens s7-300,,,,,ASDFG,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,ASDFGH,,, -siemens s7-300,,,,,asdfghj,,, -siemens s7-300,,,,,ASDFGHJ,,, -siemens s7-300,,,,,asdfghjk,,, -siemens s7-300,,,,,ASDFGHJK,,, -siemens s7-300,,,,,asi,,, -siemens s7-300,,,,,ASI,,, -siemens s7-300,,,,,asutp,,, -siemens s7-300,,,,,ASUTP,,, -siemens s7-300,,,,,at4400,,, -siemens s7-300,,,,,AT4400,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,ATC,,, -siemens s7-300,,,,,atc123,,, -siemens s7-300,,,,,ATC123,,, -siemens s7-300,,,,,atlantis,,, -siemens s7-300,,,,,ATLANTIS,,, -siemens s7-300,,,,,attack,,, -siemens s7-300,,,,,ATTACK,,, -siemens s7-300,,,,,autohors,,, -siemens s7-300,,,,,AUTOHORS,,, -siemens s7-300,,,,,azsxdc,,, -siemens s7-300,,,,,AZSXDC,,, -siemens s7-300,,,,,b,,, -siemens s7-300,,,,,B,,, -siemens s7-300,,,,,b&r,,, -siemens s7-300,,,,,B&R,,, -siemens s7-300,,,,,B2H4,,, -siemens s7-300,,,,,B9W3,,, -siemens s7-300,,,,,back,,, -siemens s7-300,,,,,BACK,,, -siemens s7-300,,,,,backdoor,,, -siemens s7-300,,,,,BACKDOOR,,, -siemens s7-300,,,,,badboy,,, -siemens s7-300,,,,,BADBOY,,, -siemens s7-300,,,,,barricade,,, -siemens s7-300,,,,,BARRICADE,,, -siemens s7-300,,,,,baseball,,, -siemens s7-300,,,,,BASEBALL,,, -siemens s7-300,,,,,bb,,, -siemens s7-300,,,,,BB,,, -siemens s7-300,,,,,bbb,,, -siemens s7-300,,,,,BBB,,, -siemens s7-300,,,,,bbbb,,, -siemens s7-300,,,,,BBBB,,, -siemens s7-300,,,,,bbbbb,,, -siemens s7-300,,,,,BBBBB,,, -siemens s7-300,,,,,bbbbbb,,, -siemens s7-300,,,,,BBBBBB,,, -siemens s7-300,,,,,bbbbbbb,,, -siemens s7-300,,,,,BBBBBBB,,, -siemens s7-300,,,,,bbbbbbbb,,, -siemens s7-300,,,,,BBBBBBBB,,, -siemens s7-300,,,,,bciimpw,,, -siemens s7-300,,,,,BCIIMPW,,, -siemens s7-300,,,,,bcimpw,,, -siemens s7-300,,,,,BCIMPW,,, -siemens s7-300,,,,,bcnaspw,,, -siemens s7-300,,,,,BCNASPW,,, -siemens s7-300,,,,,beatch,,, -siemens s7-300,,,,,BEATCH,,, -siemens s7-300,,,,,beerbeer,,, -siemens s7-300,,,,,BEERBEER,,, -siemens s7-300,,,,,betera,,, -siemens s7-300,,,,,BETERA,,, -siemens s7-300,,,,,bible,,, -siemens s7-300,,,,,BIBLE,,, -siemens s7-300,,,,,bintec,,, -siemens s7-300,,,,,BINTEC,,, -siemens s7-300,,,,,birdie,,, -siemens s7-300,,,,,BIRDIE,,, -siemens s7-300,,,,,black,,, -siemens s7-300,,,,,BLACK,,, -siemens s7-300,,,,,blaster,,, -siemens s7-300,,,,,BLASTER,,, -siemens s7-300,,,,,blender,,, -siemens s7-300,,,,,BLENDER,,, -siemens s7-300,,,,,blink,,, -siemens s7-300,,,,,BLINK,,, -siemens s7-300,,,,,blink182,,, -siemens s7-300,,,,,BLINK182,,, -siemens s7-300,,,,,bluepw,,, -siemens s7-300,,,,,BLUEPW,,, -siemens s7-300,,,,,bowling,,, -siemens s7-300,,,,,BOWLING,,, -siemens s7-300,,,,,bradley,,, -siemens s7-300,,,,,BRADLEY,,, -siemens s7-300,,,,,bridge,,, -siemens s7-300,,,,,BRIDGE,,, -siemens s7-300,,,,,bright,,, -siemens s7-300,,,,,BRIGHT,,, -siemens s7-300,,,,,c,,, -siemens s7-300,,,,,C,,, -siemens s7-300,,,,,ca01,,, -siemens s7-300,,,,,CA01,,, -siemens s7-300,,,,,cacadmin,,, -siemens s7-300,,,,,CACADMIN,,, -siemens s7-300,,,,,cactus,,, -siemens s7-300,,,,,CACTUS,,, -siemens s7-300,,,,,calvin,,, -siemens s7-300,,,,,CALVIN,,, -siemens s7-300,,,,,can,,, -siemens s7-300,,,,,CAN,,, -siemens s7-300,,,,,canbus,,, -siemens s7-300,,,,,CANBUS,,, -siemens s7-300,,,,,carolian,,, -siemens s7-300,,,,,CAROLIAN,,, -siemens s7-300,,,,,cascade,,, -siemens s7-300,,,,,CASCADE,,, -siemens s7-300,,,,,cc,,, -siemens s7-300,,,,,CC,,, -siemens s7-300,,,,,ccc,,, -siemens s7-300,,,,,CCC,,, -siemens s7-300,,,,,cccc,,, -siemens s7-300,,,,,CCCC,,, -siemens s7-300,,,,,ccccc,,, -siemens s7-300,,,,,CCCCC,,, -siemens s7-300,,,,,cccccc,,, -siemens s7-300,,,,,CCCCCC,,, -siemens s7-300,,,,,ccccccc,,, -siemens s7-300,,,,,CCCCCCC,,, -siemens s7-300,,,,,cccccccc,,, -siemens s7-300,,,,,CCCCCCCC,,, -siemens s7-300,,,,,ccrusr,,, -siemens s7-300,,,,,CCRUSR,,, -siemens s7-300,,,,,cellit,,, -siemens s7-300,,,,,CELLIT,,, -siemens s7-300,,,,,cfc,,, -siemens s7-300,,,,,CFC,,, -siemens s7-300,,,,,CHABGEME,,, -siemens s7-300,,,,,changeme,,, -siemens s7-300,,,,,CHANGEME,,, -siemens s7-300,,,,,changit,,, -siemens s7-300,,,,,CHANGIT,,, -siemens s7-300,,,,,charlie,,, -siemens s7-300,,,,,CHARLIE,,, -siemens s7-300,,,,,cisco,,, -siemens s7-300,,,,,Cisco,,, -siemens s7-300,,,,,CISCO,,, -siemens s7-300,,,,,citel,,, -siemens s7-300,,,,,CITEL,,, -siemens s7-300,,,,,client,,, -siemens s7-300,,,,,CLIENT,,, -siemens s7-300,,,,,cmaker,,, -siemens s7-300,,,,,CMAKER,,, -siemens s7-300,,,,,cms500,,, -siemens s7-300,,,,,CMS500,,, -siemens s7-300,,,,,cnas,,, -siemens s7-300,,,,,CNAS,,, -siemens s7-300,,,,,cody,,, -siemens s7-300,,,,,CODY,,, -siemens s7-300,,,,,cognos,,, -siemens s7-300,,,,,COGNOS,,, -siemens s7-300,,,,,Col2ogro2,,, -siemens s7-300,,,,,computer,,, -siemens s7-300,,,,,COMPUTER,,, -siemens s7-300,,,,,connect,,, -siemens s7-300,,,,,CONNECT,,, -siemens s7-300,,,,,conv,,, -siemens s7-300,,,,,CONV,,, -siemens s7-300,,,,,cool,,, -siemens s7-300,,,,,COOL,,, -siemens s7-300,,,,,corecess,,, -siemens s7-300,,,,,CORECESS,,, -siemens s7-300,,,,,cosmos,,, -siemens s7-300,,,,,COSMOS,,, -siemens s7-300,,,,,craft,,, -siemens s7-300,,,,,CRAFT,,, -siemens s7-300,,,,,craftpw,,, -siemens s7-300,,,,,CRAFTPW,,, -siemens s7-300,,,,,crftpw,,, -siemens s7-300,,,,,CRFTPW,,, -siemens s7-300,,,,,crystal,,, -siemens s7-300,,,,,CRYSTAL,,, -siemens s7-300,,,,,ct/1,,, -siemens s7-300,,,,,customer,,, -siemens s7-300,,,,,CUSTOMER,,, -siemens s7-300,,,,,custpw,,, -siemens s7-300,,,,,CUSTPW,,, -siemens s7-300,,,,,d,,, -siemens s7-300,,,,,D,,, -siemens s7-300,,,,,d.e.b.u.g,,, -siemens s7-300,,,,,d00m,,, -siemens s7-300,,,,,D00M,,, -siemens s7-300,,,,,dadmin01,,, -siemens s7-300,,,,,DADMIN01,,, -siemens s7-300,,,,,danger,,, -siemens s7-300,,,,,DANGER,,, -siemens s7-300,,,,,database,,, -siemens s7-300,,,,,DATABASE,,, -siemens s7-300,,,,,davox,,, -siemens s7-300,,,,,dbps,,, -siemens s7-300,,,,,DBPS,,, -siemens s7-300,,,,,dd,,, -siemens s7-300,,,,,DD,,, -siemens s7-300,,,,,ddd,,, -siemens s7-300,,,,,DDD,,, -siemens s7-300,,,,,dddd,,, -siemens s7-300,,,,,DDDD,,, -siemens s7-300,,,,,ddddd,,, -siemens s7-300,,,,,DDDDD,,, -siemens s7-300,,,,,dddddd,,, -siemens s7-300,,,,,DDDDDD,,, -siemens s7-300,,,,,ddddddd,,, -siemens s7-300,,,,,DDDDDDD,,, -siemens s7-300,,,,,dddddddd,,, -siemens s7-300,,,,,DDDDDDDD,,, -siemens s7-300,,,,,dean,,, -siemens s7-300,,,,,DEAN,,, -siemens s7-300,,,,,default,,, -siemens s7-300,,,,,DEFAULT,,, -siemens s7-300,,,,,delevan,,, -siemens s7-300,,,,,demo,,, -siemens s7-300,,,,,DEMO,,, -siemens s7-300,,,,,denise,,, -siemens s7-300,,,,,DENISE,,, -siemens s7-300,,,,,derparol,,, -siemens s7-300,,,,,DERPAROL,,, -siemens s7-300,,,,,DEVEVAN,,, -siemens s7-300,,,,,device,,, -siemens s7-300,,,,,DEVICE,,, -siemens s7-300,,,,,devices,,, -siemens s7-300,,,,,DEVICES,,, -siemens s7-300,,,,,dhs3mt,,, -siemens s7-300,,,,,DHS3MT,,, -siemens s7-300,,,,,dhs3pms,,, -siemens s7-300,,,,,DHS3PMS,,, -siemens s7-300,,,,,diabl0,,, -siemens s7-300,,,,,DIABL0,,, -siemens s7-300,,,,,diablo,,, -siemens s7-300,,,,,DIABLO,,, -siemens s7-300,,,,,diamond,,, -siemens s7-300,,,,,DIAMOND,,, -siemens s7-300,,,,,digital,,, -siemens s7-300,,,,,DIGITAL,,, -siemens s7-300,,,,,DL20,,, -siemens s7-300,,,,,dlink,,, -siemens s7-300,,,,,D-Link,,, -siemens s7-300,,,,,DLINK,,, -siemens s7-300,,,,,dollar,,, -siemens s7-300,,,,,DOLLAR,,, -siemens s7-300,,,,,doom,,, -siemens s7-300,,,,,DOOM,,, -siemens s7-300,,,,,draadloos,,, -siemens s7-300,,,,,DRAADLOOS,,, -siemens s7-300,,,,,drivees,,, -siemens s7-300,,,,,DRIVEES,,, -siemens s7-300,,,,,e,,, -siemens s7-300,,,,,E,,, -siemens s7-300,,,,,echo,,, -siemens s7-300,,,,,ECHO,,, -siemens s7-300,,,,,ee,,, -siemens s7-300,,,,,EE,,, -siemens s7-300,,,,,eee,,, -siemens s7-300,,,,,EEE,,, -siemens s7-300,,,,,eeee,,, -siemens s7-300,,,,,EEEE,,, -siemens s7-300,,,,,eeeee,,, -siemens s7-300,,,,,EEEEE,,, -siemens s7-300,,,,,eeeeee,,, -siemens s7-300,,,,,EEEEEE,,, -siemens s7-300,,,,,eeeeeee,,, -siemens s7-300,,,,,EEEEEEE,,, -siemens s7-300,,,,,eeeeeeee,,, -siemens s7-300,,,,,EEEEEEEE,,, -siemens s7-300,,,,,EGDFV,,, -siemens s7-300,,,,,electrin,,, -siemens s7-300,,,,,ELECTRIN,,, -siemens s7-300,,,,,elvis,,, -siemens s7-300,,,,,ELVIS,,, -siemens s7-300,,,,,enable,,, -siemens s7-300,,,,,ENABLE,,, -siemens s7-300,,,,,energy,,, -siemens s7-300,,,,,ENERGY,,, -siemens s7-300,,,,,engineer,,, -siemens s7-300,,,,,ENGINEER,,, -siemens s7-300,,,,,eqdfv,,, -siemens s7-300,,,,,err0r,,, -siemens s7-300,,,,,ERR0R,,, -siemens s7-300,,,,,error,,, -siemens s7-300,,,,,evening,,, -siemens s7-300,,,,,EVENING,,, -siemens s7-300,,,,,Exabyte,,, -siemens s7-300,,,,,EXABYTE,,, -siemens s7-300,,,,,expert03,,, -siemens s7-300,,,,,EXPERT03,,, -siemens s7-300,,,,,f,,, -siemens s7-300,,,,,F,,, -siemens s7-300,,,,,father,,, -siemens s7-300,,,,,FATHER,,, -siemens s7-300,,,,,fbd,,, -siemens s7-300,,,,,FBD,,, -siemens s7-300,,,,,ff,,, -siemens s7-300,,,,,FF,,, -siemens s7-300,,,,,fff,,, -siemens s7-300,,,,,FFF,,, -siemens s7-300,,,,,ffff,,, -siemens s7-300,,,,,FFFF,,, -siemens s7-300,,,,,fffff,,, -siemens s7-300,,,,,FFFFF,,, -siemens s7-300,,,,,ffffff,,, -siemens s7-300,,,,,FFFFFF,,, -siemens s7-300,,,,,fffffff,,, -siemens s7-300,,,,,FFFFFFF,,, -siemens s7-300,,,,,ffffffff,,, -siemens s7-300,,,,,FFFFFFFF,,, -siemens s7-300,,,,,field,,, -siemens s7-300,,,,,FIELD,,, -siemens s7-300,,,,,fire,,, -siemens s7-300,,,,,FIRE,,, -siemens s7-300,,,,,Fireport,,, -siemens s7-300,,,,,FIREPORT,,, -siemens s7-300,,,,,fish,,, -siemens s7-300,,,,,FISH,,, -siemens s7-300,,,,,fivranne,,, -siemens s7-300,,,,,FIVRANNE,,, -siemens s7-300,,,,,flash,,, -siemens s7-300,,,,,FLASH,,, -siemens s7-300,,,,,flex,,, -siemens s7-300,,,,,FLEX,,, -siemens s7-300,,,,,flexible,,, -siemens s7-300,,,,,FLEXIBLE,,, -siemens s7-300,,,,,football,,, -siemens s7-300,,,,,FOOTBALL,,, -siemens s7-300,,,,,friend,,, -siemens s7-300,,,,,FRIEND,,, -siemens s7-300,,,,,fuck,,, -siemens s7-300,,,,,FUCK,,, -siemens s7-300,,,,,fuckoff,,, -siemens s7-300,,,,,FUCKOFF,,, -siemens s7-300,,,,,fuckyou,,, -siemens s7-300,,,,,FUCKYOU,,, -siemens s7-300,,,,,g,,, -siemens s7-300,,,,,G,,, -siemens s7-300,,,,,g00gle,,, -siemens s7-300,,,,,G00GLE,,, -siemens s7-300,,,,,G0F9,,, -siemens s7-300,,,,,G0K1,,, -siemens s7-300,,,,,G6K6,,, -siemens s7-300,,,,,gama,,, -siemens s7-300,,,,,GAMA,,, -siemens s7-300,,,,,ganteng,,, -siemens s7-300,,,,,GAWSED,,, -siemens s7-300,,,,,Geardog,,, -siemens s7-300,,,,,GEARDOG,,, -siemens s7-300,,,,,gen1,,, -siemens s7-300,,,,,gen2,,, -siemens s7-300,,,,,gfcc,,, -siemens s7-300,,,,,GFCC,,, -siemens s7-300,,,,,gfccdjhl,,, -siemens s7-300,,,,,GFCCDJHL,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,GFHJKM,,, -siemens s7-300,,,,,gg,,, -siemens s7-300,,,,,GG,,, -siemens s7-300,,,,,ggg,,, -siemens s7-300,,,,,GGG,,, -siemens s7-300,,,,,gggg,,, -siemens s7-300,,,,,GGGG,,, -siemens s7-300,,,,,ggggg,,, -siemens s7-300,,,,,GGGGG,,, -siemens s7-300,,,,,gggggg,,, -siemens s7-300,,,,,GGGGGG,,, -siemens s7-300,,,,,ggggggg,,, -siemens s7-300,,,,,GGGGGGG,,, -siemens s7-300,,,,,gggggggg,,, -siemens s7-300,,,,,GGGGGGGG,,, -siemens s7-300,,,,,ghbdtn,,, -siemens s7-300,,,,,GHBDTN,,, -siemens s7-300,,,,,GHOST,,, -siemens s7-300,,,,,ghost,,, -siemens s7-300,,,,,goal,,, -siemens s7-300,,,,,GOAL,,, -siemens s7-300,,,,,golf,,, -siemens s7-300,,,,,GOLF,,, -siemens s7-300,,,,,google,,, -siemens s7-300,,,,,GOOGLE,,, -siemens s7-300,,,,,got,,, -siemens s7-300,,,,,GOT,,, -siemens s7-300,,,,,guest,,, -siemens s7-300,,,,,GUEST,,, -siemens s7-300,,,,,h,,, -siemens s7-300,,,,,H,,, -siemens s7-300,,,,,hardware,,, -siemens s7-300,,,,,HARDWARE,,, -siemens s7-300,,,,,harley,,, -siemens s7-300,,,,,helen,,, -siemens s7-300,,,,,HELEN,,, -siemens s7-300,,,,,hello,,, -siemens s7-300,,,,,HELLO,,, -siemens s7-300,,,,,help,,, -siemens s7-300,,,,,HELP,,, -siemens s7-300,,,,,help1954,,, -siemens s7-300,,,,,HELP1954,,, -siemens s7-300,,,,,Helpdesk,,, -siemens s7-300,,,,,HELPDESK,,, -siemens s7-300,,,,,hexseal,,, -siemens s7-300,,,,,HEXSEAL,,, -siemens s7-300,,,,,hh,,, -siemens s7-300,,,,,HH,,, -siemens s7-300,,,,,hhh,,, -siemens s7-300,,,,,HHH,,, -siemens s7-300,,,,,hhhh,,, -siemens s7-300,,,,,HHHH,,, -siemens s7-300,,,,,hhhhh,,, -siemens s7-300,,,,,HHHHH,,, -siemens s7-300,,,,,hhhhhh,,, -siemens s7-300,,,,,HHHHHH,,, -siemens s7-300,,,,,hhhhhhh,,, -siemens s7-300,,,,,HHHHHHH,,, -siemens s7-300,,,,,hhhhhhhh,,, -siemens s7-300,,,,,HHHHHHHH,,, -siemens s7-300,,,,,highspeed,,, -siemens s7-300,,,,,HIGHSPEED,,, -siemens s7-300,,,,,hinear,,, -siemens s7-300,,,,,HINEAR,,, -siemens s7-300,,,,,home,,, -siemens s7-300,,,,,HOME,,, -siemens s7-300,,,,,homeplug,,, -siemens s7-300,,,,,HomePlug,,, -siemens s7-300,,,,,HOMEPLUG,,, -siemens s7-300,,,,,honda,,, -siemens s7-300,,,,,HONDA,,, -siemens s7-300,,,,,HP,,, -siemens s7-300,,,,,hp.com,,, -siemens s7-300,,,,,hpoffice,,, -siemens s7-300,,,,,HPOFFICE,,, -siemens s7-300,,,,,hponly,,, -siemens s7-300,,,,,HPONLY,,, -siemens s7-300,,,,,HPP187,,, -siemens s7-300,,,,,HPP189,,, -siemens s7-300,,,,,HPP196,,, -siemens s7-300,,,,,hrloo,,, -siemens s7-300,,,,,HRLOO,,, -siemens s7-300,,,,,hsadb,,, -siemens s7-300,,,,,http,,, -siemens s7-300,,,,,HTTP,,, -siemens s7-300,,,,,i,,, -siemens s7-300,,,,,I,,, -siemens s7-300,,,,,iDirect,,, -siemens s7-300,,,,,IDIRECT,,, -siemens s7-300,,,,,ii,,, -siemens s7-300,,,,,II,,, -siemens s7-300,,,,,iii,,, -siemens s7-300,,,,,III,,, -siemens s7-300,,,,,iiii,,, -siemens s7-300,,,,,IIII,,, -siemens s7-300,,,,,iiiii,,, -siemens s7-300,,,,,IIIII,,, -siemens s7-300,,,,,iiiiii,,, -siemens s7-300,,,,,IIIIII,,, -siemens s7-300,,,,,iiiiiii,,, -siemens s7-300,,,,,IIIIIII,,, -siemens s7-300,,,,,iiiiiiii,,, -siemens s7-300,,,,,IIIIIIII,,, -siemens s7-300,,,,,ILMI,,, -siemens s7-300,,,,,iloveyou,,, -siemens s7-300,,,,,ILOVEYOU,,, -siemens s7-300,,,,,images,,, -siemens s7-300,,,,,IMAGES,,, -siemens s7-300,,,,,inads,,, -siemens s7-300,,,,,INADS,,, -siemens s7-300,,,,,inc,,, -siemens s7-300,,,,,INC,,, -siemens s7-300,,,,,indspw,,, -siemens s7-300,,,,,INDSPW,,, -siemens s7-300,,,,,inferno,,, -siemens s7-300,,,,,INFERNO,,, -siemens s7-300,,,,,initpw,,, -siemens s7-300,,,,,INITPW,,, -siemens s7-300,,,,,Inmet,,, -siemens s7-300,,,,,inmet,,, -siemens s7-300,,,,,INMET,,, -siemens s7-300,,,,,Intel,,, -siemens s7-300,,,,,INTEL,,, -siemens s7-300,,,,,internet,,, -siemens s7-300,,,,,Internet,,, -siemens s7-300,,,,,INTERNET,,, -siemens s7-300,,,,,INTX3,,, -siemens s7-300,,,,,ironport,,, -siemens s7-300,,,,,IRONPORT,,, -siemens s7-300,,,,,isee,,, -siemens s7-300,,,,,ISEE,,, -siemens s7-300,,,,,isp,,, -siemens s7-300,,,,,ISP,,, -siemens s7-300,,,,,ITF3000,,, -siemens s7-300,,,,,j,,, -siemens s7-300,,,,,J,,, -siemens s7-300,,,,,J6R6,,, -siemens s7-300,,,,,J6W8,,, -siemens s7-300,,,,,jack,,, -siemens s7-300,,,,,JACK,,, -siemens s7-300,,,,,janet,,, -siemens s7-300,,,,,JANET,,, -siemens s7-300,,,,,jannie,,, -siemens s7-300,,,,,JANNIE,,, -siemens s7-300,,,,,jasmine,,, -siemens s7-300,,,,,JASMINE,,, -siemens s7-300,,,,,JDE,,, -siemens s7-300,,,,,jj,,, -siemens s7-300,,,,,JJ,,, -siemens s7-300,,,,,jjj,,, -siemens s7-300,,,,,JJJ,,, -siemens s7-300,,,,,jjjj,,, -siemens s7-300,,,,,JJJJ,,, -siemens s7-300,,,,,jjjjj,,, -siemens s7-300,,,,,JJJJJ,,, -siemens s7-300,,,,,jjjjjj,,, -siemens s7-300,,,,,JJJJJJ,,, -siemens s7-300,,,,,jjjjjjj,,, -siemens s7-300,,,,,JJJJJJJ,,, -siemens s7-300,,,,,jjjjjjjj,,, -siemens s7-300,,,,,JJJJJJJJ,,, -siemens s7-300,,,,,JOCKER,,, -siemens s7-300,,,,,john,,, -siemens s7-300,,,,,JOHN,,, -siemens s7-300,,,,,joker,,, -siemens s7-300,,,,,jordan,,, -siemens s7-300,,,,,JORDAN,,, -siemens s7-300,,,,,jordan23,,, -siemens s7-300,,,,,JORDAN23,,, -siemens s7-300,,,,,JR58,,, -siemens s7-300,,,,,JR59,,, -siemens s7-300,,,,,k,,, -siemens s7-300,,,,,K,,, -siemens s7-300,,,,,kermit,,, -siemens s7-300,,,,,KERMIT,,, -siemens s7-300,,,,,killer,,, -siemens s7-300,,,,,KILLER,,, -siemens s7-300,,,,,killme,,, -siemens s7-300,,,,,kilo1987,,, -siemens s7-300,,,,,KILO1987,,, -siemens s7-300,,,,,kk,,, -siemens s7-300,,,,,KK,,, -siemens s7-300,,,,,kkk,,, -siemens s7-300,,,,,KKK,,, -siemens s7-300,,,,,kkkk,,, -siemens s7-300,,,,,KKKK,,, -siemens s7-300,,,,,kkkkk,,, -siemens s7-300,,,,,KKKKK,,, -siemens s7-300,,,,,kkkkkk,,, -siemens s7-300,,,,,KKKKKK,,, -siemens s7-300,,,,,kkkkkkk,,, -siemens s7-300,,,,,KKKKKKK,,, -siemens s7-300,,,,,kkkkkkkk,,, -siemens s7-300,,,,,KKKKKKKK,,, -siemens s7-300,,,,,korn,,, -siemens s7-300,,,,,KORN,,, -siemens s7-300,,,,,l,,, -siemens s7-300,,,,,L,,, -siemens s7-300,,,,,lad,,, -siemens s7-300,,,,,LAD,,, -siemens s7-300,,,,,laflaf,,, -siemens s7-300,,,,,LAFLAF,,, -siemens s7-300,,,,,letacla,,, -siemens s7-300,,,,,LETACLA,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,LETMEIN,,, -siemens s7-300,,,,,level1,,, -siemens s7-300,,,,,LEVEL1,,, -siemens s7-300,,,,,leviton,,, -siemens s7-300,,,,,LEVITON,,, -siemens s7-300,,,,,LILLME,,, -siemens s7-300,,,,,linga,,, -siemens s7-300,,,,,LINGA,,, -siemens s7-300,,,,,linux,,, -siemens s7-300,,,,,LINUX,,, -siemens s7-300,,,,,lisa,,, -siemens s7-300,,,,,LISA,,, -siemens s7-300,,,,,ll,,, -siemens s7-300,,,,,LL,,, -siemens s7-300,,,,,llatsni,,, -siemens s7-300,,,,,LLATSNI,,, -siemens s7-300,,,,,lll,,, -siemens s7-300,,,,,LLL,,, -siemens s7-300,,,,,llll,,, -siemens s7-300,,,,,LLLL,,, -siemens s7-300,,,,,lllll,,, -siemens s7-300,,,,,LLLLL,,, -siemens s7-300,,,,,llllll,,, -siemens s7-300,,,,,LLLLLL,,, -siemens s7-300,,,,,lllllll,,, -siemens s7-300,,,,,LLLLLLL,,, -siemens s7-300,,,,,llllllll,,, -siemens s7-300,,,,,LLLLLLLL,,, -siemens s7-300,,,,,locatepw,,, -siemens s7-300,,,,,LOCATEPW,,, -siemens s7-300,,,,,lock,,, -siemens s7-300,,,,,LOCK,,, -siemens s7-300,,,,,login,,, -siemens s7-300,,,,,LOGIN,,, -siemens s7-300,,,,,looker,,, -siemens s7-300,,,,,LOOKER,,, -siemens s7-300,,,,,lotus,,, -siemens s7-300,,,,,LOTUS,,, -siemens s7-300,,,,,love,,, -siemens s7-300,,,,,LOVE,,, -siemens s7-300,,,,,ltd,,, -siemens s7-300,,,,,LTD,,, -siemens s7-300,,,,,lucky,,, -siemens s7-300,,,,,LUCKY,,, -siemens s7-300,,,,,m,,, -siemens s7-300,,,,,M,,, -siemens s7-300,,,,,m1122,,, -siemens s7-300,,,,,M1122,,, -siemens s7-300,,,,,mail,,, -siemens s7-300,,,,,MAIL,,, -siemens s7-300,,,,,maint,,, -siemens s7-300,,,,,MAINT,,, -siemens s7-300,,,,,maintpw,,, -siemens s7-300,,,,,MAINTPW,,, -siemens s7-300,,,,,manager,,, -siemens s7-300,,,,,Manager,,, -siemens s7-300,,,,,MANAGER,,, -siemens s7-300,,,,,maniac,,, -siemens s7-300,,,,,MANIAC,,, -siemens s7-300,,,,,master,,, -siemens s7-300,,,,,Master,,, -siemens s7-300,,,,,MASTER,,, -siemens s7-300,,,,,masterkey,,, -siemens s7-300,,,,,MASTERKEY,,, -siemens s7-300,,,,,Mau'dib,,, -siemens s7-300,,,,,mediator,,, -siemens s7-300,,,,,MEDIATOR,,, -siemens s7-300,,,,,medion,,, -siemens s7-300,,,,,MEDION,,, -siemens s7-300,,,,,MGR,,, -siemens s7-300,,,,,micro,,, -siemens s7-300,,,,,MICRO,,, -siemens s7-300,,,,,microwav,,, -siemens s7-300,,,,,MICROWAV,,, -siemens s7-300,,,,,miller,,, -siemens s7-300,,,,,MILLLER,,, -siemens s7-300,,,,,MiniAP,,, -siemens s7-300,,,,,mis,,, -siemens s7-300,,,,,MIS,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ_,,, -siemens s7-300,,,,,mlusr,,, -siemens s7-300,,,,,MLUSR,,, -siemens s7-300,,,,,mm,,, -siemens s7-300,,,,,MM,,, -siemens s7-300,,,,,mmm,,, -siemens s7-300,,,,,MMM,,, -siemens s7-300,,,,,mmmm,,, -siemens s7-300,,,,,MMMM,,, -siemens s7-300,,,,,mmmmm,,, -siemens s7-300,,,,,MMMMM,,, -siemens s7-300,,,,,mmmmmm,,, -siemens s7-300,,,,,MMMMMM,,, -siemens s7-300,,,,,mmmmmmm,,, -siemens s7-300,,,,,MMMMMMM,,, -siemens s7-300,,,,,mmmmmmmm,,, -siemens s7-300,,,,,MMMMMMMM,,, -siemens s7-300,,,,,modul,,, -siemens s7-300,,,,,MODUL,,, -siemens s7-300,,,,,module,,, -siemens s7-300,,,,,MODULE,,, -siemens s7-300,,,,,money,,, -siemens s7-300,,,,,MONEY,,, -siemens s7-300,,,,,monitor,,, -siemens s7-300,,,,,MONITOR,,, -siemens s7-300,,,,,monkey,,, -siemens s7-300,,,,,MONKEY,,, -siemens s7-300,,,,,mosmatic,,, -siemens s7-300,,,,,MOSMATIC,,, -siemens s7-300,,,,,mother,,, -siemens s7-300,,,,,MOTHER,,, -siemens s7-300,,,,,motorola,,, -siemens s7-300,,,,,MOTOROLA,,, -siemens s7-300,,,,,mouse,,, -siemens s7-300,,,,,MOUSE,,, -siemens s7-300,,,,,MPE,,, -siemens s7-300,,,,,MServer,,, -siemens s7-300,,,,,mtch,,, -siemens s7-300,,,,,MTCH,,, -siemens s7-300,,,,,Multi,,, -siemens s7-300,,,,,mustang,,, -siemens s7-300,,,,,MUSTANG,,, -siemens s7-300,,,,,mypass,,, -siemens s7-300,,,,,MYPASS,,, -siemens s7-300,,,,,mypass123,,, -siemens s7-300,,,,,MYPASS123,,, -siemens s7-300,,,,,mypc,,, -siemens s7-300,,,,,MYPC,,, -siemens s7-300,,,,,mypc123,,, -siemens s7-300,,,,,MYPC123,,, -siemens s7-300,,,,,myspace,,, -siemens s7-300,,,,,MYSPACE,,, -siemens s7-300,,,,,myspace1,,, -siemens s7-300,,,,,MYSPACE1,,, -siemens s7-300,,,,,n,,, -siemens s7-300,,,,,N,,, -siemens s7-300,,,,,n/a,,, -siemens s7-300,,,,,N/A,,, -siemens s7-300,,,,,naadmin,,, -siemens s7-300,,,,,NAADMIN,,, -siemens s7-300,,,,,naranja,,, -siemens s7-300,,,,,NARANJA,,, -siemens s7-300,,,,,NAU,,, -siemens s7-300,,,,,Net,,, -siemens s7-300,,,,,NET,,, -siemens s7-300,,,,,netadmin,,, -siemens s7-300,,,,,NETADMIN,,, -siemens s7-300,,,,,netbase,,, -siemens s7-300,,,,,NETBASE,,, -siemens s7-300,,,,,NetCache,,, -siemens s7-300,,,,,NETCACHE,,, -siemens s7-300,,,,,NetICs,,, -siemens s7-300,,,,,netman,,, -siemens s7-300,,,,,NETMAN,,, -siemens s7-300,,,,,netopia,,, -siemens s7-300,,,,,NETOPIA,,, -siemens s7-300,,,,,netscreen,,, -siemens s7-300,,,,,NETSCREEN,,, -siemens s7-300,,,,,netutil,,, -siemens s7-300,,,,,NETUTIL,,, -siemens s7-300,,,,,NetVCR,,, -siemens s7-300,,,,,NETVCR,,, -siemens s7-300,,,,,network,,, -siemens s7-300,,,,,NETWORK,,, -siemens s7-300,,,,,newpass,,, -siemens s7-300,,,,,NEWPASS,,, -siemens s7-300,,,,,niconex,,, -siemens s7-300,,,,,NICONEX,,, -siemens s7-300,,,,,nimdaten,,, -siemens s7-300,,,,,NIMDATEN,,, -siemens s7-300,,,,,nmspw,,, -siemens s7-300,,,,,NMSPW,,, -siemens s7-300,,,,,nn,,, -siemens s7-300,,,,,NN,,, -siemens s7-300,,,,,nnn,,, -siemens s7-300,,,,,NNN,,, -siemens s7-300,,,,,nnnn,,, -siemens s7-300,,,,,NNNN,,, -siemens s7-300,,,,,nnnnn,,, -siemens s7-300,,,,,NNNNN,,, -siemens s7-300,,,,,nnnnnn,,, -siemens s7-300,,,,,NNNNNN,,, -siemens s7-300,,,,,nnnnnnn,,, -siemens s7-300,,,,,NNNNNNN,,, -siemens s7-300,,,,,nnnnnnnn,,, -siemens s7-300,,,,,NNNNNNNN,,, -siemens s7-300,,,,,nokai,,, -siemens s7-300,,,,,NOKAI,,, -siemens s7-300,,,,,notused,,, -siemens s7-300,,,,,NOTUSED,,, -siemens s7-300,,,,,noway,,, -siemens s7-300,,,,,NOWAY,,, -siemens s7-300,,,,,NSADB,,, -siemens s7-300,,,,,ntacdmax,,, -siemens s7-300,,,,,NTACDMAX,,, -siemens s7-300,,,,,null,,, -siemens s7-300,,,,,NULL,,, -siemens s7-300,,,,,o,,, -siemens s7-300,,,,,O,,, -siemens s7-300,,,,,OCS,,, -siemens s7-300,,,,,oem,,, -siemens s7-300,,,,,OEM,,, -siemens s7-300,,,,,OkiLAN,,, -siemens s7-300,,,,,OKILAN,,, -siemens s7-300,,,,,omron,,, -siemens s7-300,,,,,OMRON,,, -siemens s7-300,,,,,oo,,, -siemens s7-300,,,,,OO,,, -siemens s7-300,,,,,ooo,,, -siemens s7-300,,,,,OOO,,, -siemens s7-300,,,,,oooo,,, -siemens s7-300,,,,,OOOO,,, -siemens s7-300,,,,,ooooo,,, -siemens s7-300,,,,,OOOOO,,, -siemens s7-300,,,,,oooooo,,, -siemens s7-300,,,,,OOOOOO,,, -siemens s7-300,,,,,ooooooo,,, -siemens s7-300,,,,,OOOOOOO,,, -siemens s7-300,,,,,oooooooo,,, -siemens s7-300,,,,,OOOOOOOO,,, -siemens s7-300,,,,,op3n,,, -siemens s7-300,,,,,operator,,, -siemens s7-300,,,,,OPERATOR,,, -siemens s7-300,,,,,Opto,,, -siemens s7-300,,,,,OPTO,,, -siemens s7-300,,,,,owner,,, -siemens s7-300,,,,,OWNER,,, -siemens s7-300,,,,,p,,, -siemens s7-300,,,,,P,,, -siemens s7-300,,,,,P@55w0rd!,,, -siemens s7-300,,,,,pas,,, -siemens s7-300,,,,,PAS,,, -siemens s7-300,,,,,pass,,, -siemens s7-300,,,,,PASS,,, -siemens s7-300,,,,,PASSAGE,,, -siemens s7-300,,,,,passage,,, -siemens s7-300,,,,,passw,,, -siemens s7-300,,,,,PASSW,,, -siemens s7-300,,,,,passwd,,, -siemens s7-300,,,,,PASSWD,,, -siemens s7-300,,,,,passwo,,, -siemens s7-300,,,,,PASSWO,,, -siemens s7-300,,,,,passwor,,, -siemens s7-300,,,,,PASSWOR,,, -siemens s7-300,,,,,password,,, -siemens s7-300,,,,,PASSWORD,,, -siemens s7-300,,,,,pat,,, -siemens s7-300,,,,,PAT,,, -siemens s7-300,,,,,paterna,,, -siemens s7-300,,,,,PATERNA,,, -siemens s7-300,,,,,patrick,,, -siemens s7-300,,,,,PATRICK,,, -siemens s7-300,,,,,patrol,,, -siemens s7-300,,,,,PATROL,,, -siemens s7-300,,,,,PBX,,, -siemens s7-300,,,,,pbxk1064,,, -siemens s7-300,,,,,PBXK1064,,, -siemens s7-300,,,,,pcs7,,, -siemens s7-300,,,,,PCS7,,, -siemens s7-300,,,,,pentium,,, -siemens s7-300,,,,,PENTIUM,,, -siemens s7-300,,,,,pento,,, -siemens s7-300,,,,,PENTO,,, -siemens s7-300,,,,,pepper,,, -siemens s7-300,,,,,PEPPER,,, -siemens s7-300,,,,,pepsi,,, -siemens s7-300,,,,,PEPSI,,, -siemens s7-300,,,,,permit,,, -siemens s7-300,,,,,PERMIT,,, -siemens s7-300,,,,,personal,,, -siemens s7-300,,,,,PERSONAL,,, -siemens s7-300,,,,,pfsense,,, -siemens s7-300,,,,,PFSENSE,,, -siemens s7-300,,,,,photonix,,, -siemens s7-300,,,,,PHOTONIX,,, -siemens s7-300,,,,,pilou,,, -siemens s7-300,,,,,PILOU,,, -siemens s7-300,,,,,piranha,,, -siemens s7-300,,,,,PIRANHA,,, -siemens s7-300,,,,,plc,,, -siemens s7-300,,,,,PLC,,, -siemens s7-300,,,,,plcsim,,, -siemens s7-300,,,,,PLCSIM,,, -siemens s7-300,,,,,PlsChgMe,,, -siemens s7-300,,,,,poerty,,, -siemens s7-300,,,,,POERTY,,, -siemens s7-300,,,,,policy,,, -siemens s7-300,,,,,POLICY,,, -siemens s7-300,,,,,Posterie,,, -siemens s7-300,,,,,POSTERIE,,, -siemens s7-300,,,,,power,,, -siemens s7-300,,,,,POWER,,, -siemens s7-300,,,,,pp,,, -siemens s7-300,,,,,PP,,, -siemens s7-300,,,,,ppp,,, -siemens s7-300,,,,,PPP,,, -siemens s7-300,,,,,pppp,,, -siemens s7-300,,,,,PPPP,,, -siemens s7-300,,,,,ppppp,,, -siemens s7-300,,,,,PPPPP,,, -siemens s7-300,,,,,pppppp,,, -siemens s7-300,,,,,PPPPPP,,, -siemens s7-300,,,,,ppppppp,,, -siemens s7-300,,,,,PPPPPPP,,, -siemens s7-300,,,,,pppppppp,,, -siemens s7-300,,,,,PPPPPPPP,,, -siemens s7-300,,,,,princess,,, -siemens s7-300,,,,,PRINCESS,,, -siemens s7-300,,,,,private,,, -siemens s7-300,,,,,PRIVATE,,, -siemens s7-300,,,,,proddta,,, -siemens s7-300,,,,,PRODDTA,,, -siemens s7-300,,,,,profibus,,, -siemens s7-300,,,,,PROFIBUS,,, -siemens s7-300,,,,,Protector,,, -siemens s7-300,,,,,PROTECTOR,,, -siemens s7-300,,,,,protool,,, -siemens s7-300,,,,,PROTOOL,,, -siemens s7-300,,,,,public,,, -siemens s7-300,,,,,PUBLIC,,, -siemens s7-300,,,,,pusy,,, -siemens s7-300,,,,,PUSY,,, -siemens s7-300,,,,,pw123,,, -siemens s7-300,,,,,PW123,,, -siemens s7-300,,,,,pwd,,, -siemens s7-300,,,,,PWD,,, -siemens s7-300,,,,,q,,, -siemens s7-300,,,,,Q,,, -siemens s7-300,,,,,qawsed,,, -siemens s7-300,,,,,qq,,, -siemens s7-300,,,,,QQ,,, -siemens s7-300,,,,,qq520,,, -siemens s7-300,,,,,QQ520,,, -siemens s7-300,,,,,qqq,,, -siemens s7-300,,,,,QQQ,,, -siemens s7-300,,,,,qqqq,,, -siemens s7-300,,,,,QQQQ,,, -siemens s7-300,,,,,qqqqq,,, -siemens s7-300,,,,,QQQQQ,,, -siemens s7-300,,,,,qqqqqq,,, -siemens s7-300,,,,,QQQQQQ,,, -siemens s7-300,,,,,qqqqqqq,,, -siemens s7-300,,,,,QQQQQQQ,,, -siemens s7-300,,,,,qqqqqqqq,,, -siemens s7-300,,,,,QQQQQQQQ,,, -siemens s7-300,,,,,qwe,,, -siemens s7-300,,,,,qwer,,, -siemens s7-300,,,,,QWER,,, -siemens s7-300,,,,,QWERT,,, -siemens s7-300,,,,,qwerty,,, -siemens s7-300,,,,,QWERTY,,, -siemens s7-300,,,,,qwerty1,,, -siemens s7-300,,,,,qwertyu,,, -siemens s7-300,,,,,QWERTYU,,, -siemens s7-300,,,,,qwertyui,,, -siemens s7-300,,,,,QWERTYUI,,, -siemens s7-300,,,,,r,,, -siemens s7-300,,,,,R,,, -siemens s7-300,,,,,r@p8p0r+,,, -siemens s7-300,,,,,R1QTPS,,, -siemens s7-300,,,,,rade0n,,, -siemens s7-300,,,,,RADE0N,,, -siemens s7-300,,,,,RADEON,,, -siemens s7-300,,,,,radius,,, -siemens s7-300,,,,,RADIUS,,, -siemens s7-300,,,,,radware,,, -siemens s7-300,,,,,RADWARE,,, -siemens s7-300,,,,,rdfhnbhf,,, -siemens s7-300,,,,,RDFHNBHF,,, -siemens s7-300,,,,,recovery,,, -siemens s7-300,,,,,RECOVERY,,, -siemens s7-300,,,,,rego,,, -siemens s7-300,,,,,REGO,,, -siemens s7-300,,,,,remote,,, -siemens s7-300,,,,,REMOTE,,, -siemens s7-300,,,,,rip000,,, -siemens s7-300,,,,,RIP000,,, -siemens s7-300,,,,,rittal,,, -siemens s7-300,,,,,RITTAL,,, -siemens s7-300,,,,,robele,,, -siemens s7-300,,,,,ROBELLE,,, -siemens s7-300,,,,,root,,, -siemens s7-300,,,,,ROOT,,, -siemens s7-300,,,,,ROOT500,,, -siemens s7-300,,,,,router,,, -siemens s7-300,,,,,ROUTER,,, -siemens s7-300,,,,,rr,,, -siemens s7-300,,,,,RR,,, -siemens s7-300,,,,,rrr,,, -siemens s7-300,,,,,RRR,,, -siemens s7-300,,,,,rrrr,,, -siemens s7-300,,,,,RRRR,,, -siemens s7-300,,,,,rrrrr,,, -siemens s7-300,,,,,RRRRR,,, -siemens s7-300,,,,,rrrrrr,,, -siemens s7-300,,,,,RRRRRR,,, -siemens s7-300,,,,,rrrrrrr,,, -siemens s7-300,,,,,RRRRRRR,,, -siemens s7-300,,,,,rrrrrrrr,,, -siemens s7-300,,,,,RRRRRRRR,,, -siemens s7-300,,,,,rs4igoy,,, -siemens s7-300,,,,,RS4IGOY,,, -siemens s7-300,,,,,RSX,,, -siemens s7-300,,,,,rtyhn,,, -siemens s7-300,,,,,RTYHN,,, -siemens s7-300,,,,,run-p,,, -siemens s7-300,,,,,RUN-P,,, -siemens s7-300,,,,,russia,,, -siemens s7-300,,,,,RUSSIA,,, -siemens s7-300,,,,,rwmaint,,, -siemens s7-300,,,,,RWMAINT,,, -siemens s7-300,,,,,s,,, -siemens s7-300,,,,,S,,, -siemens s7-300,,,,,s7,,, -siemens s7-300,,,,,S7,,, -siemens s7-300,,,,,s7-300,,, -siemens s7-300,,,,,S7-300,,, -siemens s7-300,,,,,s7-400,,, -siemens s7-300,,,,,S7-400,,, -siemens s7-300,,,,,scout,,, -siemens s7-300,,,,,SCOUT,,, -siemens s7-300,,,,,search,,, -siemens s7-300,,,,,SEARCH,,, -siemens s7-300,,,,,secret,,, -siemens s7-300,,,,,SECRET,,, -siemens s7-300,,,,,secure,,, -siemens s7-300,,,,,SECURE,,, -siemens s7-300,,,,,security,,, -siemens s7-300,,,,,SECURITY,,, -siemens s7-300,,,,,sekret,,, -siemens s7-300,,,,,SEKRET,,, -siemens s7-300,,,,,Sensor,,, -siemens s7-300,,,,,serco,,, -siemens s7-300,,,,,SERCO,,, -siemens s7-300,,,,,serial#,,, -siemens s7-300,,,,,serovox,,, -siemens s7-300,,,,,SEROVOX,,, -siemens s7-300,,,,,server,,, -siemens s7-300,,,,,SERVER,,, -siemens s7-300,,,,,SESAME,,, -siemens s7-300,,,,,setherco,,, -siemens s7-300,,,,,SETHERCO,,, -siemens s7-300,,,,,setup,,, -siemens s7-300,,,,,SETUP,,, -siemens s7-300,,,,,sex,,, -siemens s7-300,,,,,SEX,,, -siemens s7-300,,,,,sgena,,, -siemens s7-300,,,,,SGENA,,, -siemens s7-300,,,,,sgilent,,, -siemens s7-300,,,,,SGILENT,,, -siemens s7-300,,,,,shadow,,, -siemens s7-300,,,,,SHADOW,,, -siemens s7-300,,,,,Sharp,,, -siemens s7-300,,,,,sicostart,,, -siemens s7-300,,,,,SICOSTART,,, -siemens s7-300,,,,,siemens,,, -siemens s7-300,,,,,SIEMENS,,, -siemens s7-300,,,,,simatic,,, -siemens s7-300,,,,,SIMATIC,,, -siemens s7-300,,,,,simens,,, -siemens s7-300,,,,,SIMENS,,, -siemens s7-300,,,,,simo,,, -siemens s7-300,,,,,SIMO,,, -siemens s7-300,,,,,simocode,,, -siemens s7-300,,,,,SIMOCODE,,, -siemens s7-300,,,,,simoreg,,, -siemens s7-300,,,,,SIMOREG,,, -siemens s7-300,,,,,simovert,,, -siemens s7-300,,,,,SIMOVERT,,, -siemens s7-300,,,,,simtec,,, -siemens s7-300,,,,,SIMTEC,,, -siemens s7-300,,,,,sirborn,,, -siemens s7-300,,,,,SIRBORN,,, -siemens s7-300,,,,,sitop,,, -siemens s7-300,,,,,SITOP,,, -siemens s7-300,,,,,SKY_FOX,,, -siemens s7-300,,,,,slave,,, -siemens s7-300,,,,,SLAVE,,, -siemens s7-300,,,,,slipknot,,, -siemens s7-300,,,,,SLIPKNOT,,, -siemens s7-300,,,,,SMDR,,, -siemens s7-300,,,,,smile,,, -siemens s7-300,,,,,SMILE,,, -siemens s7-300,,,,,smuser,,, -siemens s7-300,,,,,SMUSER,,, -siemens s7-300,,,,,snoopy,,, -siemens s7-300,,,,,SNOOPY,,, -siemens s7-300,,,,,soccer,,, -siemens s7-300,,,,,SOCCER,,, -siemens s7-300,,,,,solution,,, -siemens s7-300,,,,,SOLUTION,,, -siemens s7-300,,,,,SpIp,,, -siemens s7-300,,,,,ss,,, -siemens s7-300,,,,,SS,,, -siemens s7-300,,,,,SSA,,, -siemens s7-300,,,,,sss,,, -siemens s7-300,,,,,SSS,,, -siemens s7-300,,,,,ssss,,, -siemens s7-300,,,,,SSSS,,, -siemens s7-300,,,,,sssss,,, -siemens s7-300,,,,,SSSSS,,, -siemens s7-300,,,,,ssssss,,, -siemens s7-300,,,,,SSSSSS,,, -siemens s7-300,,,,,sssssss,,, -siemens s7-300,,,,,SSSSSSS,,, -siemens s7-300,,,,,ssssssss,,, -siemens s7-300,,,,,SSSSSSSS,,, -siemens s7-300,,,,,stan,,, -siemens s7-300,,,,,STAN,,, -siemens s7-300,,,,,star,,, -siemens s7-300,,,,,STAR,,, -siemens s7-300,,,,,starwar,,, -siemens s7-300,,,,,STARWAR,,, -siemens s7-300,,,,,step5,,, -siemens s7-300,,,,,STEP5,,, -siemens s7-300,,,,,step7,,, -siemens s7-300,,,,,STEP7,,, -siemens s7-300,,,,,stimpy,,, -siemens s7-300,,,,,STIMPY,,, -siemens s7-300,,,,,stl,,, -siemens s7-300,,,,,STL,,, -siemens s7-300,,,,,stop,,, -siemens s7-300,,,,,STOP,,, -siemens s7-300,,,,,ststic,,, -siemens s7-300,,,,,STSTIC,,, -siemens s7-300,,,,,summer,,, -siemens s7-300,,,,,SUMMER,,, -siemens s7-300,,,,,sunrise,,, -siemens s7-300,,,,,SUNRISE,,, -siemens s7-300,,,,,Super,,, -siemens s7-300,,,,,superid,,, -siemens s7-300,,,,,SUPERID,,, -siemens s7-300,,,,,superman,,, -siemens s7-300,,,,,SUPERMAN,,, -siemens s7-300,,,,,support,,, -siemens s7-300,,,,,SUPPORT,,, -siemens s7-300,,,,,surt,,, -siemens s7-300,,,,,SURT,,, -siemens s7-300,,,,,switch,,, -siemens s7-300,,,,,SWITCH,,, -siemens s7-300,,,,,sybase,,, -siemens s7-300,,,,,SYBASE,,, -siemens s7-300,,,,,Symbol,,, -siemens s7-300,,,,,SYMBOL,,, -siemens s7-300,,,,,synnet,,, -siemens s7-300,,,,,SYNNET,,, -siemens s7-300,,,,,sysadm,,, -siemens s7-300,,,,,SYSADM,,, -siemens s7-300,,,,,SYSDISC,,, -siemens s7-300,,,,,sysdisk,,, -siemens s7-300,,,,,system,,, -siemens s7-300,,,,,SYSTEM,,, -siemens s7-300,,,,,t,,, -siemens s7-300,,,,,T,,, -siemens s7-300,,,,,talent,,, -siemens s7-300,,,,,TALENT,,, -siemens s7-300,,,,,TALINUZ,,, -siemens s7-300,,,,,talisman,,, -siemens s7-300,,,,,TALISMAN,,, -siemens s7-300,,,,,TANDBERG,,, -siemens s7-300,,,,,TCH,,, -siemens s7-300,,,,,tech,,, -siemens s7-300,,,,,TECH,,, -siemens s7-300,,,,,telco,,, -siemens s7-300,,,,,TELCO,,, -siemens s7-300,,,,,telecom,,, -siemens s7-300,,,,,Telecom,,, -siemens s7-300,,,,,TELECOM,,, -siemens s7-300,,,,,telesup,,, -siemens s7-300,,,,,TELESUP,,, -siemens s7-300,,,,,tellabs#1,,, -siemens s7-300,,,,,telus,,, -siemens s7-300,,,,,TELUS,,, -siemens s7-300,,,,,temp,,, -siemens s7-300,,,,,TEMP,,, -siemens s7-300,,,,,temp123,,, -siemens s7-300,,,,,TEMP123,,, -siemens s7-300,,,,,test,,, -siemens s7-300,,,,,TEST,,, -siemens s7-300,,,,,test123,,, -siemens s7-300,,,,,TEST123,,, -siemens s7-300,,,,,thomas,,, -siemens s7-300,,,,,Thomas,,, -siemens s7-300,,,,,THOMAS,,, -siemens s7-300,,,,,tiaranet,,, -siemens s7-300,,,,,TIARANET,,, -siemens s7-300,,,,,tiger123,,, -siemens s7-300,,,,,TIGER123,,, -siemens s7-300,,,,,timely,,, -siemens s7-300,,,,,TIMELY,,, -siemens s7-300,,,,,tini,,, -siemens s7-300,,,,,TINI,,, -siemens s7-300,,,,,tivonpw,,, -siemens s7-300,,,,,TIVONPW,,, -siemens s7-300,,,,,tjm,,, -siemens s7-300,,,,,TJM,,, -siemens s7-300,,,,,tlah,,, -siemens s7-300,,,,,TLAH,,, -siemens s7-300,,,,,toolset,,, -siemens s7-300,,,,,TOOLSET,,, -siemens s7-300,,,,,trancell,,, -siemens s7-300,,,,,TRANCELL,,, -siemens s7-300,,,,,tratata,,, -siemens s7-300,,,,,TRATATA,,, -siemens s7-300,,,,,tslinux,,, -siemens s7-300,,,,,TSLINUX,,, -siemens s7-300,,,,,tt,,, -siemens s7-300,,,,,TT,,, -siemens s7-300,,,,,ttt,,, -siemens s7-300,,,,,TTT,,, -siemens s7-300,,,,,tttt,,, -siemens s7-300,,,,,TTTT,,, -siemens s7-300,,,,,ttttt,,, -siemens s7-300,,,,,TTTTT,,, -siemens s7-300,,,,,tttttt,,, -siemens s7-300,,,,,TTTTTT,,, -siemens s7-300,,,,,ttttttt,,, -siemens s7-300,,,,,TTTTTTT,,, -siemens s7-300,,,,,tttttttt,,, -siemens s7-300,,,,,TTTTTTTT,,, -siemens s7-300,,,,,tuborg,,, -siemens s7-300,,,,,TUBORG,,, -siemens s7-300,,,,,tuxalize,,, -siemens s7-300,,,,,TUXALIZE,,, -siemens s7-300,,,,,tx100,,, -siemens s7-300,,,,,TX100,,, -siemens s7-300,,,,,u,,, -siemens s7-300,,,,,U,,, -siemens s7-300,,,,,uplink,,, -siemens s7-300,,,,,UPLINK,,, -siemens s7-300,,,,,user,,, -siemens s7-300,,,,,USER,,, -siemens s7-300,,,,,uu,,, -siemens s7-300,,,,,UU,,, -siemens s7-300,,,,,uuu,,, -siemens s7-300,,,,,UUU,,, -siemens s7-300,,,,,uuuu,,, -siemens s7-300,,,,,UUUU,,, -siemens s7-300,,,,,uuuuu,,, -siemens s7-300,,,,,UUUUU,,, -siemens s7-300,,,,,uuuuuu,,, -siemens s7-300,,,,,UUUUUU,,, -siemens s7-300,,,,,uuuuuuu,,, -siemens s7-300,,,,,UUUUUUU,,, -siemens s7-300,,,,,uuuuuuuu,,, -siemens s7-300,,,,,UUUUUUUU,,, -siemens s7-300,,,,,v,,, -siemens s7-300,,,,,V,,, -siemens s7-300,,,,,vesoft,,, -siemens s7-300,,,,,VESOFT,,, -siemens s7-300,,,,,visual,,, -siemens s7-300,,,,,VISUAL,,, -siemens s7-300,,,,,vjqgfhjkm,,, -siemens s7-300,,,,,VJQGFHJKM,,, -siemens s7-300,,,,,vodka,,, -siemens s7-300,,,,,VODKA,,, -siemens s7-300,,,,,volition,,, -siemens s7-300,,,,,VOLITION,,, -siemens s7-300,,,,,vv,,, -siemens s7-300,,,,,VV,,, -siemens s7-300,,,,,vvv,,, -siemens s7-300,,,,,VVV,,, -siemens s7-300,,,,,vvvv,,, -siemens s7-300,,,,,VVVV,,, -siemens s7-300,,,,,vvvvv,,, -siemens s7-300,,,,,VVVVV,,, -siemens s7-300,,,,,vvvvvv,,, -siemens s7-300,,,,,VVVVVV,,, -siemens s7-300,,,,,vvvvvvv,,, -siemens s7-300,,,,,VVVVVVV,,, -siemens s7-300,,,,,vvvvvvvv,,, -siemens s7-300,,,,,VVVVVVVV,,, -siemens s7-300,,,,,w,,, -siemens s7-300,,,,,W,,, -siemens s7-300,,,,,W9F3,,, -siemens s7-300,,,,,webadmin,,, -siemens s7-300,,,,,WEBADMIN,,, -siemens s7-300,,,,,win,,, -siemens s7-300,,,,,WIN,,, -siemens s7-300,,,,,wincc,,, -siemens s7-300,,,,,WINCC,,, -siemens s7-300,,,,,winterm,,, -siemens s7-300,,,,,WINTERM,,, -siemens s7-300,,,,,Wireless,,, -siemens s7-300,,,,,WIRELESS,,, -siemens s7-300,,,,,wizard,,, -siemens s7-300,,,,,WIZARD,,, -siemens s7-300,,,,,wlsedb,,, -siemens s7-300,,,,,WLSEDB,,, -siemens s7-300,,,,,wolf,,, -siemens s7-300,,,,,WONF,,, -siemens s7-300,,,,,ww,,, -siemens s7-300,,,,,WW,,, -siemens s7-300,,,,,www,,, -siemens s7-300,,,,,WWW,,, -siemens s7-300,,,,,wwww,,, -siemens s7-300,,,,,WWWW,,, -siemens s7-300,,,,,wwwww,,, -siemens s7-300,,,,,WWWWW,,, -siemens s7-300,,,,,wwwwww,,, -siemens s7-300,,,,,WWWWWW,,, -siemens s7-300,,,,,wwwwwww,,, -siemens s7-300,,,,,WWWWWWW,,, -siemens s7-300,,,,,wwwwwwww,,, -siemens s7-300,,,,,WWWWWWWW,,, -siemens s7-300,,,,,wyse,,, -siemens s7-300,,,,,WYSE,,, -siemens s7-300,,,,,x,,, -siemens s7-300,,,,,X,,, -siemens s7-300,,,,,x40rocks,,, -siemens s7-300,,,,,X40ROCKS,,, -siemens s7-300,,,,,x-admin,,, -siemens s7-300,,,,,X-ADMIN,,, -siemens s7-300,,,,,xbox,,, -siemens s7-300,,,,,XBOX,,, -siemens s7-300,,,,,xlserver,,, -siemens s7-300,,,,,XLSERVER,,, -siemens s7-300,,,,,xx,,, -siemens s7-300,,,,,XX,,, -siemens s7-300,,,,,xxx,,, -siemens s7-300,,,,,XXX,,, -siemens s7-300,,,,,xxxx,,, -siemens s7-300,,,,,XXXX,,, -siemens s7-300,,,,,xxxxx,,, -siemens s7-300,,,,,XXXXX,,, -siemens s7-300,,,,,xxxxxx,,, -siemens s7-300,,,,,XXXXXX,,, -siemens s7-300,,,,,xxxxxxx,,, -siemens s7-300,,,,,XXXXXXX,,, -siemens s7-300,,,,,xxxxxxxx,,, -siemens s7-300,,,,,XXXXXXXX,,, -siemens s7-300,,,,,xxyyzz,,, -siemens s7-300,,,,,XXYYZZ,,, -siemens s7-300,,,,,y,,, -siemens s7-300,,,,,Y,,, -siemens s7-300,,,,,yxcv,,, -siemens s7-300,,,,,YXCV,,, -siemens s7-300,,,,,yy,,, -siemens s7-300,,,,,YY,,, -siemens s7-300,,,,,yyy,,, -siemens s7-300,,,,,YYY,,, -siemens s7-300,,,,,yyyy,,, -siemens s7-300,,,,,YYYY,,, -siemens s7-300,,,,,yyyyy,,, -siemens s7-300,,,,,YYYYY,,, -siemens s7-300,,,,,yyyyyy,,, -siemens s7-300,,,,,YYYYYY,,, -siemens s7-300,,,,,yyyyyyy,,, -siemens s7-300,,,,,YYYYYYY,,, -siemens s7-300,,,,,yyyyyyyy,,, -siemens s7-300,,,,,YYYYYYYY,,, -siemens s7-300,,,,,z,,, -siemens s7-300,,,,,Z,,, -siemens s7-300,,,,,z0ne,,, -siemens s7-300,,,,,Z0NE,,, -siemens s7-300,,,,,zettler,,, -siemens s7-300,,,,,ZETTLER,,, -siemens s7-300,,,,,zippo,,, -siemens s7-300,,,,,ZIPPO,,, -siemens s7-300,,,,,zone,,, -siemens s7-300,,,,,ZONE,,, -siemens s7-300,,,,,zoomadsl,,, -siemens s7-300,,,,,ZOOMADSL,,, -siemens s7-300,,,,,zorro,,, -siemens s7-300,,,,,ZORRO,,, -siemens s7-300,,,,,zorromen,,, -siemens s7-300,,,,,ZORROMEN,,, -siemens s7-300,,,,,zxc,,, -siemens s7-300,,,,,ZXC,,, -siemens s7-300,,,,,zxcv,,, -siemens s7-300,,,,,ZXCV,,, -siemens s7-300,,,,,zxcvb,,, -siemens s7-300,,,,,ZXCVB,,, -siemens s7-300,,,,,zxcvbn,,, -siemens s7-300,,,,,ZXCVBN,,, -siemens s7-300,,,,,zxcvbnm,,, -siemens s7-300,,,,,ZXCVBNM,,, -siemens s7-300,,,,,zxcvbnm,,,, -siemens s7-300,,,,,ZXCVBNM,,,, -siemens s7-300,,,,,zz,,, -siemens s7-300,,,,,ZZ,,, -siemens s7-300,,,,,zzz,,, -siemens s7-300,,,,,ZZZ,,, -siemens s7-300,,,,,zzzz,,, -siemens s7-300,,,,,ZZZZ,,, -siemens s7-300,,,,,zzzzz,,, -siemens s7-300,,,,,ZZZZZ,,, -siemens s7-300,,,,,zzzzzz,,, -siemens s7-300,,,,,ZZZZZZ,,, -siemens s7-300,,,,,zzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZ,,, -siemens s7-300,,,,,zzzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZZ,,, diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv index 7d7ce82..8edeb41 100755 --- a/dpl4hydra_local.csv +++ b/dpl4hydra_local.csv @@ -5476,7 +5476,7 @@ planet,Adsl router,,,admin,epicrouter,,, planet,Adsl router,,Multi,admin,epicrouter,,, planet,Akcess Point,,HTTP,admin,admin,Admin,, planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, -planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,,admin,<> just hit ENTER ,,, planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, planet,GRT-501,,http,root,root,full,, planet,WAP-1900/1950/2000,,2.5.0,,default,,, @@ -5880,6 +5880,1890 @@ siemens nixdorf,ROLM PBX,,,admin,pwp,,, siemens nixdorf,ROLM PBX,,,eng,engineer,,, siemens nixdorf,ROLM PBX,,,op,operator,,, siemens nixdorf,ROLM PBX,,,su,super,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZZ,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,zzzzzzzz,,, siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, siemens,APACS,,ACM Controller,,gubed,,, siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, @@ -6916,1893 +8800,3 @@ zyxel,Zywall,,Multi,admin,1234,Admin,, zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, -siemens s7-300,,,,,',,, -siemens s7-300,,,,,'',,, -siemens s7-300,,,,,''',,, -siemens s7-300,,,,,'''',,, -siemens s7-300,,,,,''''',,, -siemens s7-300,,,,,'''''',,, -siemens s7-300,,,,,''''''',,, -siemens s7-300,,,,,'''''''',,, -siemens s7-300,,,,,-,,, -siemens s7-300,,,,,--,,, -siemens s7-300,,,,,---,,, -siemens s7-300,,,,,----,,, -siemens s7-300,,,,,-----,,, -siemens s7-300,,,,,------,,, -siemens s7-300,,,,,-------,,, -siemens s7-300,,,,,--------,,, -siemens s7-300,,,,,!manage,,, -siemens s7-300,,,,,!MANAGE,,, -siemens s7-300,,,,,$secure$,,, -siemens s7-300,,,,,*,,, -siemens s7-300,,,,,**,,, -siemens s7-300,,,,,***,,, -siemens s7-300,,,,,****,,, -siemens s7-300,,,,,*****,,, -siemens s7-300,,,,,******,,, -siemens s7-300,,,,,*******,,, -siemens s7-300,,,,,********,,, -siemens s7-300,,,,,,,,, -siemens s7-300,,,,,,,,,, -siemens s7-300,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,,, -siemens s7-300,,,,,.,,, -siemens s7-300,,,,,..,,, -siemens s7-300,,,,,...,,, -siemens s7-300,,,,,....,,, -siemens s7-300,,,,,.....,,, -siemens s7-300,,,,,......,,, -siemens s7-300,,,,,.......,,, -siemens s7-300,,,,,........,,, -siemens s7-300,,,,,/,,, -siemens s7-300,,,,,//,,, -siemens s7-300,,,,,///,,, -siemens s7-300,,,,,////,,, -siemens s7-300,,,,,/////,,, -siemens s7-300,,,,,//////,,, -siemens s7-300,,,,,///////,,, -siemens s7-300,,,,,////////,,, -siemens s7-300,,,,,;,,, -siemens s7-300,,,,,;;,,, -siemens s7-300,,,,,;;;,,, -siemens s7-300,,,,,;;;;,,, -siemens s7-300,,,,,;;;;;,,, -siemens s7-300,,,,,;;;;;;,,, -siemens s7-300,,,,,;;;;;;;,,, -siemens s7-300,,,,,;;;;;;;;,,, -siemens s7-300,,,,,@#$123,,, -siemens s7-300,,,,,[,,, -siemens s7-300,,,,,[[,,, -siemens s7-300,,,,,[[[,,, -siemens s7-300,,,,,[[[[,,, -siemens s7-300,,,,,[[[[[,,, -siemens s7-300,,,,,[[[[[[,,, -siemens s7-300,,,,,[[[[[[[,,, -siemens s7-300,,,,,[[[[[[[[,,, -siemens s7-300,,,,,],,, -siemens s7-300,,,,,]],,, -siemens s7-300,,,,,]]],,, -siemens s7-300,,,,,]]]],,, -siemens s7-300,,,,,]]]]],,, -siemens s7-300,,,,,]]]]]],,, -siemens s7-300,,,,,]]]]]]],,, -siemens s7-300,,,,,]]]]]]]],,, -siemens s7-300,,,,,_Cisco,,, -siemens s7-300,,,,,`,,, -siemens s7-300,,,,,``,,, -siemens s7-300,,,,,```,,, -siemens s7-300,,,,,````,,, -siemens s7-300,,,,,`````,,, -siemens s7-300,,,,,``````,,, -siemens s7-300,,,,,```````,,, -siemens s7-300,,,,,````````,,, -siemens s7-300,,,,,+,,, -siemens s7-300,,,,,++,,, -siemens s7-300,,,,,+++,,, -siemens s7-300,,,,,++++,,, -siemens s7-300,,,,,+++++,,, -siemens s7-300,,,,,++++++,,, -siemens s7-300,,,,,+++++++,,, -siemens s7-300,,,,,++++++++,,, -siemens s7-300,,,,,=,,, -siemens s7-300,,,,,==,,, -siemens s7-300,,,,,===,,, -siemens s7-300,,,,,====,,, -siemens s7-300,,,,,=====,,, -siemens s7-300,,,,,======,,, -siemens s7-300,,,,,=======,,, -siemens s7-300,,,,,========,,, -siemens s7-300,,,,,0,,, -siemens s7-300,,,,,00,,, -siemens s7-300,,,,,000,,, -siemens s7-300,,,,,0000,,, -siemens s7-300,,,,,00000,,, -siemens s7-300,,,,,000000,,, -siemens s7-300,,,,,0000000,,, -siemens s7-300,,,,,00000000,,, -siemens s7-300,,,,,00000001,,, -siemens s7-300,,,,,0000001,,, -siemens s7-300,,,,,000001,,, -siemens s7-300,,,,,00001,,, -siemens s7-300,,,,,0001,,, -siemens s7-300,,,,,001,,, -siemens s7-300,,,,,050952,,, -siemens s7-300,,,,,0P3N,,, -siemens s7-300,,,,,1,,, -siemens s7-300,,,,,100,,, -siemens s7-300,,,,,1000,,, -siemens s7-300,,,,,10000,,, -siemens s7-300,,,,,100000,,, -siemens s7-300,,,,,1000000,,, -siemens s7-300,,,,,10000000,,, -siemens s7-300,,,,,10041979,,, -siemens s7-300,,,,,1064,,, -siemens s7-300,,,,,11,,, -siemens s7-300,,,,,111,,, -siemens s7-300,,,,,1111,,, -siemens s7-300,,,,,11111,,, -siemens s7-300,,,,,111111,,, -siemens s7-300,,,,,1111111,,, -siemens s7-300,,,,,11111111,,, -siemens s7-300,,,,,11112222,,, -siemens s7-300,,,,,112233,,, -siemens s7-300,,,,,11223344,,, -siemens s7-300,,,,,123,,, -siemens s7-300,,,,,123123,,, -siemens s7-300,,,,,12314500,,, -siemens s7-300,,,,,123321,,, -siemens s7-300,,,,,1234,,, -siemens s7-300,,,,,12344321,,, -siemens s7-300,,,,,12345,,, -siemens s7-300,,,,,123456,,, -siemens s7-300,,,,,1234567,,, -siemens s7-300,,,,,12345678,,, -siemens s7-300,,,,,12348765,,, -siemens s7-300,,,,,123654,,, -siemens s7-300,,,,,123asd,,, -siemens s7-300,,,,,123ASD,,, -siemens s7-300,,,,,123qwe,,, -siemens s7-300,,,,,123QWE,,, -siemens s7-300,,,,,1246,,, -siemens s7-300,,,,,128bit,,, -siemens s7-300,,,,,128BIT,,, -siemens s7-300,,,,,1313,,, -siemens s7-300,,,,,1502,,, -siemens s7-300,,,,,151298,,, -siemens s7-300,,,,,166816,,, -siemens s7-300,,,,,180497,,, -siemens s7-300,,,,,1890agb,,, -siemens s7-300,,,,,1890AGB,,, -siemens s7-300,,,,,1954,,, -siemens s7-300,,,,,1G2W3E,,, -siemens s7-300,,,,,1q2w3e,,, -siemens s7-300,,,,,2,,, -siemens s7-300,,,,,21,,, -siemens s7-300,,,,,21241036,,, -siemens s7-300,,,,,2128506,,, -siemens s7-300,,,,,22,,, -siemens s7-300,,,,,222,,, -siemens s7-300,,,,,2222,,, -siemens s7-300,,,,,22222,,, -siemens s7-300,,,,,222222,,, -siemens s7-300,,,,,2222222,,, -siemens s7-300,,,,,22222222,,, -siemens s7-300,,,,,266344,,, -siemens s7-300,,,,,281067,,, -siemens s7-300,,,,,281068,,, -siemens s7-300,,,,,2BW9,,, -siemens s7-300,,,,,2WSXcder,,, -siemens s7-300,,,,,3,,, -siemens s7-300,,,,,31994,,, -siemens s7-300,,,,,321,,, -siemens s7-300,,,,,33,,, -siemens s7-300,,,,,333,,, -siemens s7-300,,,,,3333,,, -siemens s7-300,,,,,33333,,, -siemens s7-300,,,,,333333,,, -siemens s7-300,,,,,3333333,,, -siemens s7-300,,,,,33333333,,, -siemens s7-300,,,,,3477,,, -siemens s7-300,,,,,355025,,, -siemens s7-300,,,,,3597,,, -siemens s7-300,,,,,3ascotel,,, -siemens s7-300,,,,,3ASCOTEL,,, -siemens s7-300,,,,,3ep5w2u,,, -siemens s7-300,,,,,3orro,,, -siemens s7-300,,,,,3ORRO,,, -siemens s7-300,,,,,3ware,,, -siemens s7-300,,,,,3WARE,,, -siemens s7-300,,,,,4,,, -siemens s7-300,,,,,42296795,,, -siemens s7-300,,,,,4321,,, -siemens s7-300,,,,,44,,, -siemens s7-300,,,,,444,,, -siemens s7-300,,,,,4444,,, -siemens s7-300,,,,,44444,,, -siemens s7-300,,,,,444444,,, -siemens s7-300,,,,,4444444,,, -siemens s7-300,,,,,44444444,,, -siemens s7-300,,,,,4ert,,, -siemens s7-300,,,,,4ERT,,, -siemens s7-300,,,,,4G5K,,, -siemens s7-300,,,,,4G7S,,, -siemens s7-300,,,,,4getme2,,, -siemens s7-300,,,,,4tas,,, -siemens s7-300,,,,,4TAS,,, -siemens s7-300,,,,,5,,, -siemens s7-300,,,,,5001,,, -siemens s7-300,,,,,5150,,, -siemens s7-300,,,,,5201314,,, -siemens s7-300,,,,,54321,,, -siemens s7-300,,,,,55,,, -siemens s7-300,,,,,55055,,, -siemens s7-300,,,,,555,,, -siemens s7-300,,,,,5555,,, -siemens s7-300,,,,,55555,,, -siemens s7-300,,,,,555555,,, -siemens s7-300,,,,,5555555,,, -siemens s7-300,,,,,55555555,,, -siemens s7-300,,,,,56789,,, -siemens s7-300,,,,,5693,,, -siemens s7-300,,,,,5777364,,, -siemens s7-300,,,,,5860,,, -siemens s7-300,,,,,589589,,, -siemens s7-300,,,,,6,,, -siemens s7-300,,,,,60587,,, -siemens s7-300,,,,,654321,,, -siemens s7-300,,,,,66,,, -siemens s7-300,,,,,666,,, -siemens s7-300,,,,,6666,,, -siemens s7-300,,,,,66666,,, -siemens s7-300,,,,,666666,,, -siemens s7-300,,,,,6666666,,, -siemens s7-300,,,,,66666666,,, -siemens s7-300,,,,,66808920,,, -siemens s7-300,,,,,6969,,, -siemens s7-300,,,,,7,,, -siemens s7-300,,,,,7654321,,, -siemens s7-300,,,,,77,,, -siemens s7-300,,,,,777,,, -siemens s7-300,,,,,7777,,, -siemens s7-300,,,,,77777,,, -siemens s7-300,,,,,777777,,, -siemens s7-300,,,,,7777777,,, -siemens s7-300,,,,,77777777,,, -siemens s7-300,,,,,7SH4,,, -siemens s7-300,,,,,8,,, -siemens s7-300,,,,,8111,,, -siemens s7-300,,,,,8429,,, -siemens s7-300,,,,,851141,,, -siemens s7-300,,,,,86844,,, -siemens s7-300,,,,,8746550,,, -siemens s7-300,,,,,87654321,,, -siemens s7-300,,,,,88,,, -siemens s7-300,,,,,888,,, -siemens s7-300,,,,,8888,,, -siemens s7-300,,,,,88888,,, -siemens s7-300,,,,,888888,,, -siemens s7-300,,,,,8888888,,, -siemens s7-300,,,,,88888888,,, -siemens s7-300,,,,,88981684,,, -siemens s7-300,,,,,9,,, -siemens s7-300,,,,,901100,,, -siemens s7-300,,,,,99,,, -siemens s7-300,,,,,999,,, -siemens s7-300,,,,,9999,,, -siemens s7-300,,,,,99999,,, -siemens s7-300,,,,,999999,,, -siemens s7-300,,,,,9999999,,, -siemens s7-300,,,,,99999999,,, -siemens s7-300,,,,,9W5K,,, -siemens s7-300,,,,,a,,, -siemens s7-300,,,,,A,,, -siemens s7-300,,,,,a/d,,, -siemens s7-300,,,,,A/D,,, -siemens s7-300,,,,,aa,,, -siemens s7-300,,,,,AA,,, -siemens s7-300,,,,,aaa,,, -siemens s7-300,,,,,AAA,,, -siemens s7-300,,,,,aaaa,,, -siemens s7-300,,,,,AAAA,,, -siemens s7-300,,,,,aaaaa,,, -siemens s7-300,,,,,AAAAA,,, -siemens s7-300,,,,,aaaaaa,,, -siemens s7-300,,,,,AAAAAA,,, -siemens s7-300,,,,,aaaaaaa,,, -siemens s7-300,,,,,AAAAAAA,,, -siemens s7-300,,,,,aaaaaaaa,,, -siemens s7-300,,,,,AAAAAAAA,,, -siemens s7-300,,,,,aabbcc,,, -siemens s7-300,,,,,AABBCC,,, -siemens s7-300,,,,,aaeon,,, -siemens s7-300,,,,,AAEON,,, -siemens s7-300,,,,,aavid,,, -siemens s7-300,,,,,AAVID,,, -siemens s7-300,,,,,ab,,, -siemens s7-300,,,,,AB,,, -siemens s7-300,,,,,abb,,, -siemens s7-300,,,,,ABB,,, -siemens s7-300,,,,,abc,,, -siemens s7-300,,,,,ABC,,, -siemens s7-300,,,,,abc123,,, -siemens s7-300,,,,,ABC123,,, -siemens s7-300,,,,,abcd,,, -siemens s7-300,,,,,ABCD,,, -siemens s7-300,,,,,abcde,,, -siemens s7-300,,,,,ABCDE,,, -siemens s7-300,,,,,ABCDEF,,, -siemens s7-300,,,,,abcdefg,,, -siemens s7-300,,,,,ABCDEFG,,, -siemens s7-300,,,,,abcdefgh,,, -siemens s7-300,,,,,ABCDEFGH,,, -siemens s7-300,,,,,abelconn,,, -siemens s7-300,,,,,ABELCONN,,, -siemens s7-300,,,,,abov,,, -siemens s7-300,,,,,ABOV,,, -siemens s7-300,,,,,abracon,,, -siemens s7-300,,,,,ABRACON,,, -siemens s7-300,,,,,absopuls,,, -siemens s7-300,,,,,ABSOPULS,,, -siemens s7-300,,,,,abtech,,, -siemens s7-300,,,,,ABTECH,,, -siemens s7-300,,,,,abunlock,,, -siemens s7-300,,,,,ABUNLOCK,,, -siemens s7-300,,,,,acam,,, -siemens s7-300,,,,,ACAM,,, -siemens s7-300,,,,,acc,,, -siemens s7-300,,,,,ACC,,, -siemens s7-300,,,,,access,,, -siemens s7-300,,,,,ACCESS,,, -siemens s7-300,,,,,accord,,, -siemens s7-300,,,,,ACCORD,,, -siemens s7-300,,,,,acon,,, -siemens s7-300,,,,,ACON,,, -siemens s7-300,,,,,acopian,,, -siemens s7-300,,,,,ACOPIAN,,, -siemens s7-300,,,,,acp,,, -siemens s7-300,,,,,ACP,,, -siemens s7-300,,,,,actel,,, -siemens s7-300,,,,,ACTEL,,, -siemens s7-300,,,,,activex,,, -siemens s7-300,,,,,ACTIVEX,,, -siemens s7-300,,,,,adactus,,, -siemens s7-300,,,,,ADACTUS,,, -siemens s7-300,,,,,adam,,, -siemens s7-300,,,,,ADAM,,, -siemens s7-300,,,,,adc,,, -siemens s7-300,,,,,ADC,,, -siemens s7-300,,,,,adcdef,,, -siemens s7-300,,,,,adda,,, -siemens s7-300,,,,,ADDA,,, -siemens s7-300,,,,,adels,,, -siemens s7-300,,,,,ADELS,,, -siemens s7-300,,,,,adfexc,,, -siemens s7-300,,,,,ADFEXC,,, -siemens s7-300,,,,,adi,,, -siemens s7-300,,,,,ADI,,, -siemens s7-300,,,,,admin,,, -siemens s7-300,,,,,ADMIN,,, -siemens s7-300,,,,,admin123,,, -siemens s7-300,,,,,ADMIN123,,, -siemens s7-300,,,,,adminttd,,, -siemens s7-300,,,,,ADMINTTD,,, -siemens s7-300,,,,,adslroot,,, -siemens s7-300,,,,,ADSLROOT,,, -siemens s7-300,,,,,adtran,,, -siemens s7-300,,,,,ADTRAN,,, -siemens s7-300,,,,,advanced,,, -siemens s7-300,,,,,ADVANCED,,, -siemens s7-300,,,,,advantec,,, -siemens s7-300,,,,,ADVANTEC,,, -siemens s7-300,,,,,aeg mis,,, -siemens s7-300,,,,,AEG MIS,,, -siemens s7-300,,,,,aeg,,, -siemens s7-300,,,,,AEG,,, -siemens s7-300,,,,,AEM,,, -siemens s7-300,,,,,aem,,, -siemens s7-300,,,,,aeroflex,,, -siemens s7-300,,,,,Aeroflex,,, -siemens s7-300,,,,,AEROFLEX,,, -siemens s7-300,,,,,aft,,, -siemens s7-300,,,,,AFT,,, -siemens s7-300,,,,,aitech,,, -siemens s7-300,,,,,AITECH,,, -siemens s7-300,,,,,akiwa,,, -siemens s7-300,,,,,AKIWA,,, -siemens s7-300,,,,,albright,,, -siemens s7-300,,,,,ALBRIGHT,,, -siemens s7-300,,,,,alcor,,, -siemens s7-300,,,,,ALCOR,,, -siemens s7-300,,,,,aleph,,, -siemens s7-300,,,,,ALEPH,,, -siemens s7-300,,,,,ALFA,,, -siemens s7-300,,,,,alfaMag,,, -siemens s7-300,,,,,ALFAMAG,,, -siemens s7-300,,,,,alfa'r,,, -siemens s7-300,,,,,ALFA'R,,, -siemens s7-300,,,,,alfatron,,, -siemens s7-300,,,,,ALFATRON,,, -siemens s7-300,,,,,ali,,, -siemens s7-300,,,,,ALI,,, -siemens s7-300,,,,,all,,, -siemens s7-300,,,,,ALL,,, -siemens s7-300,,,,,allegro,,, -siemens s7-300,,,,,ALLEGRO,,, -siemens s7-300,,,,,allen,,, -siemens s7-300,,,,,ALLEN,,, -siemens s7-300,,,,,alliance,,, -siemens s7-300,,,,,ALLIANCE,,, -siemens s7-300,,,,,allied,,, -siemens s7-300,,,,,ALLIED,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpine,,, -siemens s7-300,,,,,ALPINE,,, -siemens s7-300,,,,,alps,,, -siemens s7-300,,,,,ALPS,,, -siemens s7-300,,,,,altera,,, -siemens s7-300,,,,,ALTERA,,, -siemens s7-300,,,,,amber,,, -siemens s7-300,,,,,AMBER,,, -siemens s7-300,,,,,amd,,, -siemens s7-300,,,,,AMD,,, -siemens s7-300,,,,,american,,, -siemens s7-300,,,,,AMERICAN,,, -siemens s7-300,,,,,ametherm,,, -siemens s7-300,,,,,AMETHERM,,, -siemens s7-300,,,,,ami,,, -siemens s7-300,,,,,AMI,,, -siemens s7-300,,,,,amic,,, -siemens s7-300,,,,,AMIC,,, -siemens s7-300,,,,,amis,,, -siemens s7-300,,,,,AMIS,,, -siemens s7-300,,,,,ammc,,, -siemens s7-300,,,,,AMMC,,, -siemens s7-300,,,,,amp,,, -siemens s7-300,,,,,AMP,,, -siemens s7-300,,,,,amperite,,, -siemens s7-300,,,,,AMPERITE,,, -siemens s7-300,,,,,amphenol,,, -siemens s7-300,,,,,AMPHENOL,,, -siemens s7-300,,,,,ampire,,, -siemens s7-300,,,,,AMPIRE,,, -siemens s7-300,,,,,amt,,, -siemens s7-300,,,,,AMT,,, -siemens s7-300,,,,,anachip,,, -siemens s7-300,,,,,ANACHIP,,, -siemens s7-300,,,,,anadigic,,, -siemens s7-300,,,,,ANADIGIC,,, -siemens s7-300,,,,,anadigm,,, -siemens s7-300,,,,,ANADIGM,,, -siemens s7-300,,,,,analog,,, -siemens s7-300,,,,,ANALOG,,, -siemens s7-300,,,,,analogic,,, -siemens s7-300,,,,,ANALOGIC,,, -siemens s7-300,,,,,anaren,,, -siemens s7-300,,,,,ANAREN,,, -siemens s7-300,,,,,angel,,, -siemens s7-300,,,,,ANGEL,,, -siemens s7-300,,,,,angle,,, -siemens s7-300,,,,,ANGLE,,, -siemens s7-300,,,,,anicust,,, -siemens s7-300,,,,,ANICUST,,, -siemens s7-300,,,,,anla,,, -siemens s7-300,,,,,ANLA,,, -siemens s7-300,,,,,anleim,,, -siemens s7-300,,,,,Anleim,,, -siemens s7-300,,,,,ANLEIM,,, -siemens s7-300,,,,,anritsu,,, -siemens s7-300,,,,,ANRITSU,,, -siemens s7-300,,,,,ANS#150,,, -siemens s7-300,,,,,anshan,,, -siemens s7-300,,,,,ANSHAN,,, -siemens s7-300,,,,,ansmann,,, -siemens s7-300,,,,,ANSMANN,,, -siemens s7-300,,,,,any@,,, -siemens s7-300,,,,,anycom,,, -siemens s7-300,,,,,ANYCOM,,, -siemens s7-300,,,,,anydata,,, -siemens s7-300,,,,,ANYDATA,,, -siemens s7-300,,,,,anyone,,, -siemens s7-300,,,,,ANYONE,,, -siemens s7-300,,,,,anyway,,, -siemens s7-300,,,,,ANYWAY,,, -siemens s7-300,,,,,apbodiur,,, -siemens s7-300,,,,,APBODIUR,,, -siemens s7-300,,,,,apc,,, -siemens s7-300,,,,,APC,,, -siemens s7-300,,,,,apem,,, -siemens s7-300,,,,,APEM,,, -siemens s7-300,,,,,apex,,, -siemens s7-300,,,,,APEX,,, -siemens s7-300,,,,,api,,, -siemens s7-300,,,,,API,,, -siemens s7-300,,,,,aplus,,, -siemens s7-300,,,,,APLUS,,, -siemens s7-300,,,,,apm,,, -siemens s7-300,,,,,APM,,, -siemens s7-300,,,,,a-power,,, -siemens s7-300,,,,,A-POWER,,, -siemens s7-300,,,,,app,,, -siemens s7-300,,,,,APP,,, -siemens s7-300,,,,,applied,,, -siemens s7-300,,,,,APPLIED,,, -siemens s7-300,,,,,apra,,, -siemens s7-300,,,,,APRA,,, -siemens s7-300,,,,,arsenal,,, -siemens s7-300,,,,,ARSENAL,,, -siemens s7-300,,,,,articon,,, -siemens s7-300,,,,,ARTICON,,, -siemens s7-300,,,,,asante,,, -siemens s7-300,,,,,Asante,,, -siemens s7-300,,,,,ASANTE,,, -siemens s7-300,,,,,ascend,,, -siemens s7-300,,,,,Ascend,,, -siemens s7-300,,,,,ASCEND,,, -siemens s7-300,,,,,asd,,, -siemens s7-300,,,,,ASD,,, -siemens s7-300,,,,,asdf,,, -siemens s7-300,,,,,ASDF,,, -siemens s7-300,,,,,asdfg,,, -siemens s7-300,,,,,ASDFG,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,ASDFGH,,, -siemens s7-300,,,,,asdfghj,,, -siemens s7-300,,,,,ASDFGHJ,,, -siemens s7-300,,,,,asdfghjk,,, -siemens s7-300,,,,,ASDFGHJK,,, -siemens s7-300,,,,,asi,,, -siemens s7-300,,,,,ASI,,, -siemens s7-300,,,,,asutp,,, -siemens s7-300,,,,,ASUTP,,, -siemens s7-300,,,,,at4400,,, -siemens s7-300,,,,,AT4400,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,ATC,,, -siemens s7-300,,,,,atc123,,, -siemens s7-300,,,,,ATC123,,, -siemens s7-300,,,,,atlantis,,, -siemens s7-300,,,,,ATLANTIS,,, -siemens s7-300,,,,,attack,,, -siemens s7-300,,,,,ATTACK,,, -siemens s7-300,,,,,autohors,,, -siemens s7-300,,,,,AUTOHORS,,, -siemens s7-300,,,,,azsxdc,,, -siemens s7-300,,,,,AZSXDC,,, -siemens s7-300,,,,,b,,, -siemens s7-300,,,,,B,,, -siemens s7-300,,,,,b&r,,, -siemens s7-300,,,,,B&R,,, -siemens s7-300,,,,,B2H4,,, -siemens s7-300,,,,,B9W3,,, -siemens s7-300,,,,,back,,, -siemens s7-300,,,,,BACK,,, -siemens s7-300,,,,,backdoor,,, -siemens s7-300,,,,,BACKDOOR,,, -siemens s7-300,,,,,badboy,,, -siemens s7-300,,,,,BADBOY,,, -siemens s7-300,,,,,barricade,,, -siemens s7-300,,,,,BARRICADE,,, -siemens s7-300,,,,,baseball,,, -siemens s7-300,,,,,BASEBALL,,, -siemens s7-300,,,,,bb,,, -siemens s7-300,,,,,BB,,, -siemens s7-300,,,,,bbb,,, -siemens s7-300,,,,,BBB,,, -siemens s7-300,,,,,bbbb,,, -siemens s7-300,,,,,BBBB,,, -siemens s7-300,,,,,bbbbb,,, -siemens s7-300,,,,,BBBBB,,, -siemens s7-300,,,,,bbbbbb,,, -siemens s7-300,,,,,BBBBBB,,, -siemens s7-300,,,,,bbbbbbb,,, -siemens s7-300,,,,,BBBBBBB,,, -siemens s7-300,,,,,bbbbbbbb,,, -siemens s7-300,,,,,BBBBBBBB,,, -siemens s7-300,,,,,bciimpw,,, -siemens s7-300,,,,,BCIIMPW,,, -siemens s7-300,,,,,bcimpw,,, -siemens s7-300,,,,,BCIMPW,,, -siemens s7-300,,,,,bcnaspw,,, -siemens s7-300,,,,,BCNASPW,,, -siemens s7-300,,,,,beatch,,, -siemens s7-300,,,,,BEATCH,,, -siemens s7-300,,,,,beerbeer,,, -siemens s7-300,,,,,BEERBEER,,, -siemens s7-300,,,,,betera,,, -siemens s7-300,,,,,BETERA,,, -siemens s7-300,,,,,bible,,, -siemens s7-300,,,,,BIBLE,,, -siemens s7-300,,,,,bintec,,, -siemens s7-300,,,,,BINTEC,,, -siemens s7-300,,,,,birdie,,, -siemens s7-300,,,,,BIRDIE,,, -siemens s7-300,,,,,black,,, -siemens s7-300,,,,,BLACK,,, -siemens s7-300,,,,,blaster,,, -siemens s7-300,,,,,BLASTER,,, -siemens s7-300,,,,,blender,,, -siemens s7-300,,,,,BLENDER,,, -siemens s7-300,,,,,blink,,, -siemens s7-300,,,,,BLINK,,, -siemens s7-300,,,,,blink182,,, -siemens s7-300,,,,,BLINK182,,, -siemens s7-300,,,,,bluepw,,, -siemens s7-300,,,,,BLUEPW,,, -siemens s7-300,,,,,bowling,,, -siemens s7-300,,,,,BOWLING,,, -siemens s7-300,,,,,bradley,,, -siemens s7-300,,,,,BRADLEY,,, -siemens s7-300,,,,,bridge,,, -siemens s7-300,,,,,BRIDGE,,, -siemens s7-300,,,,,bright,,, -siemens s7-300,,,,,BRIGHT,,, -siemens s7-300,,,,,c,,, -siemens s7-300,,,,,C,,, -siemens s7-300,,,,,ca01,,, -siemens s7-300,,,,,CA01,,, -siemens s7-300,,,,,cacadmin,,, -siemens s7-300,,,,,CACADMIN,,, -siemens s7-300,,,,,cactus,,, -siemens s7-300,,,,,CACTUS,,, -siemens s7-300,,,,,calvin,,, -siemens s7-300,,,,,CALVIN,,, -siemens s7-300,,,,,can,,, -siemens s7-300,,,,,CAN,,, -siemens s7-300,,,,,canbus,,, -siemens s7-300,,,,,CANBUS,,, -siemens s7-300,,,,,carolian,,, -siemens s7-300,,,,,CAROLIAN,,, -siemens s7-300,,,,,cascade,,, -siemens s7-300,,,,,CASCADE,,, -siemens s7-300,,,,,cc,,, -siemens s7-300,,,,,CC,,, -siemens s7-300,,,,,ccc,,, -siemens s7-300,,,,,CCC,,, -siemens s7-300,,,,,cccc,,, -siemens s7-300,,,,,CCCC,,, -siemens s7-300,,,,,ccccc,,, -siemens s7-300,,,,,CCCCC,,, -siemens s7-300,,,,,cccccc,,, -siemens s7-300,,,,,CCCCCC,,, -siemens s7-300,,,,,ccccccc,,, -siemens s7-300,,,,,CCCCCCC,,, -siemens s7-300,,,,,cccccccc,,, -siemens s7-300,,,,,CCCCCCCC,,, -siemens s7-300,,,,,ccrusr,,, -siemens s7-300,,,,,CCRUSR,,, -siemens s7-300,,,,,cellit,,, -siemens s7-300,,,,,CELLIT,,, -siemens s7-300,,,,,cfc,,, -siemens s7-300,,,,,CFC,,, -siemens s7-300,,,,,CHABGEME,,, -siemens s7-300,,,,,changeme,,, -siemens s7-300,,,,,CHANGEME,,, -siemens s7-300,,,,,changit,,, -siemens s7-300,,,,,CHANGIT,,, -siemens s7-300,,,,,charlie,,, -siemens s7-300,,,,,CHARLIE,,, -siemens s7-300,,,,,cisco,,, -siemens s7-300,,,,,Cisco,,, -siemens s7-300,,,,,CISCO,,, -siemens s7-300,,,,,citel,,, -siemens s7-300,,,,,CITEL,,, -siemens s7-300,,,,,client,,, -siemens s7-300,,,,,CLIENT,,, -siemens s7-300,,,,,cmaker,,, -siemens s7-300,,,,,CMAKER,,, -siemens s7-300,,,,,cms500,,, -siemens s7-300,,,,,CMS500,,, -siemens s7-300,,,,,cnas,,, -siemens s7-300,,,,,CNAS,,, -siemens s7-300,,,,,cody,,, -siemens s7-300,,,,,CODY,,, -siemens s7-300,,,,,cognos,,, -siemens s7-300,,,,,COGNOS,,, -siemens s7-300,,,,,Col2ogro2,,, -siemens s7-300,,,,,computer,,, -siemens s7-300,,,,,COMPUTER,,, -siemens s7-300,,,,,connect,,, -siemens s7-300,,,,,CONNECT,,, -siemens s7-300,,,,,conv,,, -siemens s7-300,,,,,CONV,,, -siemens s7-300,,,,,cool,,, -siemens s7-300,,,,,COOL,,, -siemens s7-300,,,,,corecess,,, -siemens s7-300,,,,,CORECESS,,, -siemens s7-300,,,,,cosmos,,, -siemens s7-300,,,,,COSMOS,,, -siemens s7-300,,,,,craft,,, -siemens s7-300,,,,,CRAFT,,, -siemens s7-300,,,,,craftpw,,, -siemens s7-300,,,,,CRAFTPW,,, -siemens s7-300,,,,,crftpw,,, -siemens s7-300,,,,,CRFTPW,,, -siemens s7-300,,,,,crystal,,, -siemens s7-300,,,,,CRYSTAL,,, -siemens s7-300,,,,,ct/1,,, -siemens s7-300,,,,,customer,,, -siemens s7-300,,,,,CUSTOMER,,, -siemens s7-300,,,,,custpw,,, -siemens s7-300,,,,,CUSTPW,,, -siemens s7-300,,,,,d,,, -siemens s7-300,,,,,D,,, -siemens s7-300,,,,,d.e.b.u.g,,, -siemens s7-300,,,,,d00m,,, -siemens s7-300,,,,,D00M,,, -siemens s7-300,,,,,dadmin01,,, -siemens s7-300,,,,,DADMIN01,,, -siemens s7-300,,,,,danger,,, -siemens s7-300,,,,,DANGER,,, -siemens s7-300,,,,,database,,, -siemens s7-300,,,,,DATABASE,,, -siemens s7-300,,,,,davox,,, -siemens s7-300,,,,,dbps,,, -siemens s7-300,,,,,DBPS,,, -siemens s7-300,,,,,dd,,, -siemens s7-300,,,,,DD,,, -siemens s7-300,,,,,ddd,,, -siemens s7-300,,,,,DDD,,, -siemens s7-300,,,,,dddd,,, -siemens s7-300,,,,,DDDD,,, -siemens s7-300,,,,,ddddd,,, -siemens s7-300,,,,,DDDDD,,, -siemens s7-300,,,,,dddddd,,, -siemens s7-300,,,,,DDDDDD,,, -siemens s7-300,,,,,ddddddd,,, -siemens s7-300,,,,,DDDDDDD,,, -siemens s7-300,,,,,dddddddd,,, -siemens s7-300,,,,,DDDDDDDD,,, -siemens s7-300,,,,,dean,,, -siemens s7-300,,,,,DEAN,,, -siemens s7-300,,,,,default,,, -siemens s7-300,,,,,DEFAULT,,, -siemens s7-300,,,,,delevan,,, -siemens s7-300,,,,,demo,,, -siemens s7-300,,,,,DEMO,,, -siemens s7-300,,,,,denise,,, -siemens s7-300,,,,,DENISE,,, -siemens s7-300,,,,,derparol,,, -siemens s7-300,,,,,DERPAROL,,, -siemens s7-300,,,,,DEVEVAN,,, -siemens s7-300,,,,,device,,, -siemens s7-300,,,,,DEVICE,,, -siemens s7-300,,,,,devices,,, -siemens s7-300,,,,,DEVICES,,, -siemens s7-300,,,,,dhs3mt,,, -siemens s7-300,,,,,DHS3MT,,, -siemens s7-300,,,,,dhs3pms,,, -siemens s7-300,,,,,DHS3PMS,,, -siemens s7-300,,,,,diabl0,,, -siemens s7-300,,,,,DIABL0,,, -siemens s7-300,,,,,diablo,,, -siemens s7-300,,,,,DIABLO,,, -siemens s7-300,,,,,diamond,,, -siemens s7-300,,,,,DIAMOND,,, -siemens s7-300,,,,,digital,,, -siemens s7-300,,,,,DIGITAL,,, -siemens s7-300,,,,,DL20,,, -siemens s7-300,,,,,dlink,,, -siemens s7-300,,,,,D-Link,,, -siemens s7-300,,,,,DLINK,,, -siemens s7-300,,,,,dollar,,, -siemens s7-300,,,,,DOLLAR,,, -siemens s7-300,,,,,doom,,, -siemens s7-300,,,,,DOOM,,, -siemens s7-300,,,,,draadloos,,, -siemens s7-300,,,,,DRAADLOOS,,, -siemens s7-300,,,,,drivees,,, -siemens s7-300,,,,,DRIVEES,,, -siemens s7-300,,,,,e,,, -siemens s7-300,,,,,E,,, -siemens s7-300,,,,,echo,,, -siemens s7-300,,,,,ECHO,,, -siemens s7-300,,,,,ee,,, -siemens s7-300,,,,,EE,,, -siemens s7-300,,,,,eee,,, -siemens s7-300,,,,,EEE,,, -siemens s7-300,,,,,eeee,,, -siemens s7-300,,,,,EEEE,,, -siemens s7-300,,,,,eeeee,,, -siemens s7-300,,,,,EEEEE,,, -siemens s7-300,,,,,eeeeee,,, -siemens s7-300,,,,,EEEEEE,,, -siemens s7-300,,,,,eeeeeee,,, -siemens s7-300,,,,,EEEEEEE,,, -siemens s7-300,,,,,eeeeeeee,,, -siemens s7-300,,,,,EEEEEEEE,,, -siemens s7-300,,,,,EGDFV,,, -siemens s7-300,,,,,electrin,,, -siemens s7-300,,,,,ELECTRIN,,, -siemens s7-300,,,,,elvis,,, -siemens s7-300,,,,,ELVIS,,, -siemens s7-300,,,,,enable,,, -siemens s7-300,,,,,ENABLE,,, -siemens s7-300,,,,,energy,,, -siemens s7-300,,,,,ENERGY,,, -siemens s7-300,,,,,engineer,,, -siemens s7-300,,,,,ENGINEER,,, -siemens s7-300,,,,,eqdfv,,, -siemens s7-300,,,,,err0r,,, -siemens s7-300,,,,,ERR0R,,, -siemens s7-300,,,,,error,,, -siemens s7-300,,,,,evening,,, -siemens s7-300,,,,,EVENING,,, -siemens s7-300,,,,,Exabyte,,, -siemens s7-300,,,,,EXABYTE,,, -siemens s7-300,,,,,expert03,,, -siemens s7-300,,,,,EXPERT03,,, -siemens s7-300,,,,,f,,, -siemens s7-300,,,,,F,,, -siemens s7-300,,,,,father,,, -siemens s7-300,,,,,FATHER,,, -siemens s7-300,,,,,fbd,,, -siemens s7-300,,,,,FBD,,, -siemens s7-300,,,,,ff,,, -siemens s7-300,,,,,FF,,, -siemens s7-300,,,,,fff,,, -siemens s7-300,,,,,FFF,,, -siemens s7-300,,,,,ffff,,, -siemens s7-300,,,,,FFFF,,, -siemens s7-300,,,,,fffff,,, -siemens s7-300,,,,,FFFFF,,, -siemens s7-300,,,,,ffffff,,, -siemens s7-300,,,,,FFFFFF,,, -siemens s7-300,,,,,fffffff,,, -siemens s7-300,,,,,FFFFFFF,,, -siemens s7-300,,,,,ffffffff,,, -siemens s7-300,,,,,FFFFFFFF,,, -siemens s7-300,,,,,field,,, -siemens s7-300,,,,,FIELD,,, -siemens s7-300,,,,,fire,,, -siemens s7-300,,,,,FIRE,,, -siemens s7-300,,,,,Fireport,,, -siemens s7-300,,,,,FIREPORT,,, -siemens s7-300,,,,,fish,,, -siemens s7-300,,,,,FISH,,, -siemens s7-300,,,,,fivranne,,, -siemens s7-300,,,,,FIVRANNE,,, -siemens s7-300,,,,,flash,,, -siemens s7-300,,,,,FLASH,,, -siemens s7-300,,,,,flex,,, -siemens s7-300,,,,,FLEX,,, -siemens s7-300,,,,,flexible,,, -siemens s7-300,,,,,FLEXIBLE,,, -siemens s7-300,,,,,football,,, -siemens s7-300,,,,,FOOTBALL,,, -siemens s7-300,,,,,friend,,, -siemens s7-300,,,,,FRIEND,,, -siemens s7-300,,,,,fuck,,, -siemens s7-300,,,,,FUCK,,, -siemens s7-300,,,,,fuckoff,,, -siemens s7-300,,,,,FUCKOFF,,, -siemens s7-300,,,,,fuckyou,,, -siemens s7-300,,,,,FUCKYOU,,, -siemens s7-300,,,,,g,,, -siemens s7-300,,,,,G,,, -siemens s7-300,,,,,g00gle,,, -siemens s7-300,,,,,G00GLE,,, -siemens s7-300,,,,,G0F9,,, -siemens s7-300,,,,,G0K1,,, -siemens s7-300,,,,,G6K6,,, -siemens s7-300,,,,,gama,,, -siemens s7-300,,,,,GAMA,,, -siemens s7-300,,,,,ganteng,,, -siemens s7-300,,,,,GAWSED,,, -siemens s7-300,,,,,Geardog,,, -siemens s7-300,,,,,GEARDOG,,, -siemens s7-300,,,,,gen1,,, -siemens s7-300,,,,,gen2,,, -siemens s7-300,,,,,gfcc,,, -siemens s7-300,,,,,GFCC,,, -siemens s7-300,,,,,gfccdjhl,,, -siemens s7-300,,,,,GFCCDJHL,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,GFHJKM,,, -siemens s7-300,,,,,gg,,, -siemens s7-300,,,,,GG,,, -siemens s7-300,,,,,ggg,,, -siemens s7-300,,,,,GGG,,, -siemens s7-300,,,,,gggg,,, -siemens s7-300,,,,,GGGG,,, -siemens s7-300,,,,,ggggg,,, -siemens s7-300,,,,,GGGGG,,, -siemens s7-300,,,,,gggggg,,, -siemens s7-300,,,,,GGGGGG,,, -siemens s7-300,,,,,ggggggg,,, -siemens s7-300,,,,,GGGGGGG,,, -siemens s7-300,,,,,gggggggg,,, -siemens s7-300,,,,,GGGGGGGG,,, -siemens s7-300,,,,,ghbdtn,,, -siemens s7-300,,,,,GHBDTN,,, -siemens s7-300,,,,,GHOST,,, -siemens s7-300,,,,,ghost,,, -siemens s7-300,,,,,goal,,, -siemens s7-300,,,,,GOAL,,, -siemens s7-300,,,,,golf,,, -siemens s7-300,,,,,GOLF,,, -siemens s7-300,,,,,google,,, -siemens s7-300,,,,,GOOGLE,,, -siemens s7-300,,,,,got,,, -siemens s7-300,,,,,GOT,,, -siemens s7-300,,,,,guest,,, -siemens s7-300,,,,,GUEST,,, -siemens s7-300,,,,,h,,, -siemens s7-300,,,,,H,,, -siemens s7-300,,,,,hardware,,, -siemens s7-300,,,,,HARDWARE,,, -siemens s7-300,,,,,harley,,, -siemens s7-300,,,,,helen,,, -siemens s7-300,,,,,HELEN,,, -siemens s7-300,,,,,hello,,, -siemens s7-300,,,,,HELLO,,, -siemens s7-300,,,,,help,,, -siemens s7-300,,,,,HELP,,, -siemens s7-300,,,,,help1954,,, -siemens s7-300,,,,,HELP1954,,, -siemens s7-300,,,,,Helpdesk,,, -siemens s7-300,,,,,HELPDESK,,, -siemens s7-300,,,,,hexseal,,, -siemens s7-300,,,,,HEXSEAL,,, -siemens s7-300,,,,,hh,,, -siemens s7-300,,,,,HH,,, -siemens s7-300,,,,,hhh,,, -siemens s7-300,,,,,HHH,,, -siemens s7-300,,,,,hhhh,,, -siemens s7-300,,,,,HHHH,,, -siemens s7-300,,,,,hhhhh,,, -siemens s7-300,,,,,HHHHH,,, -siemens s7-300,,,,,hhhhhh,,, -siemens s7-300,,,,,HHHHHH,,, -siemens s7-300,,,,,hhhhhhh,,, -siemens s7-300,,,,,HHHHHHH,,, -siemens s7-300,,,,,hhhhhhhh,,, -siemens s7-300,,,,,HHHHHHHH,,, -siemens s7-300,,,,,highspeed,,, -siemens s7-300,,,,,HIGHSPEED,,, -siemens s7-300,,,,,hinear,,, -siemens s7-300,,,,,HINEAR,,, -siemens s7-300,,,,,home,,, -siemens s7-300,,,,,HOME,,, -siemens s7-300,,,,,homeplug,,, -siemens s7-300,,,,,HomePlug,,, -siemens s7-300,,,,,HOMEPLUG,,, -siemens s7-300,,,,,honda,,, -siemens s7-300,,,,,HONDA,,, -siemens s7-300,,,,,HP,,, -siemens s7-300,,,,,hp.com,,, -siemens s7-300,,,,,hpoffice,,, -siemens s7-300,,,,,HPOFFICE,,, -siemens s7-300,,,,,hponly,,, -siemens s7-300,,,,,HPONLY,,, -siemens s7-300,,,,,HPP187,,, -siemens s7-300,,,,,HPP189,,, -siemens s7-300,,,,,HPP196,,, -siemens s7-300,,,,,hrloo,,, -siemens s7-300,,,,,HRLOO,,, -siemens s7-300,,,,,hsadb,,, -siemens s7-300,,,,,http,,, -siemens s7-300,,,,,HTTP,,, -siemens s7-300,,,,,i,,, -siemens s7-300,,,,,I,,, -siemens s7-300,,,,,iDirect,,, -siemens s7-300,,,,,IDIRECT,,, -siemens s7-300,,,,,ii,,, -siemens s7-300,,,,,II,,, -siemens s7-300,,,,,iii,,, -siemens s7-300,,,,,III,,, -siemens s7-300,,,,,iiii,,, -siemens s7-300,,,,,IIII,,, -siemens s7-300,,,,,iiiii,,, -siemens s7-300,,,,,IIIII,,, -siemens s7-300,,,,,iiiiii,,, -siemens s7-300,,,,,IIIIII,,, -siemens s7-300,,,,,iiiiiii,,, -siemens s7-300,,,,,IIIIIII,,, -siemens s7-300,,,,,iiiiiiii,,, -siemens s7-300,,,,,IIIIIIII,,, -siemens s7-300,,,,,ILMI,,, -siemens s7-300,,,,,iloveyou,,, -siemens s7-300,,,,,ILOVEYOU,,, -siemens s7-300,,,,,images,,, -siemens s7-300,,,,,IMAGES,,, -siemens s7-300,,,,,inads,,, -siemens s7-300,,,,,INADS,,, -siemens s7-300,,,,,inc,,, -siemens s7-300,,,,,INC,,, -siemens s7-300,,,,,indspw,,, -siemens s7-300,,,,,INDSPW,,, -siemens s7-300,,,,,inferno,,, -siemens s7-300,,,,,INFERNO,,, -siemens s7-300,,,,,initpw,,, -siemens s7-300,,,,,INITPW,,, -siemens s7-300,,,,,Inmet,,, -siemens s7-300,,,,,inmet,,, -siemens s7-300,,,,,INMET,,, -siemens s7-300,,,,,Intel,,, -siemens s7-300,,,,,INTEL,,, -siemens s7-300,,,,,internet,,, -siemens s7-300,,,,,Internet,,, -siemens s7-300,,,,,INTERNET,,, -siemens s7-300,,,,,INTX3,,, -siemens s7-300,,,,,ironport,,, -siemens s7-300,,,,,IRONPORT,,, -siemens s7-300,,,,,isee,,, -siemens s7-300,,,,,ISEE,,, -siemens s7-300,,,,,isp,,, -siemens s7-300,,,,,ISP,,, -siemens s7-300,,,,,ITF3000,,, -siemens s7-300,,,,,j,,, -siemens s7-300,,,,,J,,, -siemens s7-300,,,,,J6R6,,, -siemens s7-300,,,,,J6W8,,, -siemens s7-300,,,,,jack,,, -siemens s7-300,,,,,JACK,,, -siemens s7-300,,,,,janet,,, -siemens s7-300,,,,,JANET,,, -siemens s7-300,,,,,jannie,,, -siemens s7-300,,,,,JANNIE,,, -siemens s7-300,,,,,jasmine,,, -siemens s7-300,,,,,JASMINE,,, -siemens s7-300,,,,,JDE,,, -siemens s7-300,,,,,jj,,, -siemens s7-300,,,,,JJ,,, -siemens s7-300,,,,,jjj,,, -siemens s7-300,,,,,JJJ,,, -siemens s7-300,,,,,jjjj,,, -siemens s7-300,,,,,JJJJ,,, -siemens s7-300,,,,,jjjjj,,, -siemens s7-300,,,,,JJJJJ,,, -siemens s7-300,,,,,jjjjjj,,, -siemens s7-300,,,,,JJJJJJ,,, -siemens s7-300,,,,,jjjjjjj,,, -siemens s7-300,,,,,JJJJJJJ,,, -siemens s7-300,,,,,jjjjjjjj,,, -siemens s7-300,,,,,JJJJJJJJ,,, -siemens s7-300,,,,,JOCKER,,, -siemens s7-300,,,,,john,,, -siemens s7-300,,,,,JOHN,,, -siemens s7-300,,,,,joker,,, -siemens s7-300,,,,,jordan,,, -siemens s7-300,,,,,JORDAN,,, -siemens s7-300,,,,,jordan23,,, -siemens s7-300,,,,,JORDAN23,,, -siemens s7-300,,,,,JR58,,, -siemens s7-300,,,,,JR59,,, -siemens s7-300,,,,,k,,, -siemens s7-300,,,,,K,,, -siemens s7-300,,,,,kermit,,, -siemens s7-300,,,,,KERMIT,,, -siemens s7-300,,,,,killer,,, -siemens s7-300,,,,,KILLER,,, -siemens s7-300,,,,,killme,,, -siemens s7-300,,,,,kilo1987,,, -siemens s7-300,,,,,KILO1987,,, -siemens s7-300,,,,,kk,,, -siemens s7-300,,,,,KK,,, -siemens s7-300,,,,,kkk,,, -siemens s7-300,,,,,KKK,,, -siemens s7-300,,,,,kkkk,,, -siemens s7-300,,,,,KKKK,,, -siemens s7-300,,,,,kkkkk,,, -siemens s7-300,,,,,KKKKK,,, -siemens s7-300,,,,,kkkkkk,,, -siemens s7-300,,,,,KKKKKK,,, -siemens s7-300,,,,,kkkkkkk,,, -siemens s7-300,,,,,KKKKKKK,,, -siemens s7-300,,,,,kkkkkkkk,,, -siemens s7-300,,,,,KKKKKKKK,,, -siemens s7-300,,,,,korn,,, -siemens s7-300,,,,,KORN,,, -siemens s7-300,,,,,l,,, -siemens s7-300,,,,,L,,, -siemens s7-300,,,,,lad,,, -siemens s7-300,,,,,LAD,,, -siemens s7-300,,,,,laflaf,,, -siemens s7-300,,,,,LAFLAF,,, -siemens s7-300,,,,,letacla,,, -siemens s7-300,,,,,LETACLA,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,LETMEIN,,, -siemens s7-300,,,,,level1,,, -siemens s7-300,,,,,LEVEL1,,, -siemens s7-300,,,,,leviton,,, -siemens s7-300,,,,,LEVITON,,, -siemens s7-300,,,,,LILLME,,, -siemens s7-300,,,,,linga,,, -siemens s7-300,,,,,LINGA,,, -siemens s7-300,,,,,linux,,, -siemens s7-300,,,,,LINUX,,, -siemens s7-300,,,,,lisa,,, -siemens s7-300,,,,,LISA,,, -siemens s7-300,,,,,ll,,, -siemens s7-300,,,,,LL,,, -siemens s7-300,,,,,llatsni,,, -siemens s7-300,,,,,LLATSNI,,, -siemens s7-300,,,,,lll,,, -siemens s7-300,,,,,LLL,,, -siemens s7-300,,,,,llll,,, -siemens s7-300,,,,,LLLL,,, -siemens s7-300,,,,,lllll,,, -siemens s7-300,,,,,LLLLL,,, -siemens s7-300,,,,,llllll,,, -siemens s7-300,,,,,LLLLLL,,, -siemens s7-300,,,,,lllllll,,, -siemens s7-300,,,,,LLLLLLL,,, -siemens s7-300,,,,,llllllll,,, -siemens s7-300,,,,,LLLLLLLL,,, -siemens s7-300,,,,,locatepw,,, -siemens s7-300,,,,,LOCATEPW,,, -siemens s7-300,,,,,lock,,, -siemens s7-300,,,,,LOCK,,, -siemens s7-300,,,,,login,,, -siemens s7-300,,,,,LOGIN,,, -siemens s7-300,,,,,looker,,, -siemens s7-300,,,,,LOOKER,,, -siemens s7-300,,,,,lotus,,, -siemens s7-300,,,,,LOTUS,,, -siemens s7-300,,,,,love,,, -siemens s7-300,,,,,LOVE,,, -siemens s7-300,,,,,ltd,,, -siemens s7-300,,,,,LTD,,, -siemens s7-300,,,,,lucky,,, -siemens s7-300,,,,,LUCKY,,, -siemens s7-300,,,,,m,,, -siemens s7-300,,,,,M,,, -siemens s7-300,,,,,m1122,,, -siemens s7-300,,,,,M1122,,, -siemens s7-300,,,,,mail,,, -siemens s7-300,,,,,MAIL,,, -siemens s7-300,,,,,maint,,, -siemens s7-300,,,,,MAINT,,, -siemens s7-300,,,,,maintpw,,, -siemens s7-300,,,,,MAINTPW,,, -siemens s7-300,,,,,manager,,, -siemens s7-300,,,,,Manager,,, -siemens s7-300,,,,,MANAGER,,, -siemens s7-300,,,,,maniac,,, -siemens s7-300,,,,,MANIAC,,, -siemens s7-300,,,,,master,,, -siemens s7-300,,,,,Master,,, -siemens s7-300,,,,,MASTER,,, -siemens s7-300,,,,,masterkey,,, -siemens s7-300,,,,,MASTERKEY,,, -siemens s7-300,,,,,Mau'dib,,, -siemens s7-300,,,,,mediator,,, -siemens s7-300,,,,,MEDIATOR,,, -siemens s7-300,,,,,medion,,, -siemens s7-300,,,,,MEDION,,, -siemens s7-300,,,,,MGR,,, -siemens s7-300,,,,,micro,,, -siemens s7-300,,,,,MICRO,,, -siemens s7-300,,,,,microwav,,, -siemens s7-300,,,,,MICROWAV,,, -siemens s7-300,,,,,miller,,, -siemens s7-300,,,,,MILLLER,,, -siemens s7-300,,,,,MiniAP,,, -siemens s7-300,,,,,mis,,, -siemens s7-300,,,,,MIS,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ_,,, -siemens s7-300,,,,,mlusr,,, -siemens s7-300,,,,,MLUSR,,, -siemens s7-300,,,,,mm,,, -siemens s7-300,,,,,MM,,, -siemens s7-300,,,,,mmm,,, -siemens s7-300,,,,,MMM,,, -siemens s7-300,,,,,mmmm,,, -siemens s7-300,,,,,MMMM,,, -siemens s7-300,,,,,mmmmm,,, -siemens s7-300,,,,,MMMMM,,, -siemens s7-300,,,,,mmmmmm,,, -siemens s7-300,,,,,MMMMMM,,, -siemens s7-300,,,,,mmmmmmm,,, -siemens s7-300,,,,,MMMMMMM,,, -siemens s7-300,,,,,mmmmmmmm,,, -siemens s7-300,,,,,MMMMMMMM,,, -siemens s7-300,,,,,modul,,, -siemens s7-300,,,,,MODUL,,, -siemens s7-300,,,,,module,,, -siemens s7-300,,,,,MODULE,,, -siemens s7-300,,,,,money,,, -siemens s7-300,,,,,MONEY,,, -siemens s7-300,,,,,monitor,,, -siemens s7-300,,,,,MONITOR,,, -siemens s7-300,,,,,monkey,,, -siemens s7-300,,,,,MONKEY,,, -siemens s7-300,,,,,mosmatic,,, -siemens s7-300,,,,,MOSMATIC,,, -siemens s7-300,,,,,mother,,, -siemens s7-300,,,,,MOTHER,,, -siemens s7-300,,,,,motorola,,, -siemens s7-300,,,,,MOTOROLA,,, -siemens s7-300,,,,,mouse,,, -siemens s7-300,,,,,MOUSE,,, -siemens s7-300,,,,,MPE,,, -siemens s7-300,,,,,MServer,,, -siemens s7-300,,,,,mtch,,, -siemens s7-300,,,,,MTCH,,, -siemens s7-300,,,,,Multi,,, -siemens s7-300,,,,,mustang,,, -siemens s7-300,,,,,MUSTANG,,, -siemens s7-300,,,,,mypass,,, -siemens s7-300,,,,,MYPASS,,, -siemens s7-300,,,,,mypass123,,, -siemens s7-300,,,,,MYPASS123,,, -siemens s7-300,,,,,mypc,,, -siemens s7-300,,,,,MYPC,,, -siemens s7-300,,,,,mypc123,,, -siemens s7-300,,,,,MYPC123,,, -siemens s7-300,,,,,myspace,,, -siemens s7-300,,,,,MYSPACE,,, -siemens s7-300,,,,,myspace1,,, -siemens s7-300,,,,,MYSPACE1,,, -siemens s7-300,,,,,n,,, -siemens s7-300,,,,,N,,, -siemens s7-300,,,,,n/a,,, -siemens s7-300,,,,,N/A,,, -siemens s7-300,,,,,naadmin,,, -siemens s7-300,,,,,NAADMIN,,, -siemens s7-300,,,,,naranja,,, -siemens s7-300,,,,,NARANJA,,, -siemens s7-300,,,,,NAU,,, -siemens s7-300,,,,,Net,,, -siemens s7-300,,,,,NET,,, -siemens s7-300,,,,,netadmin,,, -siemens s7-300,,,,,NETADMIN,,, -siemens s7-300,,,,,netbase,,, -siemens s7-300,,,,,NETBASE,,, -siemens s7-300,,,,,NetCache,,, -siemens s7-300,,,,,NETCACHE,,, -siemens s7-300,,,,,NetICs,,, -siemens s7-300,,,,,netman,,, -siemens s7-300,,,,,NETMAN,,, -siemens s7-300,,,,,netopia,,, -siemens s7-300,,,,,NETOPIA,,, -siemens s7-300,,,,,netscreen,,, -siemens s7-300,,,,,NETSCREEN,,, -siemens s7-300,,,,,netutil,,, -siemens s7-300,,,,,NETUTIL,,, -siemens s7-300,,,,,NetVCR,,, -siemens s7-300,,,,,NETVCR,,, -siemens s7-300,,,,,network,,, -siemens s7-300,,,,,NETWORK,,, -siemens s7-300,,,,,newpass,,, -siemens s7-300,,,,,NEWPASS,,, -siemens s7-300,,,,,niconex,,, -siemens s7-300,,,,,NICONEX,,, -siemens s7-300,,,,,nimdaten,,, -siemens s7-300,,,,,NIMDATEN,,, -siemens s7-300,,,,,nmspw,,, -siemens s7-300,,,,,NMSPW,,, -siemens s7-300,,,,,nn,,, -siemens s7-300,,,,,NN,,, -siemens s7-300,,,,,nnn,,, -siemens s7-300,,,,,NNN,,, -siemens s7-300,,,,,nnnn,,, -siemens s7-300,,,,,NNNN,,, -siemens s7-300,,,,,nnnnn,,, -siemens s7-300,,,,,NNNNN,,, -siemens s7-300,,,,,nnnnnn,,, -siemens s7-300,,,,,NNNNNN,,, -siemens s7-300,,,,,nnnnnnn,,, -siemens s7-300,,,,,NNNNNNN,,, -siemens s7-300,,,,,nnnnnnnn,,, -siemens s7-300,,,,,NNNNNNNN,,, -siemens s7-300,,,,,nokai,,, -siemens s7-300,,,,,NOKAI,,, -siemens s7-300,,,,,notused,,, -siemens s7-300,,,,,NOTUSED,,, -siemens s7-300,,,,,noway,,, -siemens s7-300,,,,,NOWAY,,, -siemens s7-300,,,,,NSADB,,, -siemens s7-300,,,,,ntacdmax,,, -siemens s7-300,,,,,NTACDMAX,,, -siemens s7-300,,,,,null,,, -siemens s7-300,,,,,NULL,,, -siemens s7-300,,,,,o,,, -siemens s7-300,,,,,O,,, -siemens s7-300,,,,,OCS,,, -siemens s7-300,,,,,oem,,, -siemens s7-300,,,,,OEM,,, -siemens s7-300,,,,,OkiLAN,,, -siemens s7-300,,,,,OKILAN,,, -siemens s7-300,,,,,omron,,, -siemens s7-300,,,,,OMRON,,, -siemens s7-300,,,,,oo,,, -siemens s7-300,,,,,OO,,, -siemens s7-300,,,,,ooo,,, -siemens s7-300,,,,,OOO,,, -siemens s7-300,,,,,oooo,,, -siemens s7-300,,,,,OOOO,,, -siemens s7-300,,,,,ooooo,,, -siemens s7-300,,,,,OOOOO,,, -siemens s7-300,,,,,oooooo,,, -siemens s7-300,,,,,OOOOOO,,, -siemens s7-300,,,,,ooooooo,,, -siemens s7-300,,,,,OOOOOOO,,, -siemens s7-300,,,,,oooooooo,,, -siemens s7-300,,,,,OOOOOOOO,,, -siemens s7-300,,,,,op3n,,, -siemens s7-300,,,,,operator,,, -siemens s7-300,,,,,OPERATOR,,, -siemens s7-300,,,,,Opto,,, -siemens s7-300,,,,,OPTO,,, -siemens s7-300,,,,,owner,,, -siemens s7-300,,,,,OWNER,,, -siemens s7-300,,,,,p,,, -siemens s7-300,,,,,P,,, -siemens s7-300,,,,,P@55w0rd!,,, -siemens s7-300,,,,,pas,,, -siemens s7-300,,,,,PAS,,, -siemens s7-300,,,,,pass,,, -siemens s7-300,,,,,PASS,,, -siemens s7-300,,,,,PASSAGE,,, -siemens s7-300,,,,,passage,,, -siemens s7-300,,,,,passw,,, -siemens s7-300,,,,,PASSW,,, -siemens s7-300,,,,,passwd,,, -siemens s7-300,,,,,PASSWD,,, -siemens s7-300,,,,,passwo,,, -siemens s7-300,,,,,PASSWO,,, -siemens s7-300,,,,,passwor,,, -siemens s7-300,,,,,PASSWOR,,, -siemens s7-300,,,,,password,,, -siemens s7-300,,,,,PASSWORD,,, -siemens s7-300,,,,,pat,,, -siemens s7-300,,,,,PAT,,, -siemens s7-300,,,,,paterna,,, -siemens s7-300,,,,,PATERNA,,, -siemens s7-300,,,,,patrick,,, -siemens s7-300,,,,,PATRICK,,, -siemens s7-300,,,,,patrol,,, -siemens s7-300,,,,,PATROL,,, -siemens s7-300,,,,,PBX,,, -siemens s7-300,,,,,pbxk1064,,, -siemens s7-300,,,,,PBXK1064,,, -siemens s7-300,,,,,pcs7,,, -siemens s7-300,,,,,PCS7,,, -siemens s7-300,,,,,pentium,,, -siemens s7-300,,,,,PENTIUM,,, -siemens s7-300,,,,,pento,,, -siemens s7-300,,,,,PENTO,,, -siemens s7-300,,,,,pepper,,, -siemens s7-300,,,,,PEPPER,,, -siemens s7-300,,,,,pepsi,,, -siemens s7-300,,,,,PEPSI,,, -siemens s7-300,,,,,permit,,, -siemens s7-300,,,,,PERMIT,,, -siemens s7-300,,,,,personal,,, -siemens s7-300,,,,,PERSONAL,,, -siemens s7-300,,,,,pfsense,,, -siemens s7-300,,,,,PFSENSE,,, -siemens s7-300,,,,,photonix,,, -siemens s7-300,,,,,PHOTONIX,,, -siemens s7-300,,,,,pilou,,, -siemens s7-300,,,,,PILOU,,, -siemens s7-300,,,,,piranha,,, -siemens s7-300,,,,,PIRANHA,,, -siemens s7-300,,,,,plc,,, -siemens s7-300,,,,,PLC,,, -siemens s7-300,,,,,plcsim,,, -siemens s7-300,,,,,PLCSIM,,, -siemens s7-300,,,,,PlsChgMe,,, -siemens s7-300,,,,,poerty,,, -siemens s7-300,,,,,POERTY,,, -siemens s7-300,,,,,policy,,, -siemens s7-300,,,,,POLICY,,, -siemens s7-300,,,,,Posterie,,, -siemens s7-300,,,,,POSTERIE,,, -siemens s7-300,,,,,power,,, -siemens s7-300,,,,,POWER,,, -siemens s7-300,,,,,pp,,, -siemens s7-300,,,,,PP,,, -siemens s7-300,,,,,ppp,,, -siemens s7-300,,,,,PPP,,, -siemens s7-300,,,,,pppp,,, -siemens s7-300,,,,,PPPP,,, -siemens s7-300,,,,,ppppp,,, -siemens s7-300,,,,,PPPPP,,, -siemens s7-300,,,,,pppppp,,, -siemens s7-300,,,,,PPPPPP,,, -siemens s7-300,,,,,ppppppp,,, -siemens s7-300,,,,,PPPPPPP,,, -siemens s7-300,,,,,pppppppp,,, -siemens s7-300,,,,,PPPPPPPP,,, -siemens s7-300,,,,,princess,,, -siemens s7-300,,,,,PRINCESS,,, -siemens s7-300,,,,,private,,, -siemens s7-300,,,,,PRIVATE,,, -siemens s7-300,,,,,proddta,,, -siemens s7-300,,,,,PRODDTA,,, -siemens s7-300,,,,,profibus,,, -siemens s7-300,,,,,PROFIBUS,,, -siemens s7-300,,,,,Protector,,, -siemens s7-300,,,,,PROTECTOR,,, -siemens s7-300,,,,,protool,,, -siemens s7-300,,,,,PROTOOL,,, -siemens s7-300,,,,,public,,, -siemens s7-300,,,,,PUBLIC,,, -siemens s7-300,,,,,pusy,,, -siemens s7-300,,,,,PUSY,,, -siemens s7-300,,,,,pw123,,, -siemens s7-300,,,,,PW123,,, -siemens s7-300,,,,,pwd,,, -siemens s7-300,,,,,PWD,,, -siemens s7-300,,,,,q,,, -siemens s7-300,,,,,Q,,, -siemens s7-300,,,,,qawsed,,, -siemens s7-300,,,,,qq,,, -siemens s7-300,,,,,QQ,,, -siemens s7-300,,,,,qq520,,, -siemens s7-300,,,,,QQ520,,, -siemens s7-300,,,,,qqq,,, -siemens s7-300,,,,,QQQ,,, -siemens s7-300,,,,,qqqq,,, -siemens s7-300,,,,,QQQQ,,, -siemens s7-300,,,,,qqqqq,,, -siemens s7-300,,,,,QQQQQ,,, -siemens s7-300,,,,,qqqqqq,,, -siemens s7-300,,,,,QQQQQQ,,, -siemens s7-300,,,,,qqqqqqq,,, -siemens s7-300,,,,,QQQQQQQ,,, -siemens s7-300,,,,,qqqqqqqq,,, -siemens s7-300,,,,,QQQQQQQQ,,, -siemens s7-300,,,,,qwe,,, -siemens s7-300,,,,,qwer,,, -siemens s7-300,,,,,QWER,,, -siemens s7-300,,,,,QWERT,,, -siemens s7-300,,,,,qwerty,,, -siemens s7-300,,,,,QWERTY,,, -siemens s7-300,,,,,qwerty1,,, -siemens s7-300,,,,,qwertyu,,, -siemens s7-300,,,,,QWERTYU,,, -siemens s7-300,,,,,qwertyui,,, -siemens s7-300,,,,,QWERTYUI,,, -siemens s7-300,,,,,r,,, -siemens s7-300,,,,,R,,, -siemens s7-300,,,,,r@p8p0r+,,, -siemens s7-300,,,,,R1QTPS,,, -siemens s7-300,,,,,rade0n,,, -siemens s7-300,,,,,RADE0N,,, -siemens s7-300,,,,,RADEON,,, -siemens s7-300,,,,,radius,,, -siemens s7-300,,,,,RADIUS,,, -siemens s7-300,,,,,radware,,, -siemens s7-300,,,,,RADWARE,,, -siemens s7-300,,,,,rdfhnbhf,,, -siemens s7-300,,,,,RDFHNBHF,,, -siemens s7-300,,,,,recovery,,, -siemens s7-300,,,,,RECOVERY,,, -siemens s7-300,,,,,rego,,, -siemens s7-300,,,,,REGO,,, -siemens s7-300,,,,,remote,,, -siemens s7-300,,,,,REMOTE,,, -siemens s7-300,,,,,rip000,,, -siemens s7-300,,,,,RIP000,,, -siemens s7-300,,,,,rittal,,, -siemens s7-300,,,,,RITTAL,,, -siemens s7-300,,,,,robele,,, -siemens s7-300,,,,,ROBELLE,,, -siemens s7-300,,,,,root,,, -siemens s7-300,,,,,ROOT,,, -siemens s7-300,,,,,ROOT500,,, -siemens s7-300,,,,,router,,, -siemens s7-300,,,,,ROUTER,,, -siemens s7-300,,,,,rr,,, -siemens s7-300,,,,,RR,,, -siemens s7-300,,,,,rrr,,, -siemens s7-300,,,,,RRR,,, -siemens s7-300,,,,,rrrr,,, -siemens s7-300,,,,,RRRR,,, -siemens s7-300,,,,,rrrrr,,, -siemens s7-300,,,,,RRRRR,,, -siemens s7-300,,,,,rrrrrr,,, -siemens s7-300,,,,,RRRRRR,,, -siemens s7-300,,,,,rrrrrrr,,, -siemens s7-300,,,,,RRRRRRR,,, -siemens s7-300,,,,,rrrrrrrr,,, -siemens s7-300,,,,,RRRRRRRR,,, -siemens s7-300,,,,,rs4igoy,,, -siemens s7-300,,,,,RS4IGOY,,, -siemens s7-300,,,,,RSX,,, -siemens s7-300,,,,,rtyhn,,, -siemens s7-300,,,,,RTYHN,,, -siemens s7-300,,,,,run-p,,, -siemens s7-300,,,,,RUN-P,,, -siemens s7-300,,,,,russia,,, -siemens s7-300,,,,,RUSSIA,,, -siemens s7-300,,,,,rwmaint,,, -siemens s7-300,,,,,RWMAINT,,, -siemens s7-300,,,,,s,,, -siemens s7-300,,,,,S,,, -siemens s7-300,,,,,s7,,, -siemens s7-300,,,,,S7,,, -siemens s7-300,,,,,s7-300,,, -siemens s7-300,,,,,S7-300,,, -siemens s7-300,,,,,s7-400,,, -siemens s7-300,,,,,S7-400,,, -siemens s7-300,,,,,scout,,, -siemens s7-300,,,,,SCOUT,,, -siemens s7-300,,,,,search,,, -siemens s7-300,,,,,SEARCH,,, -siemens s7-300,,,,,secret,,, -siemens s7-300,,,,,SECRET,,, -siemens s7-300,,,,,secure,,, -siemens s7-300,,,,,SECURE,,, -siemens s7-300,,,,,security,,, -siemens s7-300,,,,,SECURITY,,, -siemens s7-300,,,,,sekret,,, -siemens s7-300,,,,,SEKRET,,, -siemens s7-300,,,,,Sensor,,, -siemens s7-300,,,,,serco,,, -siemens s7-300,,,,,SERCO,,, -siemens s7-300,,,,,serial#,,, -siemens s7-300,,,,,serovox,,, -siemens s7-300,,,,,SEROVOX,,, -siemens s7-300,,,,,server,,, -siemens s7-300,,,,,SERVER,,, -siemens s7-300,,,,,SESAME,,, -siemens s7-300,,,,,setherco,,, -siemens s7-300,,,,,SETHERCO,,, -siemens s7-300,,,,,setup,,, -siemens s7-300,,,,,SETUP,,, -siemens s7-300,,,,,sex,,, -siemens s7-300,,,,,SEX,,, -siemens s7-300,,,,,sgena,,, -siemens s7-300,,,,,SGENA,,, -siemens s7-300,,,,,sgilent,,, -siemens s7-300,,,,,SGILENT,,, -siemens s7-300,,,,,shadow,,, -siemens s7-300,,,,,SHADOW,,, -siemens s7-300,,,,,Sharp,,, -siemens s7-300,,,,,sicostart,,, -siemens s7-300,,,,,SICOSTART,,, -siemens s7-300,,,,,siemens,,, -siemens s7-300,,,,,SIEMENS,,, -siemens s7-300,,,,,simatic,,, -siemens s7-300,,,,,SIMATIC,,, -siemens s7-300,,,,,simens,,, -siemens s7-300,,,,,SIMENS,,, -siemens s7-300,,,,,simo,,, -siemens s7-300,,,,,SIMO,,, -siemens s7-300,,,,,simocode,,, -siemens s7-300,,,,,SIMOCODE,,, -siemens s7-300,,,,,simoreg,,, -siemens s7-300,,,,,SIMOREG,,, -siemens s7-300,,,,,simovert,,, -siemens s7-300,,,,,SIMOVERT,,, -siemens s7-300,,,,,simtec,,, -siemens s7-300,,,,,SIMTEC,,, -siemens s7-300,,,,,sirborn,,, -siemens s7-300,,,,,SIRBORN,,, -siemens s7-300,,,,,sitop,,, -siemens s7-300,,,,,SITOP,,, -siemens s7-300,,,,,SKY_FOX,,, -siemens s7-300,,,,,slave,,, -siemens s7-300,,,,,SLAVE,,, -siemens s7-300,,,,,slipknot,,, -siemens s7-300,,,,,SLIPKNOT,,, -siemens s7-300,,,,,SMDR,,, -siemens s7-300,,,,,smile,,, -siemens s7-300,,,,,SMILE,,, -siemens s7-300,,,,,smuser,,, -siemens s7-300,,,,,SMUSER,,, -siemens s7-300,,,,,snoopy,,, -siemens s7-300,,,,,SNOOPY,,, -siemens s7-300,,,,,soccer,,, -siemens s7-300,,,,,SOCCER,,, -siemens s7-300,,,,,solution,,, -siemens s7-300,,,,,SOLUTION,,, -siemens s7-300,,,,,SpIp,,, -siemens s7-300,,,,,ss,,, -siemens s7-300,,,,,SS,,, -siemens s7-300,,,,,SSA,,, -siemens s7-300,,,,,sss,,, -siemens s7-300,,,,,SSS,,, -siemens s7-300,,,,,ssss,,, -siemens s7-300,,,,,SSSS,,, -siemens s7-300,,,,,sssss,,, -siemens s7-300,,,,,SSSSS,,, -siemens s7-300,,,,,ssssss,,, -siemens s7-300,,,,,SSSSSS,,, -siemens s7-300,,,,,sssssss,,, -siemens s7-300,,,,,SSSSSSS,,, -siemens s7-300,,,,,ssssssss,,, -siemens s7-300,,,,,SSSSSSSS,,, -siemens s7-300,,,,,stan,,, -siemens s7-300,,,,,STAN,,, -siemens s7-300,,,,,star,,, -siemens s7-300,,,,,STAR,,, -siemens s7-300,,,,,starwar,,, -siemens s7-300,,,,,STARWAR,,, -siemens s7-300,,,,,step5,,, -siemens s7-300,,,,,STEP5,,, -siemens s7-300,,,,,step7,,, -siemens s7-300,,,,,STEP7,,, -siemens s7-300,,,,,stimpy,,, -siemens s7-300,,,,,STIMPY,,, -siemens s7-300,,,,,stl,,, -siemens s7-300,,,,,STL,,, -siemens s7-300,,,,,stop,,, -siemens s7-300,,,,,STOP,,, -siemens s7-300,,,,,ststic,,, -siemens s7-300,,,,,STSTIC,,, -siemens s7-300,,,,,summer,,, -siemens s7-300,,,,,SUMMER,,, -siemens s7-300,,,,,sunrise,,, -siemens s7-300,,,,,SUNRISE,,, -siemens s7-300,,,,,Super,,, -siemens s7-300,,,,,superid,,, -siemens s7-300,,,,,SUPERID,,, -siemens s7-300,,,,,superman,,, -siemens s7-300,,,,,SUPERMAN,,, -siemens s7-300,,,,,support,,, -siemens s7-300,,,,,SUPPORT,,, -siemens s7-300,,,,,surt,,, -siemens s7-300,,,,,SURT,,, -siemens s7-300,,,,,switch,,, -siemens s7-300,,,,,SWITCH,,, -siemens s7-300,,,,,sybase,,, -siemens s7-300,,,,,SYBASE,,, -siemens s7-300,,,,,Symbol,,, -siemens s7-300,,,,,SYMBOL,,, -siemens s7-300,,,,,synnet,,, -siemens s7-300,,,,,SYNNET,,, -siemens s7-300,,,,,sysadm,,, -siemens s7-300,,,,,SYSADM,,, -siemens s7-300,,,,,SYSDISC,,, -siemens s7-300,,,,,sysdisk,,, -siemens s7-300,,,,,system,,, -siemens s7-300,,,,,SYSTEM,,, -siemens s7-300,,,,,t,,, -siemens s7-300,,,,,T,,, -siemens s7-300,,,,,talent,,, -siemens s7-300,,,,,TALENT,,, -siemens s7-300,,,,,TALINUZ,,, -siemens s7-300,,,,,talisman,,, -siemens s7-300,,,,,TALISMAN,,, -siemens s7-300,,,,,TANDBERG,,, -siemens s7-300,,,,,TCH,,, -siemens s7-300,,,,,tech,,, -siemens s7-300,,,,,TECH,,, -siemens s7-300,,,,,telco,,, -siemens s7-300,,,,,TELCO,,, -siemens s7-300,,,,,telecom,,, -siemens s7-300,,,,,Telecom,,, -siemens s7-300,,,,,TELECOM,,, -siemens s7-300,,,,,telesup,,, -siemens s7-300,,,,,TELESUP,,, -siemens s7-300,,,,,tellabs#1,,, -siemens s7-300,,,,,telus,,, -siemens s7-300,,,,,TELUS,,, -siemens s7-300,,,,,temp,,, -siemens s7-300,,,,,TEMP,,, -siemens s7-300,,,,,temp123,,, -siemens s7-300,,,,,TEMP123,,, -siemens s7-300,,,,,test,,, -siemens s7-300,,,,,TEST,,, -siemens s7-300,,,,,test123,,, -siemens s7-300,,,,,TEST123,,, -siemens s7-300,,,,,thomas,,, -siemens s7-300,,,,,Thomas,,, -siemens s7-300,,,,,THOMAS,,, -siemens s7-300,,,,,tiaranet,,, -siemens s7-300,,,,,TIARANET,,, -siemens s7-300,,,,,tiger123,,, -siemens s7-300,,,,,TIGER123,,, -siemens s7-300,,,,,timely,,, -siemens s7-300,,,,,TIMELY,,, -siemens s7-300,,,,,tini,,, -siemens s7-300,,,,,TINI,,, -siemens s7-300,,,,,tivonpw,,, -siemens s7-300,,,,,TIVONPW,,, -siemens s7-300,,,,,tjm,,, -siemens s7-300,,,,,TJM,,, -siemens s7-300,,,,,tlah,,, -siemens s7-300,,,,,TLAH,,, -siemens s7-300,,,,,toolset,,, -siemens s7-300,,,,,TOOLSET,,, -siemens s7-300,,,,,trancell,,, -siemens s7-300,,,,,TRANCELL,,, -siemens s7-300,,,,,tratata,,, -siemens s7-300,,,,,TRATATA,,, -siemens s7-300,,,,,tslinux,,, -siemens s7-300,,,,,TSLINUX,,, -siemens s7-300,,,,,tt,,, -siemens s7-300,,,,,TT,,, -siemens s7-300,,,,,ttt,,, -siemens s7-300,,,,,TTT,,, -siemens s7-300,,,,,tttt,,, -siemens s7-300,,,,,TTTT,,, -siemens s7-300,,,,,ttttt,,, -siemens s7-300,,,,,TTTTT,,, -siemens s7-300,,,,,tttttt,,, -siemens s7-300,,,,,TTTTTT,,, -siemens s7-300,,,,,ttttttt,,, -siemens s7-300,,,,,TTTTTTT,,, -siemens s7-300,,,,,tttttttt,,, -siemens s7-300,,,,,TTTTTTTT,,, -siemens s7-300,,,,,tuborg,,, -siemens s7-300,,,,,TUBORG,,, -siemens s7-300,,,,,tuxalize,,, -siemens s7-300,,,,,TUXALIZE,,, -siemens s7-300,,,,,tx100,,, -siemens s7-300,,,,,TX100,,, -siemens s7-300,,,,,u,,, -siemens s7-300,,,,,U,,, -siemens s7-300,,,,,uplink,,, -siemens s7-300,,,,,UPLINK,,, -siemens s7-300,,,,,user,,, -siemens s7-300,,,,,USER,,, -siemens s7-300,,,,,uu,,, -siemens s7-300,,,,,UU,,, -siemens s7-300,,,,,uuu,,, -siemens s7-300,,,,,UUU,,, -siemens s7-300,,,,,uuuu,,, -siemens s7-300,,,,,UUUU,,, -siemens s7-300,,,,,uuuuu,,, -siemens s7-300,,,,,UUUUU,,, -siemens s7-300,,,,,uuuuuu,,, -siemens s7-300,,,,,UUUUUU,,, -siemens s7-300,,,,,uuuuuuu,,, -siemens s7-300,,,,,UUUUUUU,,, -siemens s7-300,,,,,uuuuuuuu,,, -siemens s7-300,,,,,UUUUUUUU,,, -siemens s7-300,,,,,v,,, -siemens s7-300,,,,,V,,, -siemens s7-300,,,,,vesoft,,, -siemens s7-300,,,,,VESOFT,,, -siemens s7-300,,,,,visual,,, -siemens s7-300,,,,,VISUAL,,, -siemens s7-300,,,,,vjqgfhjkm,,, -siemens s7-300,,,,,VJQGFHJKM,,, -siemens s7-300,,,,,vodka,,, -siemens s7-300,,,,,VODKA,,, -siemens s7-300,,,,,volition,,, -siemens s7-300,,,,,VOLITION,,, -siemens s7-300,,,,,vv,,, -siemens s7-300,,,,,VV,,, -siemens s7-300,,,,,vvv,,, -siemens s7-300,,,,,VVV,,, -siemens s7-300,,,,,vvvv,,, -siemens s7-300,,,,,VVVV,,, -siemens s7-300,,,,,vvvvv,,, -siemens s7-300,,,,,VVVVV,,, -siemens s7-300,,,,,vvvvvv,,, -siemens s7-300,,,,,VVVVVV,,, -siemens s7-300,,,,,vvvvvvv,,, -siemens s7-300,,,,,VVVVVVV,,, -siemens s7-300,,,,,vvvvvvvv,,, -siemens s7-300,,,,,VVVVVVVV,,, -siemens s7-300,,,,,w,,, -siemens s7-300,,,,,W,,, -siemens s7-300,,,,,W9F3,,, -siemens s7-300,,,,,webadmin,,, -siemens s7-300,,,,,WEBADMIN,,, -siemens s7-300,,,,,win,,, -siemens s7-300,,,,,WIN,,, -siemens s7-300,,,,,wincc,,, -siemens s7-300,,,,,WINCC,,, -siemens s7-300,,,,,winterm,,, -siemens s7-300,,,,,WINTERM,,, -siemens s7-300,,,,,Wireless,,, -siemens s7-300,,,,,WIRELESS,,, -siemens s7-300,,,,,wizard,,, -siemens s7-300,,,,,WIZARD,,, -siemens s7-300,,,,,wlsedb,,, -siemens s7-300,,,,,WLSEDB,,, -siemens s7-300,,,,,wolf,,, -siemens s7-300,,,,,WONF,,, -siemens s7-300,,,,,ww,,, -siemens s7-300,,,,,WW,,, -siemens s7-300,,,,,www,,, -siemens s7-300,,,,,WWW,,, -siemens s7-300,,,,,wwww,,, -siemens s7-300,,,,,WWWW,,, -siemens s7-300,,,,,wwwww,,, -siemens s7-300,,,,,WWWWW,,, -siemens s7-300,,,,,wwwwww,,, -siemens s7-300,,,,,WWWWWW,,, -siemens s7-300,,,,,wwwwwww,,, -siemens s7-300,,,,,WWWWWWW,,, -siemens s7-300,,,,,wwwwwwww,,, -siemens s7-300,,,,,WWWWWWWW,,, -siemens s7-300,,,,,wyse,,, -siemens s7-300,,,,,WYSE,,, -siemens s7-300,,,,,x,,, -siemens s7-300,,,,,X,,, -siemens s7-300,,,,,x40rocks,,, -siemens s7-300,,,,,X40ROCKS,,, -siemens s7-300,,,,,x-admin,,, -siemens s7-300,,,,,X-ADMIN,,, -siemens s7-300,,,,,xbox,,, -siemens s7-300,,,,,XBOX,,, -siemens s7-300,,,,,xlserver,,, -siemens s7-300,,,,,XLSERVER,,, -siemens s7-300,,,,,xx,,, -siemens s7-300,,,,,XX,,, -siemens s7-300,,,,,xxx,,, -siemens s7-300,,,,,XXX,,, -siemens s7-300,,,,,xxxx,,, -siemens s7-300,,,,,XXXX,,, -siemens s7-300,,,,,xxxxx,,, -siemens s7-300,,,,,XXXXX,,, -siemens s7-300,,,,,xxxxxx,,, -siemens s7-300,,,,,XXXXXX,,, -siemens s7-300,,,,,xxxxxxx,,, -siemens s7-300,,,,,XXXXXXX,,, -siemens s7-300,,,,,xxxxxxxx,,, -siemens s7-300,,,,,XXXXXXXX,,, -siemens s7-300,,,,,xxyyzz,,, -siemens s7-300,,,,,XXYYZZ,,, -siemens s7-300,,,,,y,,, -siemens s7-300,,,,,Y,,, -siemens s7-300,,,,,yxcv,,, -siemens s7-300,,,,,YXCV,,, -siemens s7-300,,,,,yy,,, -siemens s7-300,,,,,YY,,, -siemens s7-300,,,,,yyy,,, -siemens s7-300,,,,,YYY,,, -siemens s7-300,,,,,yyyy,,, -siemens s7-300,,,,,YYYY,,, -siemens s7-300,,,,,yyyyy,,, -siemens s7-300,,,,,YYYYY,,, -siemens s7-300,,,,,yyyyyy,,, -siemens s7-300,,,,,YYYYYY,,, -siemens s7-300,,,,,yyyyyyy,,, -siemens s7-300,,,,,YYYYYYY,,, -siemens s7-300,,,,,yyyyyyyy,,, -siemens s7-300,,,,,YYYYYYYY,,, -siemens s7-300,,,,,z,,, -siemens s7-300,,,,,Z,,, -siemens s7-300,,,,,z0ne,,, -siemens s7-300,,,,,Z0NE,,, -siemens s7-300,,,,,zettler,,, -siemens s7-300,,,,,ZETTLER,,, -siemens s7-300,,,,,zippo,,, -siemens s7-300,,,,,ZIPPO,,, -siemens s7-300,,,,,zone,,, -siemens s7-300,,,,,ZONE,,, -siemens s7-300,,,,,zoomadsl,,, -siemens s7-300,,,,,ZOOMADSL,,, -siemens s7-300,,,,,zorro,,, -siemens s7-300,,,,,ZORRO,,, -siemens s7-300,,,,,zorromen,,, -siemens s7-300,,,,,ZORROMEN,,, -siemens s7-300,,,,,zxc,,, -siemens s7-300,,,,,ZXC,,, -siemens s7-300,,,,,zxcv,,, -siemens s7-300,,,,,ZXCV,,, -siemens s7-300,,,,,zxcvb,,, -siemens s7-300,,,,,ZXCVB,,, -siemens s7-300,,,,,zxcvbn,,, -siemens s7-300,,,,,ZXCVBN,,, -siemens s7-300,,,,,zxcvbnm,,, -siemens s7-300,,,,,ZXCVBNM,,, -siemens s7-300,,,,,zxcvbnm,,,, -siemens s7-300,,,,,ZXCVBNM,,,, -siemens s7-300,,,,,zz,,, -siemens s7-300,,,,,ZZ,,, -siemens s7-300,,,,,zzz,,, -siemens s7-300,,,,,ZZZ,,, -siemens s7-300,,,,,zzzz,,, -siemens s7-300,,,,,ZZZZ,,, -siemens s7-300,,,,,zzzzz,,, -siemens s7-300,,,,,ZZZZZ,,, -siemens s7-300,,,,,zzzzzz,,, -siemens s7-300,,,,,ZZZZZZ,,, -siemens s7-300,,,,,zzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZ,,, -siemens s7-300,,,,,zzzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZZ,,, From 027a8e97d813584358e7f5fa134c473f8576a7d1 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 18 Jun 2015 23:19:55 +0200 Subject: [PATCH 32/33] attempt at '-e r' UTF support --- hydra.c | 41 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index 52d7609..a9a813c 100644 --- a/hydra.c +++ b/hydra.c @@ -1656,16 +1656,51 @@ void hydra_increase_fail_count(int target_no, int head_no) { } char *hydra_reverse_login(int head_no, char *login) { - int i, j = strlen(login); + int i, j; + char *start, *pos; + unsigned char keep; + + if (login == NULL || (j = strlen(login)) < 1) + return empty_login; if (j > 248) j = 248; - else if (j == 0) - return empty_login; + for (i = 0; i < j; i++) hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; hydra_heads[head_no]->reverse[j] = 0; + // UTF stuff now + start = hydra_heads[head_no]->reverse; + pos = start + j; + + while(start < --pos) { + switch( (*pos & 0xF0) >> 4 ) { + case 0xF: /* U+010000-U+10FFFF: four bytes. */ + keep = *pos; + *pos = *(pos-3); + *(pos-3) = keep; + keep = *(pos-1); + *(pos-1) = *(pos-2); + *(pos-2) = keep; + pos -= 3; + break; + case 0xE: /* U+000800-U+00FFFF: three bytes. */ + keep = *pos; + *pos = *(pos-2); + *(pos-2) = keep; + pos -= 2; + break; + case 0xC: /* fall-through */ + case 0xD: /* U+000080-U+0007FF: two bytes. */ + keep = *pos; + *pos = *(pos-1); + *(pos-1) = keep; + pos--; + break; + } + } + return hydra_heads[head_no]->reverse; } From ed7a82317583803c1d5bc37654584d2f121ae195 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 25 Jun 2015 09:53:17 +0200 Subject: [PATCH 33/33] readability --- hydra-mod.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index 38369b4..f8731f0 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1209,16 +1209,20 @@ char *hydra_string_replace(const char *string, const char *substr, const char *r char *tok = NULL; char *newstr = NULL; + if (string == NULL) + return NULL; + if (substr == NULL || replacement == NULL) + return strdup(string); tok = strstr(string, substr); if (tok == NULL) return strdup(string); - newstr = malloc(strlen(string) - strlen(substr) + strlen(replacement) + 1); + newstr = malloc(strlen(string) - strlen(substr) + strlen(replacement) + 2); if (newstr == NULL) return NULL; + memset(newstr, 0, strlen(string) - strlen(substr) + strlen(replacement) + 2); memcpy(newstr, string, tok - string); memcpy(newstr + (tok - string), replacement, strlen(replacement)); memcpy(newstr + (tok - string) + strlen(replacement), tok + strlen(substr), strlen(string) - strlen(substr) - (tok - string)); - memset(newstr + strlen(string) - strlen(substr) + strlen(replacement), 0, 1); return newstr; }