From 1658f4926fbb2a732d08f250a14204423a37dae1 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 7 Oct 2019 14:20:02 +0200 Subject: [PATCH 001/223] it look like github wants to drive me mad --- bfg.c | 32 +++++++++++++++++++++++++++++--- bfg.h | 3 ++- hydra.c | 11 ++++++++--- hydra.h | 1 + 4 files changed, 40 insertions(+), 7 deletions(-) diff --git a/bfg.c b/bfg.c index a3a1dad..a19fcfa 100644 --- a/bfg.c +++ b/bfg.c @@ -52,6 +52,7 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { + bf_options.rain = 0; int32_t i = 0; int32_t crs_len = 0; char flags = 0; @@ -189,8 +190,17 @@ uint64_t bf_get_pcount() { return foo; } +int accu(int value) +{ + int sum = 0; + for(int i=1; i<=value; ++i) + { + sum+=i; + } + return sum; +} -char *bf_next() { +char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) @@ -200,9 +210,25 @@ char *bf_next() { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } + + if(rainy) + { + for (i = 0; i < bf_options.current; i++){ + bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; + bf_options.rain += i+1; + } + if(bf_options.crs_len%10 == 0) + bf_options.rain-=accu(bf_options.current)-2; + else if(bf_options.crs_len%2 == 0) + bf_options.rain-=accu(bf_options.current)-4; + else if(bf_options.crs_len%2) + bf_options.rain-=accu(bf_options.current)-1; - for (i = 0; i < bf_options.current; i++) - bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + } + else + for (i = 0; i < bf_options.current; i++) + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + bf_options.ptr[bf_options.current] = 0; if (debug) { diff --git a/bfg.h b/bfg.h index 2ac5f49..132571b 100644 --- a/bfg.h +++ b/bfg.h @@ -41,6 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; + unsigned long rain; } bf_option; extern bf_option bf_options; @@ -48,7 +49,7 @@ extern bf_option bf_options; #ifdef HAVE_MATH_H extern uint64_t bf_get_pcount(); extern int32_t bf_init(char *arg); -extern char *bf_next(); +extern char *bf_next(_Bool rainy); #endif #endif diff --git a/hydra.c b/hydra.c index d3f7430..6f2b497 100644 --- a/hydra.c +++ b/hydra.c @@ -337,6 +337,7 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; +bool rainy = false; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -482,6 +483,7 @@ void help(int32_t ext) { "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" + " -r in conjonction with -x, use rain algorythm\n" " -I ignore an existing restore file (don't wait 10 seconds)\n" #ifdef LIBOPENSSL " -S perform an SSL connect\n" @@ -1745,7 +1747,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { #ifndef HAVE_MATH_H sleep(1); #else - hydra_targets[target_no]->pass_ptr = bf_next(); + hydra_targets[target_no]->pass_ptr = bf_next(hydra_options.rainy); if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif @@ -2229,7 +2231,7 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { switch (i) { case 'h': help(1); @@ -2256,6 +2258,9 @@ int main(int argc, char *argv[]) { hydra_options.restore = 1; hydra_restore_read(); break; + case 'r': + hydra_options.rainy = true; + break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! break; @@ -3267,7 +3272,7 @@ int main(int argc, char *argv[]) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(); + pass_ptr = bf_next(hydra_options.rainy); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; #else diff --git a/hydra.h b/hydra.h index 0d47f0f..1aa04a2 100644 --- a/hydra.h +++ b/hydra.h @@ -221,6 +221,7 @@ typedef struct { char *service; char bfg; int32_t skip_redo; + _Bool rainy; } hydra_option; #define _HYDRA_H From ab4aa36fd0014930751fe178e2efbbbf100bac24 Mon Sep 17 00:00:00 2001 From: owein Date: Sun, 20 Oct 2019 23:26:44 +0200 Subject: [PATCH 002/223] rolled back head_init for http-post-form, still an issue with the display --- hydra-http-form.c | 12 ++++-------- hydra.c | 8 ++++---- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 1ac8721..65e54c3 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1261,18 +1261,14 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; + + cond = ptr; - if ((ptr2 = rindex(ptr, ':')) != NULL) { - cond = ptr2 + 1; - *ptr2 = 0; - } else - cond = ptr; -/* while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; -*/ + optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1314,7 +1310,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - //printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. diff --git a/hydra.c b/hydra.c index 6f2b497..7d2decc 100644 --- a/hydra.c +++ b/hydra.c @@ -337,7 +337,6 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; -bool rainy = false; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -483,7 +482,6 @@ void help(int32_t ext) { "[service://server[:PORT][/OPT]]\n"); PRINT_NORMAL(ext, "\nOptions:\n"); PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" - " -r in conjonction with -x, use rain algorythm\n" " -I ignore an existing restore file (don't wait 10 seconds)\n" #ifdef LIBOPENSSL " -S perform an SSL connect\n" @@ -495,6 +493,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -2224,6 +2223,7 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; + hydra_options.rainy = 0; bf_options.disable_symbols = 0; // command line processing @@ -2259,7 +2259,7 @@ int main(int argc, char *argv[]) { hydra_restore_read(); break; case 'r': - hydra_options.rainy = true; + hydra_options.rainy = 1; break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! @@ -3204,7 +3204,7 @@ int main(int argc, char *argv[]) { hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } From 6dfd77a37d04e167a1dafbb2b2f5e21aa7dd31f8 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 21 Oct 2019 20:11:38 +0200 Subject: [PATCH 003/223] fixed http-post --- bfg.c | 16 +++++++--------- bfg.h | 2 +- hydra-http-form.c | 31 +++++++++---------------------- hydra.c | 7 +++---- 4 files changed, 20 insertions(+), 36 deletions(-) diff --git a/bfg.c b/bfg.c index a19fcfa..2ff9f9f 100644 --- a/bfg.c +++ b/bfg.c @@ -192,12 +192,12 @@ uint64_t bf_get_pcount() { int accu(int value) { - int sum = 0; - for(int i=1; i<=value; ++i) - { - sum+=i; - } - return sum; + int i = 0; + for(int a=1; a<=value; ++a) + { + i+=a; + } + return i; } char *bf_next(_Bool rainy) { @@ -210,7 +210,7 @@ char *bf_next(_Bool rainy) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } - + if(rainy) { for (i = 0; i < bf_options.current; i++){ @@ -223,12 +223,10 @@ char *bf_next(_Bool rainy) { bf_options.rain-=accu(bf_options.current)-4; else if(bf_options.crs_len%2) bf_options.rain-=accu(bf_options.current)-1; - } else for (i = 0; i < bf_options.current; i++) bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; - bf_options.ptr[bf_options.current] = 0; if (debug) { diff --git a/bfg.h b/bfg.h index 132571b..ab2f5e4 100644 --- a/bfg.h +++ b/bfg.h @@ -41,7 +41,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - unsigned long rain; + uint64_t rain; /* accumulator for the rain */ } bf_option; extern bf_option bf_options; diff --git a/hydra-http-form.c b/hydra-http-form.c index 65e54c3..04260a4 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1250,26 +1250,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { webport = PORT_HTTP_SSL; sprintf(bufferurl, "%.6096s", miscptr); - url = bufferurl; - ptr = url; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - variables = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; + ptr = bufferurl; + url = strtok(ptr, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...) - cond = ptr; - - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - - optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1309,9 +1296,9 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { //by default condition is a fail success_cond = 0; } - - printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); - + + fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + /* * Parse the user-supplied options. * Beware of the backslashes (\)! diff --git a/hydra.c b/hydra.c index 7d2decc..a7fc7bb 100644 --- a/hydra.c +++ b/hydra.c @@ -493,7 +493,6 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -556,6 +555,7 @@ void help_bfg() { " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n\n" + " -r use 'rain' to explode the linearity of the generation. "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" @@ -3053,7 +3053,6 @@ int main(int argc, char *argv[]) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } - if (strstr(hydra_options.miscptr, "\\:") != NULL) { fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); } else { @@ -3075,7 +3074,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); exit(-1); } - switch (optional1[0]) { + switch (optional1[0]){ case 'C': // fall through case 'c': if (optional1[1] != '=' || optional1[2] != '/') { @@ -3204,7 +3203,7 @@ int main(int argc, char *argv[]) { hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL )) { - fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?! If you really need to bruteforce gmail, connect to pop3s://smtp.gmail.com\n"); + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and hydra detection and sends false positives. You are not doing anything illegal right?!\n"); fprintf(stderr, "[WARNING] !read the above!\n"); sleep(5); } From b34655617fee2b4e043211882bac26a8a4529a16 Mon Sep 17 00:00:00 2001 From: owein Date: Mon, 21 Oct 2019 20:37:25 +0200 Subject: [PATCH 004/223] !!! I did not test the escapes in the miscptr !!! --- hydra-http-form.c | 6 +++--- hydra.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 04260a4..e91db03 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1255,8 +1255,8 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { variables = strtok(NULL, ":"); cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); - if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set "" (don't know the difference...) - + if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set to blank + if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1297,7 +1297,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + //fprintf(stderr, "miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. diff --git a/hydra.c b/hydra.c index a7fc7bb..e4fa4e7 100644 --- a/hydra.c +++ b/hydra.c @@ -493,6 +493,7 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" + " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); From ccd3a99765a92b96ec0d1e3b0117cfdeb40d25b6 Mon Sep 17 00:00:00 2001 From: owein Date: Tue, 19 Nov 2019 16:49:54 +0100 Subject: [PATCH 005/223] rolled back the http-form parameters parsing. help for bfg's rain is in bfg's help now --- hydra-http-form.c | 23 +++++++++++++++++------ hydra.c | 5 ++--- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index e91db03..c6f3a24 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1250,12 +1250,23 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { webport = PORT_HTTP_SSL; sprintf(bufferurl, "%.6096s", miscptr); - ptr = bufferurl; - url = strtok(ptr, ":"); - variables = strtok(NULL, ":"); - cond = strtok(NULL, ":"); - optional1 = strtok(NULL, "\n"); - if(optional1 == NULL) optional1 = "";//will crash if NULL or 0, so set to blank + url = bufferurl; + ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + cond = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { diff --git a/hydra.c b/hydra.c index e4fa4e7..6c58f58 100644 --- a/hydra.c +++ b/hydra.c @@ -493,7 +493,6 @@ void help(int32_t ext) { #ifdef HAVE_MATH_H " -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n" " -y disable use of symbols in bruteforce, see above\n" - " -r rainy mode for password generation (-x)\n" #endif " -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n" " -u loop around users, not passwords (effective! implied with -x)\n"); @@ -555,8 +554,8 @@ void help_bfg() { " valid CHARSET values are: 'a' for lowercase letters,\n" " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" - " -y disable the use of the above letters as placeholders\n\n" - " -r use 'rain' to explode the linearity of the generation. + " -y disable the use of the above letters as placeholders\n" + " -r use a formula to explode the linearity of the generation, without loss.\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" From 79fa70cfdbb179caa35eba5b07619407a68c0bd7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 2 Aug 2020 07:12:19 +0200 Subject: [PATCH 006/223] fix with gcc10 and overriden CFLAGS --- Makefile.am | 2 +- hydra-gtk/Makefile.in | 3 ++- hydra-gtk/src/Makefile.in | 2 +- hydra-gtk/src/main.c | 5 ++++- hydra-gtk/src/support.h | 6 +++--- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Makefile.am b/Makefile.am index 9d349c2..1c915f1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition # -Wall -g -pedantic LIBS=-lm DESTDIR ?= diff --git a/hydra-gtk/Makefile.in b/hydra-gtk/Makefile.in index 4085f85..c29f5fa 100644 --- a/hydra-gtk/Makefile.in +++ b/hydra-gtk/Makefile.in @@ -62,7 +62,8 @@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition -PACKAGE_LIBS = @PACKAGE_LIBS@ +PACKAGE_LDFLAGS = -fcommon -Wl,--allow-multiple-definition +PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra-gtk/src/Makefile.in b/hydra-gtk/src/Makefile.in index d2ff022..1ed2b96 100644 --- a/hydra-gtk/src/Makefile.in +++ b/hydra-gtk/src/Makefile.in @@ -62,7 +62,7 @@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition -PACKAGE_LIBS = @PACKAGE_LIBS@ +PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c index 03c5f21..72d6dd7 100644 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -18,8 +18,11 @@ char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; +GtkWidget *wndMain; +char *HYDRA_BIN; +guint message_id; + int main(int argc, char *argv[]) { - extern GtkWidget *wndMain; int i; extern guint message_id; GtkWidget *output; diff --git a/hydra-gtk/src/support.h b/hydra-gtk/src/support.h index bd88545..f1f7bbb 100644 --- a/hydra-gtk/src/support.h +++ b/hydra-gtk/src/support.h @@ -37,6 +37,6 @@ GdkPixbuf *create_pixbuf(const gchar *filename); /* This is used to set ATK action descriptions. */ void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description); -GtkWidget *wndMain; -char *HYDRA_BIN; -guint message_id; +extern GtkWidget *wndMain; +extern char *HYDRA_BIN; +extern guint message_id; From 84e765d3a99d0e9046050822f5e6c7f93245641d Mon Sep 17 00:00:00 2001 From: maaaaz Date: Sun, 16 Aug 2020 04:10:38 -0400 Subject: [PATCH 007/223] msys support --- configure | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure b/configure index 19d8516..ae81322 100755 --- a/configure +++ b/configure @@ -157,8 +157,8 @@ fi if [ -d "/Library/Developer/CommandLineTools/usr/lib" ]; then LIBDIRS="$LIBDIRS /Library/Developer/CommandLineTools/usr/lib /Library/Developer/CommandLineTools/lib" fi -LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib" -INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include" +LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib /mingw64/lib /mingw64/bin" +INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include /mingw64/include" if [ -n "$PREFIX" ]; then if [ -d "$PREFIX/lib" ]; then LIBDIRS="$LIBDIRS $PREFIX/lib" @@ -445,7 +445,7 @@ echo "Checking for Postgres (libpq/libpq-fe.h) ..." done POSTGRES_IPATH= for i in $INCDIRS \ - /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include + /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include /mingw64/include do if [ "X" = "X$POSTGRES_IPATH" ]; then if [ -f "$i/libpq-fe.h" ]; then @@ -1761,9 +1761,9 @@ cat Makefile.in >> Makefile # ignore errors if this uname call fails ### Current Cygwin is up to speed :-) WINDRES="" -if [ "$SYSO" = "Cygwin" ]; then +if [ "$SYSO" = "Cygwin" -o "$SYSO" = "Msys" ]; then echo - echo "Cygwin detected, if compilation fails just update your installation." + echo "Cygwin/MSYS2 detected, if compilation fails just update your installation." echo WINDRES=`which windres` test -x "$WINDRES" && { From 3742af00bb76fc14c5e53ba6e5c4e832986d4857 Mon Sep 17 00:00:00 2001 From: owein Date: Wed, 9 Sep 2020 18:34:40 +0200 Subject: [PATCH 008/223] rebranded the bruteforce variation method --- Makefile | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- bfg.c | 34 ++++++++++++--------- bfg.h | 4 ++- 3 files changed, 112 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 372e67e..472a20f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,93 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H +XLIBS= -lz -lssl -lssh -lcrypto +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro + +# +# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC +# +OPTS=-I. -O3 -march=native -flto +# -Wall -g -pedantic +LIBS=-lm +BINDIR = /bin +MANDIR ?= /man/man1/ +DATADIR ?= /etc +DESTDIR ?= + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile + diff --git a/bfg.c b/bfg.c index 2ff9f9f..aaa1f73 100644 --- a/bfg.c +++ b/bfg.c @@ -52,12 +52,13 @@ static int32_t add_single_char(char ch, char flags, int32_t* crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { - bf_options.rain = 0; + bf_options.rotate = 0; + bf_options.strafe = 0; int32_t i = 0; int32_t crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); - + if (!tmp) { fprintf(stderr, "Error: Invalid option format for -x\n"); return 1; @@ -163,10 +164,11 @@ int32_t bf_init(char *arg) { } } } - + bf_options.crs_len = crs_len; bf_options.current = bf_options.from; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + if (debug) printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); @@ -192,10 +194,10 @@ uint64_t bf_get_pcount() { int accu(int value) { - int i = 0; - for(int a=1; a<=value; ++a) + int i = 0, a; + for(a = 1; a <= value; ++a) { - i+=a; + i += a; } return i; } @@ -213,16 +215,18 @@ char *bf_next(_Bool rainy) { if(rainy) { - for (i = 0; i < bf_options.current; i++){ - bf_options.ptr[i] = bf_options.crs[(bf_options.state[i]+bf_options.rain)%bf_options.crs_len]; - bf_options.rain += i+1; + #if(mpl < 5) + #define strafeValue i + #else + #define strafeValue (strafe[loop]+i-(i%2)*(1-mpl%2)-1+charcount%2)%mpl + #endif + + for(i=0; i Date: Wed, 9 Sep 2020 18:38:07 +0200 Subject: [PATCH 009/223] help menu ok --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 6c58f58..f60a22d 100644 --- a/hydra.c +++ b/hydra.c @@ -555,7 +555,7 @@ void help_bfg() { " 'A' for uppercase letters, '1' for numbers, and for all others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n" - " -r use a formula to explode the linearity of the generation, without loss.\n\n" + " -r use a method to delinearize the bruteforce.\n\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" From fd8e83d0b1c04da4189a6d2a9f1c00e5206fc64d Mon Sep 17 00:00:00 2001 From: owein Date: Wed, 9 Sep 2020 21:36:30 +0200 Subject: [PATCH 010/223] done --- bfg.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/bfg.c b/bfg.c index aaa1f73..d27669e 100644 --- a/bfg.c +++ b/bfg.c @@ -1,5 +1,6 @@ -/* code original by Jan Dlabal , partially rewritten by vh */ +/* code original by Jan Dlabal , partially rewritten by vh, + rainy tweaks by yvain douard*/ #include #include @@ -192,15 +193,6 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) -{ - int i = 0, a; - for(a = 1; a <= value; ++a) - { - i += a; - } - return i; -} char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; @@ -215,18 +207,22 @@ char *bf_next(_Bool rainy) { if(rainy) { - #if(mpl < 5) - #define strafeValue i - #else - #define strafeValue (strafe[loop]+i-(i%2)*(1-mpl%2)-1+charcount%2)%mpl - #endif - + int strafeValue; for(i=0; i 4) { + if(bf_options.current % 2) + strafeValue = (bf_options.strafe+i)%bf_options.current; + else + strafeValue = strafeValue = (i+bf_options.current/2+3)%bf_options.current; + } + else + strafeValue = i; + bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeValue] + bf_options.rotate) % bf_options.crs_len]; - bf_options.rotate += i%2+1; + bf_options.rotate += 1; bf_options.strafe += 3; } - bf_options.rotate -= accu(bf_options.current); + bf_options.rotate -= bf_options.current - 2 + bf_options.crs_len % 2; } else for (i = 0; i < bf_options.current; i++) @@ -243,6 +239,8 @@ char *bf_next(_Bool rainy) { while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; + bf_options.strafe = 0; + bf_options.rotate = 0; } if (pos < 0) { From a6a87f11f43c7a5207b451363fe81a5310672d15 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 10:57:06 +0200 Subject: [PATCH 011/223] fixed rotation broken due to a typo. --- bfg.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/bfg.c b/bfg.c index d27669e..896b307 100644 --- a/bfg.c +++ b/bfg.c @@ -207,22 +207,26 @@ char *bf_next(_Bool rainy) { if(rainy) { - int strafeValue; + int mpldisp = bf_options.current/2+3; + int mplmod2 = bf_options.current % 2; + int strafeIndex; for(i=0; i 4) { - if(bf_options.current % 2) - strafeValue = (bf_options.strafe+i)%bf_options.current; - else - strafeValue = strafeValue = (i+bf_options.current/2+3)%bf_options.current; - } - else - strafeValue = i; - - bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeValue] + bf_options.rotate) % bf_options.crs_len]; - bf_options.rotate += 1; + if(mplmod2) strafeIndex = (strafe[loop]+i)%bf_options.current; + else strafeIndex = (i+mpldisp)%bf_options.current; + + bf_options.ptr[i] = bf_options.crs[(bf_options.state[strafeIndex] + bf_options.rotate) % bf_options.crs_len]; + bf_options.rotate += i+1; bf_options.strafe += 3; } - bf_options.rotate -= bf_options.current - 2 + bf_options.crs_len % 2; + #define accu(i) \ + do { \ + int j; \ + for(j=1; j<=i; ++j) k += j; \ + } while(0) + + int k = 0; + accu(mpl); + bf_options.rotate[loop] -= k-4; } else for (i = 0; i < bf_options.current; i++) From 2514335bf98510dfc7bef889c84b467958c1c243 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 12:45:35 +0200 Subject: [PATCH 012/223] clean --- Makefile | 92 ++------------------------------------------------------ 1 file changed, 2 insertions(+), 90 deletions(-) diff --git a/Makefile b/Makefile index 472a20f..372e67e 100644 --- a/Makefile +++ b/Makefile @@ -1,93 +1,5 @@ -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBSSH -DHAVE_ZLIB -DHAVE_MATH_H -XLIBS= -lz -lssl -lssh -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro - -# -# Makefile for Hydra - (c) 2001-2019 by van Hauser / THC -# -OPTS=-I. -O3 -march=native -flto -# -Wall -g -pedantic -LIBS=-lm -BINDIR = /bin -MANDIR ?= /man/man1/ -DATADIR ?= /etc -DESTDIR ?= - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile - From 14ee7f2c830061b4d8307a2b39fcd018e2a031a4 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 10 Sep 2020 13:02:46 +0200 Subject: [PATCH 013/223] typos again, too much copies and pastes... --- bfg.c | 6 +++--- hydra.h | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/bfg.c b/bfg.c index cb0bc05..5e638c3 100644 --- a/bfg.c +++ b/bfg.c @@ -228,7 +228,7 @@ char *bf_next(_Bool rainy) { int mplmod2 = bf_options.current % 2; int strafeIndex; for(i=0; i Date: Fri, 11 Sep 2020 11:59:20 +0200 Subject: [PATCH 014/223] fixed min length --- bfg.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/bfg.c b/bfg.c index 5e638c3..a3a6d68 100644 --- a/bfg.c +++ b/bfg.c @@ -224,16 +224,19 @@ char *bf_next(_Bool rainy) { if(rainy) { - int mpldisp = bf_options.current/2+3; - int mplmod2 = bf_options.current % 2; - int strafeIndex; - for(i=0; i 3) { + for(i=0; i Date: Tue, 29 Sep 2020 21:01:13 +0200 Subject: [PATCH 015/223] update efficient rain option --- bfg.c | 44 +++++++++++++++----------------------------- bfg.h | 3 --- 2 files changed, 15 insertions(+), 32 deletions(-) diff --git a/bfg.c b/bfg.c index a3a6d68..a06a93a 100644 --- a/bfg.c +++ b/bfg.c @@ -60,7 +60,6 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { // int32_t bf_init(char *arg) { bf_options.rotate = 0; - bf_options.strafe = 0; int32_t i = 0; int32_t crs_len = 0; @@ -224,34 +223,16 @@ char *bf_next(_Bool rainy) { if(rainy) { - //only strafe the index above length 3 - if(bf_options.current > 3) { - for(i=0; i= 0 && (++bf_options.state[bf_options.current-1-pos]) >= bf_options.crs_len) { + bf_options.state[bf_options.current-1-pos] = 0; + pos--; + } + else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; - bf_options.strafe = 0; - bf_options.rotate = 0; } if (pos < 0) { diff --git a/bfg.h b/bfg.h index 38bbbc2..3ff0710 100644 --- a/bfg.h +++ b/bfg.h @@ -43,10 +43,7 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rotate; - uint64_t strafe; - } bf_option; extern bf_option bf_options; From 490bd3e7cd38c637972331f2c6f512d7a6f86162 Mon Sep 17 00:00:00 2001 From: owein D Date: Wed, 30 Sep 2020 10:19:10 +0200 Subject: [PATCH 016/223] avoid negative values for the rotation variable --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index a06a93a..2677b47 100644 --- a/bfg.c +++ b/bfg.c @@ -230,7 +230,7 @@ char *bf_next(_Bool rainy) { bf_options.rotate += i+3; } //we don't subtract the same depending on wether the length is odd or even - for(i=1+bf_options.current%2; i<=bf_options.current; ++i) + for(i=1+bf_options.current%2; i Date: Fri, 2 Oct 2020 16:31:10 +0200 Subject: [PATCH 017/223] html_encode the + character --- hydra-http-form.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..db1e84e 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -576,6 +576,8 @@ char *html_encode(char *string) { ret = hydra_strrep(ret, "#", "%23"); if (index(ret, '=') != NULL) ret = hydra_strrep(ret, "=", "%3D"); + if (index(ret, '+') != NULL) + ret = hydra_strrep(ret, "+", "%2B"); return ret; } From fc82b52505c66bf5f0bf7490e07710d3042c7a8c Mon Sep 17 00:00:00 2001 From: owein D Date: Mon, 5 Oct 2020 14:37:04 +0200 Subject: [PATCH 018/223] working algo after a change --- bfg.c | 48 ++++++++++++++++++++++++++++-------------------- bfg.h | 1 + 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/bfg.c b/bfg.c index 2677b47..6f9fdc4 100644 --- a/bfg.c +++ b/bfg.c @@ -59,8 +59,6 @@ static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { // note that we check for -x .:.:ab but not for -x .:.:ba // int32_t bf_init(char *arg) { - bf_options.rotate = 0; - int32_t i = 0; int32_t crs_len = 0; char flags = 0; @@ -176,7 +174,9 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - + bf_options.strafe = 0; + bf_options.rotate = 0; + memset((char *) bf_options.state, 0, sizeof(bf_options.state)); if (debug) @@ -202,14 +202,6 @@ uint64_t bf_get_pcount() { return foo; } -int accu(int value) { - int i = 0, a; - for (a = 1; a <= value; ++a) { - i += a; - } - return i; -} - char *bf_next(_Bool rainy) { int32_t i, pos = bf_options.current - 1; @@ -223,16 +215,30 @@ char *bf_next(_Bool rainy) { if(rainy) { - //the first character cannot be taken into account - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=1; i 2) { + if(bf_options.current % 2) { + bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; + bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; + bf_options.ptr[2] = bf_options.crs[bf_options.state[2]]; + + for(i=3; i Date: Mon, 5 Oct 2020 14:45:07 +0200 Subject: [PATCH 019/223] if current < 4 --- bfg.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/bfg.c b/bfg.c index 6f9fdc4..c4838c4 100644 --- a/bfg.c +++ b/bfg.c @@ -215,7 +215,7 @@ char *bf_next(_Bool rainy) { if(rainy) { - if(bf_options.current > 2) { + if(bf_options.current > 3) { if(bf_options.current % 2) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; @@ -226,17 +226,20 @@ char *bf_next(_Bool rainy) { bf_options.rotate ++; } } - } - else { - if(bf_options.current % 2) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; - for(i=2; i Date: Thu, 8 Oct 2020 04:10:54 +0200 Subject: [PATCH 020/223] implement rain --- bfg.c | 44 ++++++++++++++------------------------------ bfg.h | 4 ++-- hydra.c | 5 +++-- 3 files changed, 19 insertions(+), 34 deletions(-) diff --git a/bfg.c b/bfg.c index c4838c4..a2bb1f5 100644 --- a/bfg.c +++ b/bfg.c @@ -174,8 +174,8 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - bf_options.strafe = 0; - bf_options.rotate = 0; + bf_options.rain = 0; + bf_options.gcounter = 0; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); @@ -215,33 +215,18 @@ char *bf_next(_Bool rainy) { if(rainy) { - if(bf_options.current > 3) { - if(bf_options.current % 2) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - bf_options.ptr[1] = bf_options.crs[bf_options.state[1]]; - bf_options.ptr[2] = bf_options.crs[bf_options.state[2]]; - - for(i=3; i Date: Sat, 10 Oct 2020 18:52:04 +0200 Subject: [PATCH 021/223] slight modif that fixes all --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index a2bb1f5..ee70dfa 100644 --- a/bfg.c +++ b/bfg.c @@ -218,7 +218,7 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Sat, 10 Oct 2020 19:49:02 +0200 Subject: [PATCH 022/223] this should be the last commit --- bfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfg.c b/bfg.c index ee70dfa..dcab78a 100644 --- a/bfg.c +++ b/bfg.c @@ -218,7 +218,7 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Fri, 16 Oct 2020 13:49:07 +0200 Subject: [PATCH 023/223] fix http-post-form optional parameter parsing --- CHANGES | 8 +++++++- hydra-http-form.c | 36 +++++++++++++++++++----------------- hydra.c | 2 +- 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index 8ca1b75..f537d9b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,14 @@ Changelog for hydra ------------------- -Release 9.1-dev + +Release 9.2-dev +* fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) +* msys support + + +Release 9.1-dev * rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) diff --git a/hydra-http-form.c b/hydra-http-form.c index eb5a4ce..92d5a9f 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -400,6 +400,10 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { * Beware of the backslashes (\)! */ while (*miscptr != 0) { + if (strlen(miscptr) < 3 || miscptr[1] != '=') { + hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); + return 0; + } switch (miscptr[0]) { case 'a': // fall through case 'A': // only for http, not http-form! @@ -504,7 +508,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { // Error: abort execution hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n"); return 0; - // no default + default: + hydra_report(stderr, "[ERROR] no valid optional parameter type given: %c\n", miscptr[0]); + return 0; } } return 1; @@ -1197,7 +1203,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1209,7 +1215,7 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } @@ -1224,6 +1230,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (initialize(ip, options, miscptr) == NULL) return 1; + return 0; } @@ -1281,22 +1289,16 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr++; if (*ptr != 0) *ptr++ = 0; + cond = ptr; - if ((ptr2 = rindex(ptr, ':')) != NULL) { - cond = ptr2 + 1; - *ptr2 = 0; + if ((ptr2 = index(ptr, ':')) != NULL) { + *ptr2++ = 0; + if (*ptr2) + optional1 = ptr2; + else + optional1 = NULL; } else - cond = ptr; - /* - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - */ - if (ptr == cond) optional1 = NULL; - else - optional1 = ptr; if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { @@ -1332,7 +1334,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(cookieurl, "%.1000s", url); // conditions now have to contain F or S to set the fail or success condition - if (*cond != 0 && (strpos(cond, "F=") == 0)) { + if (strpos(cond, "F=") == 0) { success_cond = 0; cond += 2; } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { diff --git a/hydra.c b/hydra.c index 4971317..ac3511e 100644 --- a/hydra.c +++ b/hydra.c @@ -225,7 +225,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.1" +#define VERSION "v9.2-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From be654c6bac504dc4912f087b2025d3596c27f093 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:02:17 +0530 Subject: [PATCH 024/223] As is --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 19f1e15..7985412 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ + language: c sudo: required dist: trusty From 2d0723b281da199bb539064bc8e48e21f13d7c31 Mon Sep 17 00:00:00 2001 From: ddeka2910 <60925700+ddeka2910@users.noreply.github.com> Date: Tue, 20 Oct 2020 21:04:31 +0530 Subject: [PATCH 025/223] Add architecture ppc64le to travis build --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7985412..ad0b541 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,12 @@ - language: c sudo: required dist: trusty os: - linux - osx +arch: + - amd64 + - ppc64le compiler: - clang - gcc From 5e98fe23e79803b6a50898e35e532f0273e4f271 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 22 Oct 2020 02:35:46 +0200 Subject: [PATCH 026/223] see https://github.com/e2002e/zhou --- bfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index dcab78a..b146bd4 100644 --- a/bfg.c +++ b/bfg.c @@ -218,10 +218,10 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=2; i Date: Mon, 9 Nov 2020 19:25:26 +0100 Subject: [PATCH 027/223] up to last fix --- bfg.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bfg.c b/bfg.c index b146bd4..8a6428a 100644 --- a/bfg.c +++ b/bfg.c @@ -215,13 +215,13 @@ char *bf_next(_Bool rainy) { if(rainy) { - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=2; i Date: Mon, 9 Nov 2020 19:41:00 +0100 Subject: [PATCH 028/223] lqst commit --- bfg.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/bfg.c b/bfg.c index 8a6428a..bdb221c 100644 --- a/bfg.c +++ b/bfg.c @@ -237,10 +237,12 @@ char *bf_next(_Bool rainy) { } //we revert the ordering of the bruteforce to fix the first static character - if(rainy) - while (pos >= 0 && (++bf_options.state[bf_options.current-1-pos]) >= bf_options.crs_len) { - bf_options.state[bf_options.current-1-pos] = 0; - pos--; + if(rainy) { + pos = 0; + while (pos < bf_options.current && (++bf_options.state[pos]) >= bf_options.crs_len) { + bf_options.state[pos] = 0; + pos++; + } } else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { @@ -248,7 +250,7 @@ char *bf_next(_Bool rainy) { pos--; } - if (pos < 0) { + if (pos < 0 || pos >= bf_options.current) { bf_options.current++; bf_options.rain = 0; memset((char *)bf_options.state, 0, sizeof(bf_options.state)); From 1df1d63c4fcc44d0cb1c0384a71120dfb0de3ff1 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 11 Nov 2020 11:18:04 +0000 Subject: [PATCH 029/223] smb2: fix parsing of miscptr --- hydra-smb2.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/hydra-smb2.c b/hydra-smb2.c index a09490d..7c22bf1 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,8 +126,13 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { + case ENOENT: + // Noticed this when connecting to older samba servers on linux + // where any credentials are accepted. + hydra_report(stderr, "[WARNING] %s might accept any credential\n", server); case EINVAL: // 22 - // probably password ok + // probably password ok, nominal case when connecting to a windows + // smb server with good credentials. smbc_free_context(ctx, 1); return true; break; @@ -147,6 +152,9 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { case ECONNREFUSED: // there are probably more codes that could be added here to // indicate connection errors. + hydra_report(stderr, + "[ERROR] Error %s (%d) while connecting to %s\n", + strerror(errno), errno, server); smbc_free_context(ctx, 1); EXIT_CONNECTION_ERROR; break; @@ -202,6 +210,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_workgroup, miscptr)) { + if (workgroup != default_workgroup) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_workgroup) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) { @@ -217,6 +230,11 @@ int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *mis continue; } if (CMP(tkn_netbios, miscptr)) { + if (netbios_name != NULL) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } miscptr += sizeof(tkn_netbios) - 1; char *p = strchr(miscptr, '}'); if (p == NULL) { From 981e19852b5aa6af7de88ddd82c360299c5f8109 Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Wed, 11 Nov 2020 15:55:23 +0000 Subject: [PATCH 030/223] www-form: normalise webtarget --- hydra-http-form.c | 73 +++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 40 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 88f2e6b..5e9d863 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -78,7 +78,7 @@ int32_t auth_flag = 0; char cookie[4096] = "", cmiscptr[1024]; -int32_t webport, freemischttpform = 0; +int32_t webport; char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1; #define MAX_REDIRECT 8 @@ -1133,9 +1133,6 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt while (1) { if (run == 2) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); } } @@ -1157,9 +1154,6 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt } if (sock < 0) { hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); } next_run = 2; @@ -1171,30 +1165,19 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(0); break; case 4: /* silent error exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); break; default: - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } - if (freemischttpform) - free(miscptr); } void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { @@ -1240,35 +1223,21 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node ptr_head = NULL; char *ptr, *ptr2, *proxy_string; +#ifdef AF_INET6 + unsigned char addr6 [sizeof(struct in6_addr)]; +#endif if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - if (freemischttpform == 0) { - if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) { - freemischttpform = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } - } - } else - webtarget = NULL; + if (webtarget) { + free(webtarget); + webtarget = NULL; } - if (cmdlinetarget != NULL && webtarget == NULL) + if (cmdlinetarget != NULL) webtarget = cmdlinetarget; - else if (webtarget == NULL && cmdlinetarget == NULL) + else webtarget = hydra_address2string(ip); if (port != 0) webport = port; @@ -1277,6 +1246,29 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { else webport = PORT_HTTP_SSL; + /* normalise the webtarget for ipv6/port number */ + ptr = malloc(strlen(webtarget) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, webtarget, addr6)) { + ptr2 = ptr + sprintf(ptr, "[%s]", webtarget); + } else { +#endif + ptr2 = ptr + sprintf(ptr, "%s", webtarget); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || + !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr2, ":%d", webport); + } + webtarget = ptr; + ptr = ptr2 = NULL; + sprintf(bufferurl, "%.6096s", miscptr); url = bufferurl; ptr = url; @@ -1411,6 +1403,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { normal_request = stringify_headers(&ptr_head); } } + return ptr_head; } From 7f19248e3495a60edc2ecd33c1e797f65689ee0e Mon Sep 17 00:00:00 2001 From: Karim Kanso Date: Thu, 12 Nov 2020 15:27:08 +0000 Subject: [PATCH 031/223] resolve compiler warnings identified by gcc 9.3.0 --- hydra-http-form.c | 2 +- hydra.c | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 5e9d863..e6074cf 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1039,7 +1039,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } if (strrchr(url, ':') == NULL && port != 80) { - sprintf(str2, "%s:%d", str2, port); + sprintf(str2, "%.2040s:%d", str2, port); } if (verbose) diff --git a/hydra.c b/hydra.c index ac3511e..9efbc05 100644 --- a/hydra.c +++ b/hydra.c @@ -610,10 +610,6 @@ void help_bfg() { void module_usage() { int32_t i; - if (!hydra_options.service) { - printf("The Module %s does not need or support optional parameters\n", hydra_options.service); - exit(0); - } printf("\nHelp for module " "%s:\n================================================================" From 78b3358862da15587bc8c2d75caa4a3030d8bb26 Mon Sep 17 00:00:00 2001 From: owein Date: Thu, 12 Nov 2020 17:06:53 +0100 Subject: [PATCH 032/223] profound mangling --- bfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index bdb221c..80e7392 100644 --- a/bfg.c +++ b/bfg.c @@ -219,9 +219,9 @@ char *bf_next(_Bool rainy) { bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; for(i=1; i Date: Sat, 14 Nov 2020 14:20:00 +0100 Subject: [PATCH 033/223] uptodate with rainycrack --- bfg.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/bfg.c b/bfg.c index 80e7392..912b61c 100644 --- a/bfg.c +++ b/bfg.c @@ -202,6 +202,14 @@ uint64_t bf_get_pcount() { return foo; } + +int accu(int x) { + int a = 0, b; + for(b=1; b Date: Fri, 4 Dec 2020 12:50:46 +0100 Subject: [PATCH 034/223] cleanup --- bfg.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/bfg.c b/bfg.c index 912b61c..0d670dd 100644 --- a/bfg.c +++ b/bfg.c @@ -202,14 +202,6 @@ uint64_t bf_get_pcount() { return foo; } - -int accu(int x) { - int a = 0, b; - for(b=1; b Date: Sat, 26 Dec 2020 16:42:57 +0000 Subject: [PATCH 035/223] www: normalise webtarget --- hydra-http.c | 54 ++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/hydra-http.c b/hydra-http.c index a269e71..c487144 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -10,7 +10,7 @@ char *http_buf = NULL; static char end_condition[END_CONDITION_MAX_LEN]; int end_condition_type = -1; -int32_t webport, freemischttp = 0; +int32_t webport; int32_t http_auth_mechanism = AUTH_UNASSIGNED; int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) { @@ -313,32 +313,16 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; ptr_header_node ptr_head = NULL; +#ifdef AF_INET6 + unsigned char addr6 [sizeof(struct in6_addr)]; +#endif hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - if ((webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - miscptr = malloc(strlen(ptr2) + 1); - freemischttp = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } else - webtarget = hostname; - } else if (strlen(miscptr) == 0) + if (strlen(miscptr) == 0) miscptr = strdup("/"); - if (webtarget == NULL) - webtarget = hostname; if (port != 0) webport = port; else if ((options & OPTION_SSL) == 0) @@ -346,6 +330,28 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI else webport = mysslport; + /* normalise the webtarget for ipv6/port number */ + webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, hostname, addr6)) { + ptr = webtarget + sprintf(webtarget, "[%s]", hostname); + } else { +#endif + ptr = webtarget + sprintf(webtarget, "%s", hostname); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || + !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr, ":%d", webport); + } + ptr = NULL; + /* Advance to options string */ ptr = miscptr; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) @@ -380,8 +386,6 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI port = mysslport; } if (sock < 0) { - if (freemischttp) - free(miscptr); if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); @@ -395,13 +399,9 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttp) - free(miscptr); hydra_child_exit(0); return; default: - if (freemischttp) - free(miscptr); fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } From 09f6a71e844871c660de6060dd2d2ae0938874ea Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 1 Jan 2021 12:20:49 +0100 Subject: [PATCH 036/223] 2021 --- CHANGES | 2 ++ README.md | 4 ++-- hydra-smb2.c | 2 +- hydra.1 | 2 +- hydra.c | 5 +++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index f537d9b..8a36029 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,8 @@ Release 9.2-dev * fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) * msys support +* fix for rain mode (-r) +* IPv6 support for Host: header for http based modules Release 9.1-dev diff --git a/README.md b/README.md index fa214d9..322da43 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2020 by van Hauser / THC + (c) 2001-2021 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal @@ -382,7 +382,7 @@ Version 1.00 example: "These are very free form" ], "generator": { - "built": "2020-03-01 14:44:22", + "built": "2021-03-01 14:44:22", "commandline": "hydra -b jsonv1 -o results.json ... ...", "jsonoutputversion": "1.00", "server": "127.0.0.1", diff --git a/hydra-smb2.c b/hydra-smb2.c index 7c22bf1..31e211d 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -13,7 +13,7 @@ * along with this program. If not, see . * * - * Copyright (C) 2020 Karim Kanso, all rights reserved. + * Copyright (C) 2021 Karim Kanso, all rights reserved. * kaz 'dot' kanso 'at' g mail 'dot' com */ diff --git a/hydra.1 b/hydra.1 index 912533f..039d55f 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2020" +.TH "HYDRA" "1" "01/01/2021" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index 852d0de..3695110 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2020 by van Hauser / THC + * hydra (c) 2001-2021 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -11,6 +11,7 @@ */ #include "hydra.h" #include "bfg.h" +#include #ifdef LIBNCURSES #include @@ -2151,7 +2152,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2020 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP From 04076995835e57df234d6a994ec20673878f96a9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 29 Jan 2021 10:23:27 +0100 Subject: [PATCH 037/223] Update issue templates --- .github/ISSUE_TEMPLATE/bug_report.md | 37 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 ++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..78bd469 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**IMPORTANT** +This is just for reporting *BUGS* not help on how to hack, how to use hydra, command line options or how to get it compiled. Please search for help via search engines. Issues asking for this here will be closed. + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** + * Ensure that you have tested the bug to be present in the current github code. You might be using an outdated version that comes with your Linux distribution! + * You must provide full command line options. + +Steps to reproduce the behavior: +1. ... +2. ... +3. ... + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. +Note that all messages must be in *English*, not in Chinese, Russian, etc. + +**Desktop (please complete the following information):** + - OS: [e.g. Ubuntu 20.04] + - hydra version [e.g. current github state] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..bbcbbe7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From 51da37bfd87c17e2b246f7a1a003b4b1044954d6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 29 Jan 2021 10:29:28 +0100 Subject: [PATCH 038/223] Update issue templates --- .github/ISSUE_TEMPLATE/feature_request.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index bbcbbe7..d0c19f8 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -7,6 +7,9 @@ assignees: '' --- +**IMPORTANT** +Please note that hydra is still maintained however not actively developed. If you would like to see specific feature here it it recommended implement it yourself and send a pull request - or look for someone to do that for you :-) + **Is your feature request related to a problem? Please describe.** A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] From ac2fd35b4f3a8965db344b27033a601fca7a7d7d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 19 Feb 2021 09:19:05 +0100 Subject: [PATCH 039/223] allow configure to pick up PKG_CONFIG --- configure | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/configure b/configure index ae81322..139c9bf 100755 --- a/configure +++ b/configure @@ -17,10 +17,12 @@ if [ "$1" = "-h" -o "$1" = "--help" ]; then echo " --help this here" echo echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise. + echo You can also set PKG_CONFIG if necessary. exit 0 fi test -z "$CC" && CC=gcc +test -z "$PKG_CONFIG" && PKG_CONFIG=pkg-config FHS="" SIXFOUR="" @@ -1305,9 +1307,9 @@ echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..." if [ "X" = "X$XHYDRA_SUPPORT" ]; then echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..." - XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` + XHYDRA_SUPPORT=`$PKG_CONFIG --help > /dev/null 2>&1 || echo disabled` if [ "X" = "X$XHYDRA_SUPPORT" ]; then - XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` + XHYDRA_SUPPORT=`$PKG_CONFIG --modversion gtk+-2.0 2> /dev/null` else XHYDRA_SUPPORT="" fi From f423875d900b84673708bbab496593507483760a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 11 Mar 2021 14:00:00 +0100 Subject: [PATCH 040/223] remove rain mode --- bfg.c | 29 +++-------------------------- bfg.h | 4 +--- hydra.c | 7 +++---- hydra.h | 1 - 4 files changed, 7 insertions(+), 34 deletions(-) diff --git a/bfg.c b/bfg.c index 0d670dd..d9667e6 100644 --- a/bfg.c +++ b/bfg.c @@ -1,6 +1,5 @@ -/* code original by Jan Dlabal , partially rewritten by vh, - rainy tweaks by owein */ +/* code original by Jan Dlabal , partially rewritten by vh. */ #include #include @@ -174,8 +173,6 @@ int32_t bf_init(char *arg) { bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - bf_options.rain = 0; - bf_options.gcounter = 0; memset((char *) bf_options.state, 0, sizeof(bf_options.state)); @@ -202,7 +199,7 @@ uint64_t bf_get_pcount() { return foo; } -char *bf_next(_Bool rainy) { +char *bf_next() { int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) @@ -213,18 +210,7 @@ char *bf_next(_Bool rainy) { return NULL; } - if(rainy) - { - bf_options.rain = bf_options.gcounter; - bf_options.ptr[0] = bf_options.crs[bf_options.state[0]]; - for(i=1; i= bf_options.crs_len) { - bf_options.state[pos] = 0; - pos++; - } - } - else while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; @@ -252,7 +230,6 @@ char *bf_next(_Bool rainy) { if (pos < 0 || pos >= bf_options.current) { bf_options.current++; - bf_options.rain = 0; memset((char *)bf_options.state, 0, sizeof(bf_options.state)); } diff --git a/bfg.h b/bfg.h index 602cee6..6d11aee 100644 --- a/bfg.h +++ b/bfg.h @@ -43,8 +43,6 @@ typedef struct { char *crs; /* internal representation of charset */ char *ptr; /* ptr to the last generated password */ uint32_t disable_symbols; - uint64_t rain; - uint64_t gcounter; } bf_option; extern bf_option bf_options; @@ -52,7 +50,7 @@ extern bf_option bf_options; #ifdef HAVE_MATH_H extern uint64_t bf_get_pcount(); extern int32_t bf_init(char *arg); -extern char *bf_next(_Bool rainy); +extern char *bf_next(); #endif #endif diff --git a/hydra.c b/hydra.c index 3695110..9e1268a 100644 --- a/hydra.c +++ b/hydra.c @@ -1780,7 +1780,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { #ifndef HAVE_MATH_H sleep(1); #else - hydra_targets[target_no]->pass_ptr = bf_next(hydra_options.rainy); + hydra_targets[target_no]->pass_ptr = bf_next(); if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif @@ -2280,7 +2280,6 @@ int main(int argc, char *argv[]) { hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; - hydra_options.rainy = 0; bf_options.disable_symbols = 0; // command line processing @@ -2316,7 +2315,7 @@ int main(int argc, char *argv[]) { hydra_restore_read(); break; case 'r': - hydra_options.rainy = 1; + fprintf(stderr, "Warning: the option -r has been removed.\n"); break; case 'I': ignore_restore = 1; // this is not to be saved in hydra_options! @@ -3433,7 +3432,7 @@ int main(int argc, char *argv[]) { if (bf_init(bf_options.arg)) exit(-1); // error description is handled by bf_init - pass_ptr = bf_next(hydra_options.rainy); + pass_ptr = bf_next(); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; #else diff --git a/hydra.h b/hydra.h index f0a0253..6698eaf 100644 --- a/hydra.h +++ b/hydra.h @@ -206,7 +206,6 @@ typedef struct { char *server; char *service; char bfg; - int8_t rainy; int32_t skip_redo; } hydra_option; From cedbd0ddb2f035a73bf4bbba8fcf94b68c1039a0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 11 Mar 2021 14:00:40 +0100 Subject: [PATCH 041/223] indent --- bfg.c | 16 ++++++++-------- hydra-http-form.c | 12 ++++++------ hydra-http-proxy.c | 35 +++++++---------------------------- hydra-http.c | 9 ++++----- hydra-oracle.c | 2 +- hydra-smb2.c | 4 +--- hydra.c | 2 +- 7 files changed, 28 insertions(+), 52 deletions(-) diff --git a/bfg.c b/bfg.c index d9667e6..faad45d 100644 --- a/bfg.c +++ b/bfg.c @@ -62,7 +62,7 @@ int32_t bf_init(char *arg) { int32_t crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); - + if (!tmp) { fprintf(stderr, "Error: Invalid option format for -x\n"); return 1; @@ -170,12 +170,12 @@ int32_t bf_init(char *arg) { } } } - + bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); - + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); + if (debug) printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); @@ -210,9 +210,9 @@ char *bf_next() { return NULL; } - for(i=0; i= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; diff --git a/hydra-http-form.c b/hydra-http-form.c index 4cd2655..3979e74 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1215,7 +1215,8 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char // 0 all OK // -1 error, hydra will exit, so print a good error message here - if (initialize(ip, options, miscptr) == NULL) return 1; + if (initialize(ip, options, miscptr) == NULL) + return 1; return 0; } @@ -1224,7 +1225,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node ptr_head = NULL; char *ptr, *ptr2, *proxy_string; #ifdef AF_INET6 - unsigned char addr6 [sizeof(struct in6_addr)]; + unsigned char addr6[sizeof(struct in6_addr)]; #endif if (use_proxy > 0 && proxy_count > 0) @@ -1251,7 +1252,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { #ifdef AF_INET6 + 2 /* [] */ #endif - ); + ); #ifdef AF_INET6 /* let libc decide if target is an ipv6 address */ if (inet_pton(AF_INET6, webtarget, addr6)) { @@ -1262,8 +1263,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { #ifdef AF_INET6 } #endif - if (options & OPTION_SSL && webport != PORT_HTTP_SSL || - !(options & OPTION_SSL) && webport != PORT_HTTP) { + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) { sprintf(ptr2, ":%d", webport); } webtarget = ptr; @@ -1342,7 +1342,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); - + /* * Parse the user-supplied options. * Beware of the backslashes (\)! diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 757a3fe..3a97da9 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -51,15 +51,10 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), - http_proxy_buf); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); } - while (http_proxy_buf != NULL && - (auth_hdr = hydra_strcasestr(http_proxy_buf, - "Proxy-Authenticate:")) == NULL) { + while (http_proxy_buf != NULL && (auth_hdr = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:")) == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } @@ -71,10 +66,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(auth_hdr, '\r') - auth_hdr), - auth_hdr); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(auth_hdr, '\r') - auth_hdr), auth_hdr); } // after the first query we should have been disconnected from web server @@ -115,10 +107,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), - http_proxy_buf); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); } } else { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: NTLM") != NULL) { @@ -220,10 +209,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } if (debug && http_proxy_buf != NULL) { - hydra_report(stderr, - "S:%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), - http_proxy_buf); + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); } if (http_proxy_buf == NULL) @@ -234,10 +220,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option { if (auth_hdr != NULL) { // buf[strlen(http_proxy_buf) - 1] = '\0'; - hydra_report(stderr, - "Unsupported Auth type:\n%-.*s\n", - (int)(strchr(http_proxy_buf, '\r') - auth_hdr), - auth_hdr); + hydra_report(stderr, "Unsupported Auth type:\n%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - auth_hdr), auth_hdr); auth_hdr = NULL; free(http_proxy_buf); http_proxy_buf = NULL; @@ -250,11 +233,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } ptr = ((char *)index(http_proxy_buf, ' ')) + 1; - if (*ptr == '2' || - (*ptr == '3' && *(ptr + 2) == '1') || - (*ptr == '3' && *(ptr + 2) == '2') || - (*ptr == '4' && *(ptr + 2) == '4') - ) { + if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); free(http_proxy_buf); diff --git a/hydra-http.c b/hydra-http.c index c487144..7f1d56d 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -314,7 +314,7 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI char *ptr, *ptr2; ptr_header_node ptr_head = NULL; #ifdef AF_INET6 - unsigned char addr6 [sizeof(struct in6_addr)]; + unsigned char addr6[sizeof(struct in6_addr)]; #endif hydra_register_socket(sp); @@ -333,9 +333,9 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI /* normalise the webtarget for ipv6/port number */ webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535 */ #ifdef AF_INET6 - + 2 /* [] */ + + 2 /* [] */ #endif - ); + ); #ifdef AF_INET6 /* let libc decide if target is an ipv6 address */ if (inet_pton(AF_INET6, hostname, addr6)) { @@ -346,8 +346,7 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI #ifdef AF_INET6 } #endif - if (options & OPTION_SSL && webport != PORT_HTTP_SSL || - !(options & OPTION_SSL) && webport != PORT_HTTP) { + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) { sprintf(ptr, ":%d", webport); } ptr = NULL; diff --git a/hydra-oracle.c b/hydra-oracle.c index 5f1788e..46deb44 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -18,8 +18,8 @@ void dummy_oracle() { printf("\n"); } #else #include -#include #include +#include extern char *HYDRA_EXIT; diff --git a/hydra-smb2.c b/hydra-smb2.c index 31e211d..275bbae 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -152,9 +152,7 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { case ECONNREFUSED: // there are probably more codes that could be added here to // indicate connection errors. - hydra_report(stderr, - "[ERROR] Error %s (%d) while connecting to %s\n", - strerror(errno), errno, server); + hydra_report(stderr, "[ERROR] Error %s (%d) while connecting to %s\n", strerror(errno), errno, server); smbc_free_context(ctx, 1); EXIT_CONNECTION_ERROR; break; diff --git a/hydra.c b/hydra.c index 9e1268a..145d6d2 100644 --- a/hydra.c +++ b/hydra.c @@ -618,7 +618,7 @@ void module_usage() { "%s:\n================================================================" "============\n", hydra_options.service); - if (strncmp(hydra_options.service, "https-", 6) == 0 ) + if (strncmp(hydra_options.service, "https-", 6) == 0) memmove(hydra_options.service + 4, hydra_options.service + 5, strlen(hydra_options.service) - 4); for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { From fe930f4dd17d2949995499ce702e3b48946f7cbb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 15 Mar 2021 18:52:54 +0100 Subject: [PATCH 042/223] hydra 9.2 release --- CHANGES | 6 +++--- hydra.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 8a36029..e895e03 100644 --- a/CHANGES +++ b/CHANGES @@ -2,15 +2,15 @@ Changelog for hydra ------------------- -Release 9.2-dev +Release 9.2 * fix for http-post-form optional parameters * enable gcc 10 support for xhydra too :) * msys support -* fix for rain mode (-r) +* removed rain mode (-r) because of inefficiency * IPv6 support for Host: header for http based modules -Release 9.1-dev +Release 9.1 * rdb: support for libfreerdp3 (thanks to animetauren) * new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) * oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) diff --git a/hydra.c b/hydra.c index 145d6d2..1a00976 100644 --- a/hydra.c +++ b/hydra.c @@ -226,7 +226,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.2-dev" +#define VERSION "v9.2" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 2ec0b164ca4126fb523b95004bfd4cafcae1c1e5 Mon Sep 17 00:00:00 2001 From: Ruslan Makhmatkhanov Date: Wed, 17 Mar 2021 13:04:24 +0300 Subject: [PATCH 043/223] fix typo: comparison -> assignment --- hydra-http-proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 3a97da9..9eace98 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -185,7 +185,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; - auth_hdr == NULL; + auth_hdr = NULL; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; From b6dda7da81636f97f475eecfb670995a54048030 Mon Sep 17 00:00:00 2001 From: xambroz <723625+xambroz@users.noreply.github.com> Date: Wed, 24 Mar 2021 03:50:55 +0100 Subject: [PATCH 044/223] Add transparent PNG file to be used as icon Add transparent PNG file to be used as launcher icon. The original JPG is not transparent so it doesn't go well with window theme. --- xhydra.png | Bin 0 -> 218327 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 xhydra.png diff --git a/xhydra.png b/xhydra.png new file mode 100644 index 0000000000000000000000000000000000000000..39f27047961e08c21a6de7984aafae1f5991c703 GIT binary patch literal 218327 zcmYIv1yEeu()HjH+}(o)cXtMN0>Rzg-66OH3-0a&cY?dS4DRmE&%N)x@2{zuGjpoW zw&}gPd-dAkit<22cszIj0DveZDW(hnfPa1k2f#vqUT)pzoOPRc+LK-C1n(dQ3n zLm8kL;NzcHPDgRV=N&kE$sbMtz!&s?-e7>V44luKFwRnP;xH@V@MyTW5&epEpSN(G z#WkEo?QCpJY@Gq3jwS}qCdMRg7S84*Kq)yz^#CMn0DuG_B_^!uzH*xB_S@Jb=|k|K zqsh@lem23$pA><+mo^Zdx}-ZW48CHUj8aTV6;iyrAF$sCUqx*tw64|zD=GiW0L|gr z`Mj#i`NGTBuf3_P{3lpnb`|T+n}7oUy3W=Dq8%uq^T3NlA_|9DmokR$S`rY$wH-Ew zAM4fo8p-(V{G5ICIQcOIq44>yLfL}6Loc3j*@QAT$B%;9EkCT9s z?T&_hVW{K-u93zpaNX@5e*`&9Mli&ul8cINK7Pb})U(RNY|d8;wz^1PBnlQO57R1h zKEjvitLA|o*3CeU?Uw(2K3YYd8_Hjm)+PA>7m6)m{Lr@T^j%>KaN2R83wV8Ln`|YZ z22Q{A^(vHFSbdLsc3NNOZyTVa`p=kC4v&t&^grH^kNJ1wM6(*_clU~O zFWuO?LWnZu?PhaoldiG>p0>WBn<&ztI@2J<<8Y1xhae=LS%^J-G=5^2BU}=vIuB=+ z*3i`QpV1P%6)Ts-A2s6fVMBt!M&QK<|AbakJUl+?FuNJJdpV685KJ+vXOeL0EcG+C zuIC@|gzdfV*{M#78YPaYQB^j#V2>?vvj4zlug`hcQB=ya-Tg75qZ#k%kY~Mij3ADwFa3V5m^9bsq z*@kW@g++B;ya2pkcZflxF&}>;1$tc;b&88K97pUfIzF=Cc0lV$G6y7Q^i0M0e@o#0 zqMu%Jv9N*ThaL;h*A5an38LVC;5b14v&B~huqO4o(aXQrEpB-EU2l9EP!19Cw=^WL z3xr5BvK{f}cdXm1Vz5JVt71QU{h!T0Wz(568zw8a?gl#z_9y-BXOm#zFmfw#m#yH^ zMtiGRN#pIO{dNI0mi&D87;A6T{?BlFftDmxna+8yn=p$O?REb%h(BB>6@T0f=cSYB z*Z01ez4qf){ot>e_5M8#HSPh+?`++E&#Y7Leud?zFYVpTZzH2K~Zv*O=7;2q` z1`oCzg}yN3FX@0#SggKocT9M3jkZ!Osp0MZ$P1XTXuqf>uzz5LBevRmkM8w)v1`R+ zUPZwVRZ%!(;`?twLQ`iE86r(b^V(nx+J@NSZSlye71WrIz%LA&&76d*3+vPGiY=gh2ladPeYE-wk1E{7|7VRiOI{cJU|jcyi#lAI z1UF#Qs_OJ(sto# z$&u|x{v8v{)RkPvhRF>6k!Y92oIQBjq2M%h74C8_LBV!$@Vy7w8{n@_;JK71__|fJ z>M-w>28|UA{JbhmNi$O*A&0^n-WXI zrwGhgwQ>_EgjBXu7Hm}F{o9;Qhd~h2Eix(&ZO&V-;!?{t!i*+}hB-P$6T-qOlYUX2H&SPa&vvJi3z;?l-{4kY&Z zz3v9up%6^v8pL(gmxifl@2!_Vv=I%Qx)aq1iU>dL`fH8~4U7+nf4*;RYXc%Lxpf(~ z=Na}P3H<}LKfDjyks&Uhjr2Y?wzg2UZ%>T&<%7h~T34B(k9<%|f|`xjj8iNXUp_v;`_mc0BdF`mV^q5qTxWk~1(ag~)e&8nej#Xgn;_ zXipPv?K`7aBN4S7J+TVHQ8*vkkEewxxn;YKEs>>i&FS+&yli_l!xS1|wK?$p zET-*I(T(w=dsV6YUiYpZuWoA&bY=Hi3W7It@#l}xHO5#oX+X0FeLm#!W3qQ|B>F_{ z&~DhM6a#kz=+GQxu&IfAq?XORFMf}WDxeX!>J}bdedcY1e#Q(5%lNs^_+tzJxox4ySK;*qSS-hB;oytG88sgd@ zqQ&~1UgL|Lhbmu5>!BWo@eM2_rpBuJWGKPYv3eKw|KIhEvBlZmMZAi1fh0Ecaih&E zZj?J=eoN4~_92E)wCMEyrDn7uJT7`bjcADk7mj>`gp%& z|3(p|9IJ;o!(V$0UUQ;8O@#$_-)5oU7P9;*tDy;m4>eu0GDGsRFbx;+ahc`z%Kzfq^JZeV>L*|eb z|77|jum1}XRP*cg=uQZxQJd)4C*JL3!H{SX@2-@FYCX{Eo*o_DSBaONaoTh8= z@f+GuT>vEsU{yz3VI*WF4Iec-To>&(&9^f$RQwNxj6QH`HcyKQ3eSi6$bvKN-cOEY z^JO*`Hb;l%7krHxw1pftYhew!H&!dFIc@91giQyvd$a|tQyYOw{V}n?m5=Eb9ER>8 zE^DHwiJ+}`Ad$~(p7>jW9!_uA24>@Dhs?{#de+FuiAaQMqtvt z1_Xe?hXg*u2`0%>cmFRKO>zG*8x4HANk{UVH^_L&jUD*%ZNT-XJAwV@h7ohWv(jt(KlBn_VxjdL-+UMJQV*T&=M1LbBP}ABU3oD?sw*!@ev>E zc=a{gW8+5eWo2-%Y$sMw-obk;%l`GsW-rI{hE;)|-|VgR&iZ^cN^?~s zVhX!81&-^@w}+e67aWbqxuIvmNq^XS$ZXxgwO;ry%w+c_QxsNrARape8*}pJ0z6}E1*mipErFh&<1MOlfQfmKrb;~p#66a{R8h4|Zy;>DD zC_7AdIZOoL1RZ$z{eb)^{nC86gDr6J6v_C6(ABopRH^r}&xzE0u+f%~&S5j9T$-1n z=lk?)Vq!uD8U}^}0Rr&;0u=P55xwa1X0+MH?>2?6dns zY89OBMt0E|x4*z7z`#JJiaw?kj`I$HhYvb`$N!gn@sDBB@EOk6@O+GGe+ z4)D56WrH``7}>I|$^EkMGg80}nXhrqXmU?6!`V_TGZM7n6#R1!amL_sR0N>U2xnVx zIM~UPZ^!fX%Z@xuH!Pk;v)$JUZ=__wXh7CQb?Z^1);+H|2;zAs>3@Dj&gd#nJXWyQ z`^m679^|S6a4PPupow{l0Vi^9^v{NbK+|yUrQF@vyG(DJmJSKN$p8KTZ|x3B23^fp z`x=d0_49FTc}xbkfg+yy99&bdL6SvPsOf;`N(=0<{n zE`<;~y=ihamWX^c;Lo7|=l8!*3Kg2Qj>S#wcdDIkckEZ&5vaWXhN+f)*y2J&AC8M|)?o~r#&h&<4IJzx??VQW642wgtA_t(924%=4K`Gj(h z`y(@0n@4Q%%PIz96Vl6WY6>(-4ybW%wrq)+A8hFk+hTA#Ggqb5(b>|?QX$i#zXb5^ zj@z={G-*fz9tCiMD19DUHM^U$;q#6WeB>_83jjvbV-Tp_z;i$FGyK3+;?P5!kDKH2 z2agvmkf%a>iJ|pm829JEU(q*rKk@A$`}MI{XHObRjw+WMxza;cAgGe3ziXwNcSH>b zH(=tsar-HPIqgy2l_M@x$4yn+MAzqs?%0yddf0;HO*kZlcZ%<1QRco7Ly&QTIm5xs zJ)GGbdy;>_LEejT;`swVXJT<9KNMe(C#u6_ESb;FJn)frJJ0K+4-ryWjJ#AYJW4Pu zdIe8L{$9NzCrfw$-u!FumGt@}#B)Qn_Ze?@)v|2Fl_B@1_xx`pgf$`fv7_yMRs5K( z_j*xhiBbe9&Pqd(BGIO$)5oZZ-GpgogiDbwtO6%X89m;{#-Ey4-d3#4pkp`Zv+;Y#!v47~@#5UCk)f_4SB%H6qVp!BgQL^1+8NWf zBRN66IFp0>Dskh&lwd7vGl`LPkOIcak{m(Czm^hXO;zHg^5C*P%Q`p$)yc_iw1X99 zoCMK{aFF|(>wU-jv?y6HT~0bMZA6x(?}SfaaNxjfrzJIL7binXgvCiQG?<_yB&I!P zbNyfkA_IS29A!G}yoN-&zVu%B-YB-u{NIS%w`=@7rcZ#X%8FQ=>(T3x0*ms1wSnLTRiKD@ft|Fa7u+pe3&Pp=nlC+99H z!@80djZpk&Bw_)v-aHYlN$H|1B0Z{Um5-uqGV&rnZ(;}-+L`5otql)yS5oLKpDrgB ze;{+A@wLPZ^R(TNw+^BgeM`fhBDqv?0&kQBANtM$-XJT?KLX?3gkI;3n08Ns>jEAI zI4@Q^VS`u+?V)CIqiyx1_rK%+NFnBV$ba$OXU%Tq)wN)5J*chz)^wW%gU)E)+^Ox4j9JWCG9JftY%#L!qQfZwdG93ngkZKgKB z>E-0Zs1h9a0yO(<=PeL5#OEbK`BviT^PdM!g?m*PQH~WHF|;XjITn6P6@uN7ZG&uL z^YLGFUW}+2?)0izn?X<^M}!kUG}&e|MVShfQ!jiURs|urj!TTTtIGbD24m3PfjoJp zW#<&^tnNM}jBo?R3fg$KCYm*RBt?-sBKNb+!c0z3UkYlpogEW(o0fT=e4_n0?vH0L z-!*R;qd}+*&r-c7E>vVICCvJwyD`A2d8WC?;5-S znf>ndSn$JEmlLm8!S_DU+aYj~kchG2zr*>k&+vPHqDb)NNSFG^N^7?BLZ3-=9eXYr zpvSpXiL;BL+!c?VKq~kH!Lyp7ZEr=C=E$(3K#8aPgcy4uOj-O|I6W{LJX_OXWBv3_ z-=z2Q;vw);=ECbcN;l!_A{!V=(IE2c^pMx`w-D>?k4iHk_g1|u%iHXZBt^4=qI zrJSS!kYC{{pIB$Hs!X^2_`f^jeXIF#JCgfp+-^7qTV_Ib|4*EJ?szISi#kQ7#A>>Z z@oJiA9d2{Ff`--T`D(@k5ot`2zcw|f}%+6!cb`vmT*g^n$U ze*`(TCBzkq)&Z~tlS+WCeAWcYRL)`MZ&(rQk;#{R`bYi$>%S51)@I{%a7D0{bm@Qk9{yX zyC{HdCTrRLkRB&!+>e(Xu-N4+B+V{IeoHkLvZD8Bz-SL20LM?Yht*};>x$+EZ%CGy z6vFAwjO|&GDj9C$m5|+cti)s|-p>jeKs#dOk zt9_#f8f`zDYZ~~%BykG(hw%Hr`bpqT0=N)(8#4Y(y{3kSh9K`MX<}V>g}o{8as7-a zhn(5}W<(P;$hzb3e?xC@Ux$_fG|c&k!Ly;JB7;aY+;?%^Jqghu*@|bJ+1Qn+5UQ4U z8{;KO24J*yfMPa*cga%Xq5%s8X)^hlHs-)D{=vD9Lp?uVkJ}ct$EgIa!rhq%{zJIE zg0_+c*9T5weC1vq{Jc-HVPKxMN|bhsT*(RPr_!Q5Z>@qkZ4`Hn$d2v2e}@V+GymO4 zW&tFK1!M#nif07v;NRAoZPpf(mP{p&UUtNKN35HU|CEN}6XrnTsr(4OkPk7JBbc6l z!BpocMMS#xKC~3B=w3Uz>kQGdeVf(xk7Q^){5YKgJx%y|O)r8Ti_o|IqW(?424Z5q zFt#g#(_!;J?XvRzK+MEUUxAY`&99tZ^V(66?Jh6A!wQnmMdwb?|fgBEQ=Bm>x**jVW95s4X75$jKP&*TF=#&^&BPaZomME z6-RCpKV&dl!X`|1d(`5&8;OGLTK9|}Z@gjcVJKF3_m&qK;hDLfU=(H^Lf8X16{WJ2 z_7g#!0m}Lm402VJZVq@sEbn==w%?n=d(}_x4UYqdgG@Ky!=iNC*0DX>DC$N5$7TQh zYq>i8o

~u8;SN_V?z+tD6(Q9xB^c0&GGLB*17DU#MW$f#0@Y4%feV?iuER-y?a) z`1p7LdL4`-?vj;R@j&BfDn=P3ZrpNF%D%u?SN!AGAPO+)!R*F&NTxA(Fx z;G5q*O~e~S)kbxMD!r;mvGi}rX03c{Qpx&|H<*wtq!b|wJBOWUVKEAqIVB+I@qyzV zfc*N@$#2(sR5S{Sj*59&u>OaZg@>o?0p$15^uVhx=(GJ!g$1tdyvyzV(V6Xf?%O|& zJUAfuA4VtB@E|hYyQe!}TUkriVoQ!Qw(0xj!Cc41U))Uybkb;+Dv#PY<#A zVy+m_mgV2$pb9a;|8&;=aEOkBhYPlu^00O;faby{nNO8?OZ5fQW`4Qb0Xoe|Qf4Cw zZzVl{UD39AYY{-;Jml-QD5~3Fx!2(jMMr_|{>RJXEj@Pov5Ba+oj-X_8%$X2qWw*t zkQ#x(&US(j>~fzUH1*K!_2HIcqCS8&@E;=K3@ujRnd{~B&q3SwDsArK_uatMIREAK zj@Lz?VE!+XYQIJ(x6S;Vwg+i192$fIGVHb^0t+Avw$M+_o@6C?(Ih{yOx`a6F`M89!jx8 z^Nn`rd!AfyU}UHt0r>(Y@f4 z&D`Q}vH)GhxV0ai5Wg%9Zm0K*it&BR!4=-h1jyp;pomP)bChF8bRDQ)yIi{A_y_<1TI$sI3zPF+8FJyTi{{Gmve z+?VXjINL+WW9wBXtZp5b+5OLf;CSq4O1CeLj-fC1SL+8eK>5e z`3T`0r@FmvdFG1ZtB$q^j$Rw_-y+o{fIt<_x2?vkuC88IhjWn62tL=_Wj?j)0BNe3 zrWP-DdwI$e@A&?j6NA}l?tF>H=L6BHMNL`uf5Riq#LFEUk5WoyxnIX|~G9s8X-noK{-I>~nf<@WM+;U}o~_!s*< zPxN)JSYWteQP-^V)3vVrncz9u#H9QF>O7ui#{2RNZT?vkJYQ=$?R+_J^Ld`l_C1{H zMdE-VXs+(q-5!0~7013FR?tQP5&WAe5MoDS)2}pD`)#&&c8*sa_-SJQnzUaBG8!x- z((pA~ekI=nf7D@sKv{wdS~fq_`};1PF9#!rSt+$!$|ife>KN48&*xwArkGFk`k{xf zLA*g#lM7;g=O2CllHxdAYG$Y=83rSPOPBI=J?Xnm;Ugu>#VR#9&Q(K7CXgmARES`S zmyreyljBfd^EfpPoWEqELLV5Ir%M5okJ}RGcuLMrD&zm1{zxkHqbvlOo5q?uf1^5Ezzr4LA9JT zo%2D7Hp$&{oHafDdVDbm*Vf7^9^zh5f45xS_i5zE&A}Y!bwc(lr&-1)22drGnw*{4 z6!TwS_A)lIoOq;?lpI4K^HFpo$MD`aLsWe%-(7@XpfH{-^oOAu@%B&1BrASPz8x;k zc2xM5D*nL0dvl|pGclo3q)d(Vc!N&Ib!C;p(mJSJ@CO~S7jEYs8()iZ;AkPr?yqRF zV9CYJk z>gYZ)n=$$OaHX*cz$l6kh>*eTfLe#g9ezb5tAnzWrA5NUhd+ASA8sx0c3kgrg6~JM zzOMr-P%97hoL6mjKH&u-U!8Fg==8;gzM^H^9*s7iZ&$}zj3gYH=h3H7sygr}e6JPW zgyshmF8r%sDyE1?9UUcFdd<1+W`uC$oaWf_T7S|1fT{LBEr3UVs*`Doz;o`+hTHj| zfTy-c#pC((w1MB~nyRNIl@s;^+2Y2;ey&p1MhzGTlA$!IYrCS8qRVhz|JKfEwq&1M z*grmf04Y2{!Gm@2eevPs0T|SCUti~Z&gXib*>iXZn{|LXr@8zFx$?X9-KrOoJPhZy zYH*5bkqmf_p0tArm&x5kR#NgMaTZSFi2y?;?82y33)V~_#1gRGQYG$_O5h*r8SF`P z8{6Gm-i^~~Kk%|_)`JE;Ai;zaMSWx(dI9n#=M;R+DWBC6mfMXoR%ZGGQ+AAZ0P|%6 z7Ek=Ekg6gA+MF~Z91|wVHbOAGF8Hv?v@+(=kw~@=8h|7vM!H9xarlNd6oUa^H+3f0njKV|&k+6nG8AEg?mbYe4k z^<>c}`|Ad-lq4N8?I@&JsZ5PQ6P1GdEz#X{ooB&@V1F6$jjzL(yq8>DB2)tR1iw2b zI)5I8UM+LP@T*WcrusEpuT%z_75&c64#^mj=;+8Eo%_pC@p`-Xgw!Qpa>qSj<7r}t z+dNz6$a*+I<}oTN`o{VLAlQC1sqND{j=+xxCy;x+`$qxhijeG|z-7t6;mpq``;&N^ zGXb?dby1hC#UUx0HTlWM}sg8 zin!LFDbA>SXOhV(pzuZWi7VJ+H_XQ1f#64f*U{Z1rH((ZiROhxP_L-^ykxv!+c8h4 zXLnWm#nMhmFm%3cSkOG}55ZwDCoI%5r}n>=hXm{*6)Vpsv)#Y0XX~GjSzyof`Fe7~ zmJ!9S_=Cz=n7-@Z9CAVAi!UG}T;GO{SLk-79&jK}3v!KY4uHW2iAF`I&>%*4OM(q# zUXuxLN=q6vhoA?>NiunX3cWYUi*NSHk^Z8Oy4Q*oDi-x|N$A_E!({uc))I8Cio|fg zq2DQ_tizuEH=&4p?|cU>${A`AT_N7^cpZ;<8X+ub1~LWb@cj7biZ5k!8SRAPR%|M1 z0K(EMBf_%cGD!gs%e$Hkw4kZ64BW@!_cZ@Zt+HReONhSzB^v6BZRJvcIQf_^o{D~B zDuloq-^?06;W9Wjtk=$^Nif+_6fD+rzzyo{jguA!nd|Ik$&&DnJMsZA;KfmZ=AsCA zs+Uod;y+JEm%T0~`rXzBgRD672JD#Bl(0n@b{f~y+>A#p)!;+G7j<7cps2E6lau^T zto-^h^|mAEI%_8TvGp9)-V7;KG9KSm+}FW)nN^o01?Hn8$dnT8D#eE-QlzfX^)0{R zqgwCIg;AGP4Q(04x0>ZFg}p0QH4iI|hkqN-tSQlo_Yf%|wG=HgND8QB4jqWRMMS(( z1%0L~Hv6TB=^mzUB$EP7F>>k9rPg@CJxbJx(_5%+NLqCSj@L@s*F8;t%r&WYjPg}0 zx5ESR@~-3)N7Ojfe*WO=Fq^?cW0s$z`8V~g%{S~_aj{{aEjgl~Of4wy$Rt644Imh4 zTI3sWZvYQrsSgQjmh7-??k;Sxf^MrlrPT^=&DWcEkGovACv7XV%#u)IlmE_1Z6s22 zV=BaRl-J2K98+mVnO6m_uBuPwX{X5eE8gK#;2>E%TTfJvjNgv-RtTO2C3wWj_I-Ce zyDM%mOB?P8VQFgm0rDXDTWSc$9%+S0KUqH-%KTe7DI93W%Z}@p`dF4UH^NeR+n*kX zhyjR2SBAa(CpHB2=_(H6bxMrK=f$okE&Y4Ybt_{=lRsv;y5q*r$+p~2VzPRUZc-qg z(f85@G6@AVN$M_yjqR@5lQ&yMoYMdh=@?=2^)QXHBlWCXJNB zk&TU+B|Z}(QX?itA>MZy7)*%~ldSccEVYw`y6YCiwU$?l?-d%Npkp(S{^_6BnaJ7l zE3BV(l##4-riB<0y%4B1xHFG}m-oIwqw`5FGIt99TbJf#h}fG6PQ?m>1}k((d7r?` z_JZcP`Xfh28ZSco)wvlk&b@d;q-lxgPFrc83JJJk3D&={_`Q5~d~Pm!$*8rs79Q+TFHqH-%=Y{6Z87OYUq3E3>&n)Z=aFQ? zxwk1bZ8DcEDruyBXJoYbq83P+6vaZUloHq=-|6;l&4~^Mv13#c%uq-yBye;yZ=~Bp zcOYA=2ro$)jC(d-P$wn5*L_68rpZS>^(!P-set=ul@lZXWp@xEfcX9LXUl2b=sV@2 zPycb!H_e*M+&wz=`UUyjz(wK-cI+%EMMTMG`hqtCX`7Px)Lp${W3;y~ss@ekY1Vr- zBE9T(?ztT7n*RP6WO1^_lAfgF7Qd$jqD9@7zaYw}QnM=KY;Cby{a9j!0twN;GU2FV zRPUSrrX9empw7b7bb{;j*{QsoTWJ++aZXv6Sgibz^A2){>y!5Xltv9+^4XD{V|@wO zOYI!T*@?eLf3`@Z z)rDmkE6@mJ(~*i7#2&K$hSy@&bf^0dtqhPi=LU{qQj_w?A91&R4Zpx*T>L z%zNBxE*Pd(!3+*HF$X1T*@5}W`|DneJDFbJ3RMx;X?oE#&7~-hWD83VI@bFLn__cC zIKm55CZ@v+Livqm28sP%L9$8vLBs-0UQgG1+2x5cHt_DL6lR?l7|9b^(zWnUs)NBd zA=oO2)lMIIu#sWIx(6>IwmiBm$7E;8MUvD% z;UG4q1Nqu$TBCu1Je1GNBq(7GQyWod=B^EXYK#5YNd&hcJm`%m=xqL&E*U}6P+9Jw zj(4$6zCYz;uEg}nA$I^AB8BIlBQGzj^c4;F6_?`t|8~&OCTrGm)L?;%S*uM zgEQ(c7&82(vM|b%6)_!*T;QU=G9_Ec{UEAOmVzA63?$nk9sl8MJtk-LEy_r(gZHA{ zDZ8uxPT;(G=M!T;%%v&NyymjB>@RgQ98bGYpuyx)8KR_eED2#|B@?0CI~DGlLdCxN z!}<2?T3HZ20aO%Dn;-D46if3uV-X1rYSE$;>vr6?+iatz45MQ&=+xi#DScf|$k$#D zfVf`PU$;Wz4<9S;Z*L_P6duIO)vLGLV|^(;(f1#nq^s;F^$%>`j$nM#)~45VvB$v0 zKPU~5d)?kx#cfJ<8(&RuspgGkO(6=#Wo*6YWIwm9fL1G>p>jEyy5#w+gu#j6Fo+fI z9u5#`)E5(0erFcOS(iI4SO$F7sgu6`UV+}8M=VM+cRc%EcbI?%U=Pe8ok75m#M>>E zGp19M_ujKIpD=DY3V7iMWt7%}Spdx*B2Ol|5YbBOLCv}z$N*j%SEU(@A9 zMaeaNeY_ZXJ=PINxlmIboDD||it#ozc~pL5Sn3rv$VR#?Jn~7lgQ3%O9Pf+$ibe6; z{Nl?P>*Vh9N%g^I5VEdXrNr^yR5r5=AC`4`Tm%bjb|7s?jEDhhe!~wTMx2&K!Yb&X z4wHVNlOM740!`x3-8eU|2>z&1fjw`wYH<0{KPHD6RiKDP3wb0A+KJVI*ppGdrdsyj zuoOfAwXEz^-}tkh!Ev`XfzMHC2I4@W0*96k!hobs0CQ*SGJ&Y zQ$korG!JxfS8F8Nfj(JdC=)N=W zlPWKLDH3@4c0rKqUV>Q{Zt_^j`Tetl8ia|v^=({7TFUhNJSvFfKM0Lq&3(*n?6}Oi z2yU9S3K>E+X|poa*7XJ@JtAY(f5)xw*~g>K;OM9byOYeBr~cQE;w2}@k0<#S%FCHEKIyWXget_B|(c|mI00WtTSjL6`C;fHG8Ew2srv-fIARUSC{!W0|F1Jkd*6iDS_4fFLHyGo?42I>uNW32Kmu?HxWmEk{86`@)# zl$IdQ=@w>Tz6vRUU_50+nMXsiLgNGXFuW0i0FgqFjf|)mpJOS~j4vzRTPE9&XNdui zK`W%qLv><=FQ(n9W~Vk9(_6W@JK55FZ^h&3FGq)mVN(A8Fv$Zk;p)T=6e&LY%0&;i zo#jLzC^d~1EM?sD<_q18_lC*9;%}L(v8m&kiqyGT&E|sf!QOZ)X}RU={5-2`ARGFr zX?PtQNg(gc+#FNmBI@Iu=I@1bjazmXp~{YlV9c{4Ax%du*{SljZ|(X9tsL6aWMSdh zwabghfEtgS*n@>i2sBCkHDAUwxStnb!1FJoSk2$NG>sXA3=nwP5OO6tKV`0Ui(?EM z4F}4!x#`MWxv?0y@2$cOyJ$4WmRwrvb|fi|8E}&@Q(Ha4ww-(XuXv0Qbj$ zp9hN!F20lE1YX^?QJ69XK2+!V12h;MrT|@pXcwID80XM0@tXYYp}4B{Eo3C-0lTOQ?x?i_kOa5|VU_4%=_Q z0a*&0zPSDflRXm=7QsL6?w%6P%*?cUetB`Z+U~!K{!hN{V1JqW6JXz6u4jP6d&~58 z7tKkeoRA;y42>ll6rvK}k#f1JWxIc-_ll5(s@q}Bc<3g&SkSUO|94fBG&>{_+1ELx zk;I_SR$XzDtGI_F=FSB~T}rY0N3y@QO{%h^dLM!M_kP7F$K@S z-%XsEl_=S>&`i_bp0=E7-YML-w`38wpQG}@YJ(6ZxV<89p%N#e(W-sXA9o>iv3!XI z2i#c!zrzShC7lt_#4BLK8W?>Dmh02Grh~CS894)?I!elsJr&oV3k#pT- z|4A(7#UO`*&Rb?nT5GWmoDl{UJge3-EP!($Oa1x5RS7m^sxR z4KrYk9q!Rr^Ycu0m*B|OAi3a~8pLKaX+ShtqRFTi}eS7fb zvY#F2oKKq$j={R!%ruA%nVJoCWhZ_4wm0bZ7T)CZPIj-=%z6|SQr&s6vPCA!D6ER4 zNCm5U@|LX#vWR=AjD(^ogC3`#%JW(k;*6cyZmhaB)6D^Wh#RS*Frlgofi3&dv|A$I z>fH<7FXQgZM#8!Y)ov3Y_DLbrDbkXQ_8wlsvMXf_849D=Z;`&#TAA@0?bXRh0eujQ zsxqj8ms$_AF@279B&jl&lvO&jK!-=?sbyt;E}G9NobQ%d<`gYU%Oe3^^rQeZUvPzA zkCv9>1b!{CYNOUDXiM+|6vsum%JlkqlIu!@-{x~LTyXh7lO<;8VJsXC6(|Bp`cWbd ztf{JP<&R<;s?0bh?JWLg2$o5~1s2jS32_vGXrY)AqxiV=cU$2K0`qb!RtEKak_{{q zG{Dor_S6nZjgZU(QFX1`v%>@hftJAunUr_%P4;STmQII%^TJimWCooP17LgJQ5Nrc z=R*$+v9&`$TJzjnR%E;mwuo6d>uEqP6+B z7pifvk~XZl#0Sd=ZS3QF8-tvLL1O5ESTBRx7;X^VYC;Wo}w#YG`4(xqMyT@0NvO zni8+#F``yT{>XBvVdt@SWMt z^7yjmxa}DU2&#c(odtLVZT^mmWbs2{W4^g)QAQM~7GK(jP>RF&axGC&!7G_GkI9q9 zeqGMQEYJ{z%#ie7lUO1o`v<4w(#(s`D4?P->EasJ*T+k12we_QY7JAS(ZJ+mjEV*? zFm>dIG!eSMri~f$>8E&9d51_gD9_KAeRqij$U+jg}IYsrgB{l<1&T*;?zw~4D|DsAxWDkRc1QyZk>1@@ z#IOl#eKF*`ulCYL?k9VMuN8$msz_L$tGRw3E2;^nEb6WaC7`}X-Xhu=6jWEqnx8cUP*Vh94Kv2Zkk ztFf(_ENB$7;o3tC=F1G55yjVM?|#r3(P2sqRPq+Yl@kpvqgSf>F7=2@#rO(dFg{=l z(F0`9QCx{ai<4<=^NxTe-xH8F$hHz~ke;#1qgf3)_)4udh=Z#KB*mdrOi8trc8!y2 zMAI16@IdK9izrk@;@Yd>*I=`v{52-R6L8vsa%}-wph|mW=X=xU1A54M@ZDck*XgGc zbP)C?5C7+QQ6sUlOG{2|Vd2;1+1Y%$?^R)V9jLR@U@)ghZQ~(DW5HVwWQF`naZ`o; z3EMccQi5e?RNA;X%>8=ghwM1^l_s!al)fvP54y&QmGZWcvjYeK_V~sWMln_kl-yLd z?x6-6iOKY#HXPg#IS54txwzFRC)jf{-}0fJEU;PhL^`@u7}Z&j)?4Gk9&huF|Fu1G~En(g9jDA^&eBu=ScD_hf)dTe#fo6Re>L~vKP(d@>V3|A@r zCFdL`yQ`!`yTvuHAG|`HZ~hCicV~y7^|^G6 z)OMb1X>+EStj)AUjn;*-vvC!_h#HxH#6`Z^xR9-2YI-gK8?k`r^ISM`IODW&oEt0hUwQlQa)|JRK(B5%jaY{q`{-V=yAQ>&g$K# zeoC{^D_&FsKh>!R0T;!nwK2cLHsNseB;ASJ1MLt(QJ5oQ!4ONOh0N&#RB2QPFZ;!C z1LK57RfE7w#gL*Y;zs8k(0m6>AdY`vxao>ahq-NzP_e@lpe5qc*@=luQE4&38YRi8 z(uO>bg~`_8DtHf!q|+q-Br608{$gk}Rwgt~7{@^^<1lVtBTn*JOOz@X8%f5Rg#EZb zeq$CQ1Ie<)JIY_lJCP60mZ)V;ryaQiHgiOgqU;#@{`^z0aqVz2qQ-zXW=XyJROg&F zk&R_SdtC&7%ZQ=mPw}lRyo%-&cJ#`!u_WnfkeEF_MtHNiLXf2f;6YmDa|7^rpt^FE zI7>S6Ll$ra_(*bS(zjpy+G8(X50MM%i0BsY z{v5m>CECm%5p8LbEn)%n_#hPNfE4-XVctm45@7DL=^M^_Zk;!oDthOsp9d-ufDA@8 z?(%dX`M$ol{yU6OlfEED`YcBG-0jF7_~3beXWBhOAEQft<`2J zMa~T-r}bwSLx;OV8Wk^-;(nRXs!t~6E;@VNEW4xS<=m@g!Bku}SL54{QkVM4%$V~( z=-=!IvZ*!EWDBb8$e)%g#cs)d3)Qw%sJxW_dEFD2TK~9&1Vp$b*yL!2{N=)kIA4+z zJuw{Tk}hD;Q*(Al7?7c$#f*YAL5&fxciU%cV!}%lhEyoW*|`}T0PDPb(^J03lqMa` z))~zDVn(unIFH(`k*iqN+2?!G*KE8)n(BOJd6?#61p;rkh7sy>5#b8LF9dzgAKnVxR` z?)P~xyj{m6>AmZs?LpuyYgNYcB7{xEKQ3-6NK#2jQL)xPjE9w$HYUc!d7qQq6(|mL zz%clRfl31|{Ut6qSV)8iZdk74Yg2~T2*btm+ts<#xtxeg1nbU^>`6J>bAFfX%#H=m zg+EzTC(|p63Nkjyjr*Etwt)j_5{bt>H_BX^J2Z@qH(zzfqf#jQbCO68h$-0wq`3>6 zLk*9Z`g4c}rIyZ#E_>g}cY{shQYA;MNOsr^RN>?T13_};(wJvpg|f10Y$Pk4e#~rh zrav5B**F@ANlN+Ajy(Ua8T{tLa)es)QKZ=%9#nU@N(bHM6MKLByqGX%*}Zw{S~^i} z0F+3uzb6=d3MW5BZ-V4x6B*o2Ri2;ct*oj(R_<;RhUZp46E|jN(n`f|j{2bYg8)08 zm=n27KDq2x@2m6Aa~3d7QMjzWD_Q()MB$84n)QJeJ8>bb2HTRCb2)gKt`!h^Uk%bo zaT9yS7y_jV6!m zhTqDM=$9KNj2n}c{g6!Mf|Y{_P9fv;-mVufh89fy5>F=id3^4_ao8COeZp!OIr$`szf@u5cMCj_y=zrV33J0^vN#os3Vpdyr>Af_!Pmb zHrm`KDRLU}PW~TF*PvJlv?OCYnb^FsHL>kXY)ow1wkNjDiEZ1?#JI7sd2e^Wq0ebl zS5^P?;ib!hO$ytn;fzGj>u*?0#+~;;s=1@aD2Q3=Qy|YPXGo1QjmK7(r~6t0_~R## z#7$aDY%I|bFj4@DFoYEtA&P~iz83fFzkLfZ-R#6d6I?2~j zn;ft4he~vzUyd$&N;%R=^=bB6kvfoFZw|cF*Xt#-3|%j|1y3YWZUWU@rLOAqJ=YFY z%Z+tbaL>r0xxx9ukiVqD7*b@F04W!(Bfm%>G8lFS0ZcQ95MmL3$1@g zSj0edPuv;7%W%UJ!)nnGw4ng}mu+8JYV3c(001Pa7th=3h6}dqaNKcg5pSCHPazRq z#09G8{Xq+K4bM%J-!TMH$GFaAM(Cs>=8=yiF?@2_&oCii@^s{f#1J&3m+bL!Y{SEX zu9^8LuIh?GP;Hn(==jS&sJ zcSJPicROrgW&eCBet77fBVr)lqKj6A*qfm2{QWJGjPr2=5ClV+sX0zZ;kck&P}!~E zq&x7z$`Z2D&F~(J1rtUWBFBbAWVg7|XbWYH%?&v)X9_*Crq}=cAo$nun#Z9TaLv>H zdP@DzqN-ddy3YasRR;35uhJxer^crimeUnKc)-sHG+wfp8nXLPC|TIk^OgFAM4Flx z1MdmAm!J(~yn`T5x?P+vo@je|dRhyz5v{jkRK6XX$wrV?T3MH6$tF&>DCsVb2*}a9 z_4#;y+23t9>&KyEGj8#N&DXd-eMH6qb;I2@4^NmJ)I0Ej%A zvPw#vYT&M;pd{SjmdS9SM+%|lJDk9KMHK9gelak&7sQsesEYY0CLdi+$nT~~EN^^K zl9D4FB!sR-^~1P>Qj9m%6F9`U*Yg z|DZma$>urzrq#XL9aJU=Q+K{1Oc_fgW;10C8%_a63Ki+*{K}&C^YtRPy6%atD8{ic zD0V!@jeDIi8cXwHb3u)@6*V%|28G1nxYt!B5L<4>!{t7;f*h6P9#RoFRcSvdq!YfR zVFbs0K@*5|wDdHX%w9CP-YbxkI0BJ5 z0lY85f@PPuxh#S6a0>8mJjji{$G-gc!;RR0RC~U-#~eam->;tM%UrGL^eW_ZQRWIBoD|nC;E8`eNGbp-QcOOJBjb>j>b944 zqfCklMlM+T_pG5m&RlQ?7u?!oAehM^dfbfPYx)Bf7&3!yL-My6w@B;1-_hOXW=8+z zC+U9iLV8LH-9=k8j|~a1uwNX#5WoIU+@Ri5Y*09|_C|VU^}zsF9qY|lqkN4*MbbAE5z5=>zofF zb+QD1WNT%8{@y@6%|$MY)owWX@iBI(!wr~|2g1Dy8B2K#NS4)t zkW;@DM|KAlR28DwshHO{Ap9JDg2dH6d+9f|>z!jTv?kH{-f#9rlFp;zhG0UIkRL85 zNU>=J52H13lVYV-t+Vt2rziIvGhu`3Fe#D;$2 z3Y0iI$);=f^}(f#C5kllEkU-ibfri=Yu*T#tK<7T(P0K#bJ+V2$?(2@dwp#Lg0>v@!W0$qEeG+U&7IJB%Gek z%#5f+>&FC+ekJ$Ei)8bij2WY%>QtZ5LM4NJrNkL~sPh}by3p*ALQWXEzn-$o-5t?i z_%?@KUfTIlsq6cgb||0u(}M&X=u_djT^?O{l-@qGR(jm_{bF{^H@C6ktMiz6ECr#A zCYl&eQE;i|dduRDk&Dqi&(#BhM*6tQF}iuft+M;m6ThLJQ0FNp6I z#ps6-KpPBpuNer8Fn;-`J+s$mwKFl5rq|mrhOVUCaPB)NgL9Uw=@ay&hWN1Se%Q%W zrh+W7d4>JFTkK2cc=2&qtO$eSnA>;!!`NsphshU@LkLhP#3t>$`CtYA5>>;SJkM}{ zXtC)MpR4Z$`DH&hedMS%qcSBk0jLI1ZgN^*mi^_#5H?d?IqcMG;NUj*A-qolLZUR$> ztpUfP&xvDH8v1KkXQjUUOVP>`UhL7$g%k;!dQP8LGxu#3YQ&Ri8XbJ!nVc+6}nJRZ@{Ntx(5MB znRaQ0xY0)(uLhZUo8E|b+|Q`hfa?l=*n^EeE=63EiXudi%GdeB)z?t8*cKEKmE$=d z316Ycu+ff-C4Cd-(12J+G<;#@$z%G0fK{X3x%%LGdh37T%pnmHqwDQ=1XsrxGly3C z?;t9}(IxSW#73)awNWk`8=5_Z+3V3Gfz-x00#zwWWLlB{lFQzJ9De?rApP5%75Whs zLW;{Idp2kYxvfYt>LesO-b zr)b8h{piZl-W<`>wI5?{?1MBewT&Io7Jep{0MeHz6D8Dp>#>0C0HkSugN_FfUl0kJ zvc}7b&@?Rfk!c&wfF_3*sYJL<=QN)z|Eg5`DEYrCD(7&(==;bhSN=*1Nof!q=6fg6 z()lDenah^Z-3{8*5=b4Z#@lL(9>@1L$nZgPJ>wjEXTATVg;MLxvaDJL6)H54XjX-0 z7cjM7KfvYtyvDn^J^eRlv-g1U0+f^4{8=S6H|DqmW;R#k1vGI=1JK@o^t+BWjYJ## za6bTx1hyOMPYMr3t~>G5JF_f?iZ2@2G|(BOydLp@CKYS z{LHQ&$T+3PXtkSi+I$&YFfiyFoa?;17>XvE6a9ILCWay=EEh9!Hr4TRqV6kfrHhEg zs4Ga$uf>L>2!Q%0LvfC&(L#$U6cO~tKOiu!unIWyPFB#9p+DfXkB5puurN^OXzw#Ze`RiH#s_NWH-_IXUYsgpV+MQ zp5aHaH~O5Kx`dN4fe>}oDp3?nY+#0LsIJ%3T}tlGFj3C-XuuW2m5(<&-wW@MaKdMx zLisNGP=Wl5Q9_$aNnZ1>R&hi=_Cv|M^YDy`ZiYUTh=J!4PfU4&AwH{?H9S#J$5!YJ ze3@r9sFLW=D?*dJviA0Nz`r{nw6D`AB$mUmoo(%ZW>ax?J?@(BqYt(sOD_eU17{#I zGB3dYY^yu$sr$h0WlZj?_eO8|#ooMpqQO>z2hX=BZhD~WgxKWY=x@xa zoXK?f-wtP4)J?z7Pw9`a0k6A&)Hs5H2r`N5!cxxL2dZUeVqEfQPN@8boHIK86r~L0Nm349>oMLBJ4AUk3}ZYqT9chp#!_Zz05Z{G zMZga!O4dbpq@A~^0q@g}9)qK%xy|b_w44JOm^yyjb!SZ6dD-$dp&;+nf3( zpoPBQ_H=)9=TAtAk=P%DmDg)a@LsMxzd18%eJ;;IWdCsazD^VHaD;(108uJ!zl>k( zt%SN@cZU-FxN&haPOh#_TAyR=x(^@qPS^HZ<%R(GWI@$8a@=y1B4R|bptnG2ub z`FqcO%BHP+EGCeJL@IRQ3Ojy_OJGH6dUl-|cr1{>hr)sHx3+{Hzj=t-?%7gj(#7T& zm2O4I>j>IibvlD58hM^>(}7=+Dd!yahZMEPcffCzu|;GtT6vR1g-&a@FfG>gr4`dK z+K-g_5he!bW&}RB!%~Z)IG)9FG*tN2__G z(``!&W+ieoPA2)z^)h^yYV-9aRiDcES)n#?n0x4xFS~S zV5=$y7Dj>aaq(bkle-(W+P+BX`0n%me0ALX7!()h;BdSv-3}`a-VOle9id2(RYVX* zdOFr@G{x$9K2YIpF~ox}iT>A8t2=UgKslF&EQkk&?)cFo@ZD7pQIE(`B;86b6`c@` zBGXW&>6^&@TexW@Ckl4{A+AUY+Hv&2||jBL9n@?R$#=;&zn^}#}6|}yaf$)%|$&Hti&ix7(F!F zw&oxUlJ#Y}##PeOgjMRB7NJo0k4!xQ2n=oiSxL)mL5_bBC@claVmiKfWwX)35rfSf z`0@6n4*%UR7UI_8UtV@V=CxR?UMw5h(EhdE_(_EzETo9M<&7No@d=Ab$DLDroI8FR z^_$g86>s1yV@^J__X&kM(NQFI+R|ujQWM|(j+^)9!qv9(SSd$fbx4AN8$Q}}_^n%r z8d`~xu5=u2uoyB6IqQV#bl@ZBH6T@a1lC3RdK#GP~OzwyVc;flhd;;L%wg`YeN z$>GRFelXL?4AZzwCh61h7@+Kf0|v;c)NHZ*1iyx_alIg2F{xN_-m z?Yi!;s_jbsk3r=USRU>-$W1%)hxx$WcVjq!v-`APrBor4`JrZKtF1!yHb(fgt}*P_ zUxD8BH+9E>XoqM`rl=oOQ)Z`C5p?OyL9!JQqvXBV(eg|MHL37vvHQX4NzVfdGnx}# zoWjX6y7P??+?!-_4&fxuE{j>OFok(6o%-TX_bAu`@`3vzqZ3peg+x7@TiW0|Lj74M zBr|^Z*};*MwOo?SGo~XmdorbrlxQLtVnt}Mx4sdjEmyw};Jw!Bj2U^5o%dQJ>j!YT zZTb-SIZV;25iOK!f*1ptQA3RUQ49x3lu=$NQm3=}XKK7S?LOWSt+$YI@^zR^@rBnulJpivY4N!?zsL}_%z`#@BRQtL+oM9 ziCsVl*)BjRiU6`zIzPE@E^@Xv&F`MI1;{O^U<)!cXOgIP0ez_DED5_W3NTi{P*Hk7 zS2f+)slmcU{hsde1-W5=@_4m9^raLf5qdol4LW2Q1F&gAL5hqxim0DaS%;e%jOKK{ zU6A6Ok33ItMsKDU^hPe@_y^asH}dmgv!#v2TY7UuT;+Z#Y14$LM~xCCD~Ehlu2fip zDt@D_R3kZjj37*A%YoZ7K6{OoL&4LqQJ7*@%TndH z;LeW^3v)?@g?1q7eRZKf88ldO%gI8Oa^-eCr~{dbPOzAuqTR{2aL-*B;f%ow>I9`C ziD&h%HTlh;R=N(nKle&Hsi&9A;DFTeg4NAC zi;xP;enlR~7wVA0O0~7RZTh~cq!d;r8;QbO`kCnz0yKMU2QFUVj~i^K)>pi1YW!S3 zd{-P`$iR#7OEA#HL5&asB2a7;G}K{{a3yfER`Z!j`^Ahg$W;d`zMG1+cv+3uVAK#U zTvO6$s}yj0i6K>cqS^Y+W_qn((MDoIl4d|dN**$)Hdxz^b6+Hvr$lK=F8kK70$?El zbaXxGoN0&2ucJ~xG)t?v5}>a`K6i-ViFYt37957b0*gV@70T+bop1=~u#~VIVl)xx z%#omId;8C6J1Z+~q)neoKK*@KT7JmhSzzV=qIXy^|B17M(i#Zo1a0Au!~ z&TQIwBehdr-f9c4z63`1^WIZon*Q?|(??ywA2SEZa(R`y|Mn4o@z>r-$Txqypr?j|a zGWvU-yh(-}B}8}(Mw(7@b^-SW3h>NllK9}RM=vd`+Sy~57*kY;R-BhB%qCc_`Y+>$ z%vzljksE(IF7FH}si_F5smB9-Ou9zl_MYGuNQhz;s1lvun=*8PaMt2$*<3`wUkIw8 zj0$b`7J+%^m@kHPlzzgnQr!ucYQF!)IY|5%I%U1h2-0%3<`6jenl2n_{bgj7meLb8Z?S~2sCX1 zj>T@?J^ z+jkU)nxDMOF#$fNL#6Luv@2y5Xa?VC-VREm8PUjiO57$2#9m0!u$;HPlhb+6^6zt1 z3PwzC7-3Ob(E_1E-b=+KOUgY{YY76km2PI)s!CH~;~$GnNEyDDM6)H37ry!0_93B?%>^-3J(WtC&qEw{ z!QNWexvAgDolsHL@Y0%N6u>IC$GaRB3kiY#HMMBR~Ze7jtkxMU{CY9^5%^1sOy!lu%C)b$)zIctm@*J*4q` zgLhvS;_eqDQLtl(J4cEIrF&&e`NwF=Z4H@^%>u`u*&QF&VneP^mmg4XGewudhy3ea z$q=L_iX4r}M&~eSv&G}iBKPB>RKB6K)?GPZ=>L#&bsRhnUijY4bSI6!H>Y^t)YkU^ z2lU}($}CZJ)55CC%r0op>rLm2lHXf%Y)H*xYKgXTVn$2YVn6rljczrxxsvl;D1vS~ zz7|M*BS_`NRH4uV_4hBSCJ(8wstuGUG@4Xo`p1afB~6%=FzgQ2z`$SwnA9j4HVA`; z2Nu{N3}MxWSo)<63qTS`Nj#dgi4R}dmX_n?N^rJSXC!tU30r^4%O46$D`iSESLGua zSEXF%e}c*uuX+|6QTb*88aBaJB5)q+%co@qi_`SPwY9AZlXS1ve*8ZdKyl_dKR4zQ zh}~htEbw+V!u2({#-xZNRmog9@^P*3!G$@QsXz^Q2vMSwiI*(sV#`tC5LGVHoq|qF zaX%i5)HFtqw!Ql^n{o7yTC;|mY~VsEo)Io&bQfCKKQFoOq>SZ-Nm^0VVIB*CQvM+j z)z}4#9M{O&0zUBSlXnaJgZF;XQ#mKdz`mJMpJq-U)m-_6#21v~B~#i#^N0z8(&&5W z#klLLTJMZ7VTp0ondaFuLBoA}7uQtmYzAeof`z1E3&rzuz5@qY$$dM$I#>5@xBt$e zuL4fG75|;7zJ@ivHd#Tw%LD;M9-HZ_YNO4aTISF#1>sIp5GO;rj3D+vIx3~BN~K(j zp(sotZ{REuln#dz&5o~Q*V0dQc^$Uape+9{B^Zz&5J8fK1@Xhqkuy16(NEL*;d2(r z?x}Q?sPY~iLh!@bO$@c@KkLzTgXdbbQ?NB9Jv3iGGfB{*G|ybz>p~&; z-!|;&hZL_hp`kx*+YTweIkQ<0Pg`zwvT;tT2RBKrpHW0cx7UW9hsi3>zq!gtc`cnM z=>5hen2nF{m-)M5(^-FG=4{+&rFdGFL#s=YqlMq1u&L+HkCdw@{|jQ1QWC9+B5S$( zdP<>CyM#$++bm`#K*beN@JkT!z(N%hrWO7r97Q_cVjrW*HW=Ek!4aU$RdB&YQWKg~ zGtqZtyKKEZ4*&KPq=w0-oRN3p)GA;$mMo#I-Mi~SYHF0%uO13Zrp@K>XwvNgw8?Ut zCv|*5n=qR$F0M}L(%n+b6l_BhM#B*RL(-B9!Fs%yMBsD%Qa}3oZ^Qe{I#O_;&}y}D zRILsYPkVdas9o*nu?8cSB6e)8u9|64tjH_Ne^Q77C2M2(@6xH{)=t63KbU=%8vQ(W z3k0A~vy`yYji#kYV!>?U<~OP*AkqmsK0_hFjhwm!G2~AaFHgzsb4&jDxHv>d$e!X| z2D0-y9MNwMZDT!BHW)#&-=G^qeK2W`E;6N|N^)7eI=?-&yoGl%{!o7`h{f|r^e<$Z z|ECiq(*3<5TxyUaN3)PuDu{-MKISVScU8!%HB@0RQ}`-peBpcvjmMz~lq-~8Di=fL z@~QD(XtgXKq^C_cMtXWV+N%!WHgldB(>TsnzuD(rVbvebY~m`@SM#Z+G4$02UwDuN zhuhkRthaCXgqd%)o-Sr~)BWTx1zu%ekxLoyIHc&-1V!|mz4h08uo4bq z=`yYRPCL8ZrMdgj+#?4xQ|WhDH%UA1aOKs_GkaXKt1#7wvvc6#(KtM=z?`iP3DC~B zF5sSo!28M>%zq~vKRVlQ124BAVY6ObEhQUgr`$pQI4zqpkZuLz~`6Hl`y30tOeg(yqPNKB*;QaHV z1{Z>j1dSSr*)y~AM*pkxt|pJq7xOuaf?6o(Y~*HG^{YAt~&Wc=d4A#9_apNeb#qY^ifNY`aM>J zYd>VHR{8Qvi4fY69Ih~Sv&UqxY!Bppf2D`NOA%0D)M`4EVz-|W zrLIULNU9WuCdVAjb2Sw3qiNM`r(51E;vDX%i0ZJ*>8@mgtK?WA73d$_fUG{504_{vqSqfg zJ^j{K>o+x%{*u?+-XG^vwpBtV6xQqva1s_e^=}6$+))kl z1>H_)a1j)i){)ES@ zj_mq1#Z?$Ow>hsYRktSUzg*FI5~hY*?1QgMnt4Kcd4zI!z_olYv8N#bl4AHciJYfG zHk%SmXw-y~2jeW7N9s+me;!YY3c7kFAb-usp~w8QBF{jJ_PnMXV#NV9V)fdaNB`sD zL+2Km(|+yijb!KflE@r*HQ=IqZh#Gs{eTIl)9Fm;k~Dl>$m2J~3jMh20Xv=1)2sE% z_=DJ9SCta{KqBybxIrO--@Z-+r0xAO&F_2|&#vlwbM?GKklT7?R|&m0gZ*vb$M3e| z1C$)08H%|7=Wci>zYN@ra;4CdQAt@UaU?N#nk3WV6tihSEJ|gh*Pa|n%Mq=%N~#qN zGWRE#3k!k^2$$QGHZs@O!-w$igKsG7Lk*0)@R^911;7lA!=kga)dx%*PaUVq>T}D>iQ!;(HAeL?=7)>FTi?&3(wQ4lidM{j0hvq}FrHM(I`H-G^ldUa-dum1sege1+ZsI;Nu(P<_;N6TE|(qh(!_|t zKhmud=Up4(aCLjlAu%tB4v#ZctWcufjCka;8(%5kV9FyIPvq8C)}1woHV8p;g6AlT zL=8kFcyFTT8XU0JZzL;1Z}*2eJ1(aoIgU|pc;lGCKwJh-JP#wd-aqG%olE5L#Q15o zkl8W^f-81F4zJ~Q@>4{OuH?3W)+wqG&j0z^9GYD*aNuJ$EeJdtq_svRyx=4k zWVyyClC$fSp2+k2io&*vZ|~_b;{h#^7qmrbXw!<~+KK)CG2Aafl$TAvCu0m5ijtW> z(~mYAL|TsXV;8n|0!JDyL|2B>7wN#(uKz%g7F3^pk^KMWQzVJ=yEOZJa5!w7*J#qe`-zn<^gv-Bg; zm0(APqEH?^avnk>I+*~&GSiq?eo8-e(3|wg0iiC5J`INW_dy=_Jp-(r_e0>SLmv2u zi+vYH%{d8d+^7@vQ50|MZ*VRKT1;6g;9Ig>>~Qmv!@_#@#d=eM8S>T9169_zTpYh( z5yAN`An=wq*>x^fd>vP@+2Vx2pIFsM^!4?11h}=~+s(Z91j_%irf_p268B!){;B#G zq(aEb=}~87PC%U;EL@cAS?SMzjH73|4^y?}s|oYJ)?1Hrym-*RHFvvE{^mO*gx>D- zK%OTy%BIDFWGo;DvQ+;dMB8esc$9EC1QOxI$jrYc*hcqHd(OBEj~uVRcE{ZWGpxH< zBmj*8!WGCBysQP}kZOGdK=LRlT)wKTEm{P5qr~5O?|#YD7=j5Y<5I=kGEn?}CUTZQ zyGRadE7J%cI8n9)Bq5#T`i$#Wc3V2QHzHdOQh>37ELQKV*6JU6rtzAr6ljUnbM}6Aqn96Btuyrv0^f+7BSGlU_yjJSLPO zB1X7G3@-uQJ3rLBqwxH$jeS4P^?j=m7A2kdR(zkUn@rE*0X(Y-sm(~qF3>v8*E&drx#;nQQ_)y+#LJ5WkW&#RR0Tb%8QjY9z@{uWTXgD$E@eNT%I0^=F ze2n25q772xDrgWI zuoZ#Cdss zylQ*BzCuK9&ss^mb$7{BN}Tji#R}X!Paktwr*7vEh7dJ)JTz|hJX+N7da(g&3v#G_ zfd639s)Fu7jc&_;?1be89q zCy0#>Nt@NPYP2+mD?zIxvDYrOZh4-*sXTHq{Ile5vwif7>pLF zs1-gLSF2ha6~_t*<~@lc^SboNSw2S}V^9TA7h;}nT2A*jlWGg-FqOH}J2a6NkIXX~ zR>Q}zZvWnNQeHeKmL*wc5)Zv;pEsHO3F0usX9Xii-QhXsD4S za5A#F9-!-TsE}fVqFmC2&8E9N08(Kcd>J7E#|s@}!;?QLEUm&?;>C(B+p6oH@RGcl z%7i&sM&U5B?;gh7@S!NtX7IX){^!@Hxtqg@n&^_H=+7iY!mS2#4)4F0D8Xh*duov# z@RKu}3R@bsT>MZmRwpX0ykx-RUT zo7Y|cS*CooB}kc$V%<4E-SclRteAb3w$_!>f@0Jy0F%=tqn$cig_ARv=cdW4NlZX^U zjdL$ylae;MKA*|;m^=(u>$vQBOkxW_3D6M_8&1}#g|aU;z8RGI&_Tw6I$#XLpw@%c zu>2u5y6LpY;`d|u=58i0o9B^}gn2n(vL~z_{kcAb2Qlu@F_opmH-VzS%Idorx$J3u z$db3Aj5e{UXzMGO(@_aW^w0J02_t^B+=x;xy4dR+$R9;dE@+iX z4myrgHvB}-aEDw>mMj`!F&Z2bHAJ0rtx9y{(>iMu6_+ev8WzKs#D%U-=Gz9VakLk+ zPabB5GaD_dEC{GFx{(;kOCg{Fpbx##wXj5fe}0;1htTL+h(n6izdcEKK>Z)H z6oYUshk5K+yruDVzA)ln;6nL<&*8dI0pMYV`%ES`vhGH#|6VW5xV_Md&_-Lf3`C(E zebV(mU(^0}o^Ju$E<*9T-9~mkwsvlY7=7!%8Gi?UdTf82=9kulusHn~eTgeLY!tf9?)@S=45rI35{;uP^gMfTLZk*FB!q!AOE0m~|D=ebHmdA!v^q zU3M6&vLN58YPL@K<6QQOZr2DK@Q`?KiE1pRJya&i4@kH0<=B8UCAEOp4LJ#LLazJ zh0`%(uUm>90yhcYi9a z-QQU8iE{sS@Fz}R2U0GEsQ^+7Z;Xv|k9|2ox_H0Kvm;fbMpNfI)b7z)-FrtaDH zn|0xBg>ca}2<8vPvl%|_d7q5SjnGvMjvr7p9}nQDvemKNV`ElH01em(v7 zi8;l$C*a=~dwneZ&llZJ! z8>c|8t>hLR9@MR;jKrWQ4G#+g*yG2IVjS4AF^KMua1Iad^l)V>{F;r3G)nM6pcorNTiLm{TDDoAq}q8wTGu+0bVo|4|LrM_ARX*Z6T@XB z0T6fE?oZERF(!qad&JH};Y|3a=tfjrR%Ml^H-rfiWG`l7G}JG2nzx>T`?KSx=F@#U zH|aj;Nvh|z_jWlTg*c%iZe?#=Ea$s4p;R7w*hX%D>V3ZQ+5KC~(Iag4qQE~J?uTY* zMXD$#v=}Y0Vs&R{C(ppOSAor3mlZ97kiZw!Z0U}YIY~RYIxSHJ80e&3`A!YA#gDiN z8iQFX!(j!Xpoubc*FN_r!kR0fi@Q#eVxz&vm9%>njP6#jNDS5Zc>+3?{OiRuqWfFN zW1^s_806UszIV$o3|ei$TKiz*)M;FQR^c=TZ>4AeNeI(%(P|gg0)xZZZ(J5f8t)q0 zF9k`zZ?nW54;r3lRkV+UB@HB8|55nm>&;f`a_e`pcPs+3Hz`v(50yJ41z^I`_%@?wir7619QzL zu5_PCnS`WZ@XO04OxzuZe)4;M{B_?C`Q_~T7%yEKJy9T*RahM!9jTaKVEQcvT*)MLS`qMrFr&)8>PfNvo-oAYceyy*gIwjX8(BVGprCN_!D+iii&dl`LK(XY~WU zmGZ!Zd>94-saX?n@r!9gC2-H?+11Wg>R@!psSo!pBTC6}Qigw_L62l`rWc49*U>9u zZ|r@4!1){*QIp`(U^Wmw+0wCp`B0^KbTY(-<%7bq(oBkgo6Ytq$pm3i*g%#$%IL$Q z0j%D-ID6iXp369C$b862+ige@(?8sxn6jX!*x==(VN!2>p9@KtY7h^x$KBo^X8g3D z+cTLy1pZ$NYEBDWb941FoSc947QW9Cru06c6Ec+&hU6>;!nlO+AVq|nmhwMPe_Ip) z?T=@G`yabSo=W|Jw;6$4{cWG8 zohkO$;g#BhTiV(@m;J$x7TdL3A(U|X4h_dIm3Pk@k}R)52MEIup|9UfZG5z5)$Fkc z%CXW%JISasu+8be;Hed*DdsDLxmxG@Rw(cjqD(EIPY9V*U{P;FdYwSrrp#-bl3{ETN&<(A_aJVEPeX*~ zpov7h+ZuU}%QKS|1A(m|NX2y!cGTf=uE^`KFzQ2iQ6ZCS*jOo+rrDFx zrezU{`1w!|)VK&?0_EIFGiMPpC6gwQ=xbB}0dspk=!yfKZy&Q495~bx?s$NLiVxpF zaRZLIW+PD}CwVu~EUzm9R_B3<@AVsWxHNyP@kI?nhzeE3GAh(v>Er!hNx>k>y4v+c z@jS3|31Yw-YFdsn)6=I1u z&tBW;+~pmX3R5cD`2V>8H_yg#?{c*Zhw6HLlWUFGJG@s>!sp1{uVAttG+&>wGlIfsglwvS0UL_${&?J|Z8i9OAF@JFR4~D_;y$~6S@dub)gq0M zB~B`+I50pLFbu5BhlI$B?iQNElKipT#x6^wGIC#!?mogR*M`regLHzAYox6&aPHc4 zr|iXZ$p?<`c)V8Mh3H4Dph}Z*oQO7$Bbk{HH;)-LXdgG?VY zPzb63Qvk@bxYyu4)gpkmXlLlB3MUPf;V1fe3UMTtJ>0YH!zpCo{6+zmEP@hjqKs4X zc@kzHe}62~s$9^-+&V2P*=EoG))Gd%La{#kS$6g zS2IYyIAL4}^$+P_AQ=R1R~Ptj9O#PB)E@&jCJrFmpLjs9#hXw$#KzCy`Gl*>OYX%Q>A56}I~XFkJCH{G-^0ob?R+Lg&<7|st;Ti0;w&W_IaYi$+48tc&S zI|&-cApEke`drjNPx7-1=FZ|zPj|Cm-h!_ke9$3R`hh=U$|>t|G#+;tqIE3&Yu3Yx zSK<_07mKA%9i3Cxx_zET*GCm45*uL<@<)MMWisO1sfo5UCI$QU+A0 zL^A7+k^cfvGPDP?8K#$YACIkANy+y~Wm2Y?CL;4bW(UP;vSD z-_1F1KZwCX(Qwl(zQT&m;)fxt+PaJ;yo%+Jqcn0a~J=SkYxRSD6E-|fT}L$=dkFdoEIPT|s!^=Qb}FsG%J(-$lt zjE0dSL(vZyEDrO`+O@3PzJolhdqv{*QgKpGLEGJup2qjfIN2;(8D>OC+}+niS{NTm6(@-*=|ofn1kBj1ST3S*35m=I zL~Eij;NlYw=h3C>>@~Jtg)uGGzJ3Psux&TY+Rr@i{3+-{8FqFV8EqB8g4xJ?fa>WL zT5J8p6Hm;!_S$RDxccg=@88z}*tg!Y_0f-B#E*V-J6-)f&ZydkPZfrTKBl#8kWCne ze)n;RhI(}9TMcxHQX!&!Ac@B7Hg3`5n#buiudJ!SaRJ#_Cu$bXq3&(-(2k~S#mlH= z8xnN0mHQa6zjR`SDx|RUGa)6?aSL*!Zq_gTn8teLOBu@ zhJ>Xughn_tEc@snLYI8PvX2TvD3uI&DD+La7e)s4QyEZ8K=$?a@Z=MZX+SqNHnMQx z!iS!J{`t$NO`GOlbImnd&OP_s0>Ejfzl#T!{NXLTe))X<)={I!oZH{qbF|hP+WWcn zj^A?FoH=~xn3KtuhtVRoNR4dZ7bp=KaUDCu)s8v%ln{xGzekE7DubIb0o66tut;?N zLsR)0#xYl+m4hZi;t?>+j?NAqTd|b1=T)4F_naf_#p>8ml7I-U;F2>>(Thi;8 zf9U>9ZEi(t$1*GIEIe^Ud@Va-#CzOx>>x(|Z2b2y3<;u;Ao6h?hm`9wu5mPH9`-iQ zIr2~>S>Ao{k#r4q@RhrNO?%G(n>st$*}jvK3eBiUXta=|96=BSoOI}7TqH$DSoL0k zBR%{uPgCO<#??2_GdPG;f{>6|lP2@I_nprHvt}|}$kUijlTNt=zDtC0>}zct&DTHv zk1UuvgQ4LfgZW{kbggu-rRXKqzu`Y9Wx;@vOlYSjO{m6fXi~0$DN5;BjEf-eha56< zG6&9@$P1fxqC7@eI4cp)og{4B1>;8}YjXypamXxq%7>o*B+*a@&w^)G!B9aU&{to5 z^?ipOc38vGrAr5oKmJ4>fBeyX3BbPfzqd{};RJs4quaUZrtcg$sdc}L!!W!gsjz2H zg;S4!x*BxZCy|zs65T(5?&?iWmX6NdqPl}C$25|fGmV=0Ge|eq;rJn)Yqt=sSO&FJ!5gh@OV!@= zUhEnMgm!MN(73jO)d2)ynaKB{93X}Z=-~q73uc~|FF>Ib3$+Lk^!NAcKmYm9rvRsP zc6Rdl&wu_mzze6o!1haGhDpB{Va=(1nblna7Q?R@In zKW5s52^=|N0mJ2jIozdV&2a$j*oxhJEtEjx+90fq{y!cOc_aR#6jHlHluhM?G%kBu z;D}fo-ZcT0k4-q4Ft5Wg<~PIuMnLys+g}#xyoC zYrLh`=?Z>8By)B{{W3DRj$tr3A$LCV06oJ)jLkNh13lR?as9sMK*;<(R3WvwESJ9P zB+fqmD8eW-z6M%W=IdZm4M*_G_HGK1GN7+Gm5Tw`8q-f4!h?MlSwga@+2N! zx{_>-=AB0!#)W5|&V;cos4$D5NKH)*X_=-UAMJ-s7(1G;UGiZLn{^0X`3_u1(?2w1 zmP z>0<7MSfX0T*F6m3rLCwV=h~@^1B>UvGi#uG5L95Sg%{3(WiNvt2!UYh)@>UvxZod; z`Pt9zT(_?Suy6gZt(h}t^4MdKan3pCTzta~*MGgQudgX-*&q2f)X@t~+t3ft(zLCF zP-sWMrmf)n6#vuDpfS8IL3TX_wyz3QtR ze8?d@{KtoXTVLO}uk~MQtW$Gy!bV5hon_wf%Uo=x|3keB)yu=CC5Ch^hek^aBJq3YbV@Ty#?f?J! zMC>)%39mWy4Ju!2MI-^oMM@6`NhB0uxrlbs43|qZWHKDTZ~=$TX+{bM6=W!tL)PtD zPri_6bgqU{6dGWsv>uX8;Dot%| z4cohVXlZQZYnOhM17|P7S1u`$K~X?OmZc&DD$)tkKhknU@Hgj%040-AM54zajT7X% zjyllnCg~z{n2e?Z<#NK?=5qUkPqSmFU_gMnYA?p@Pgg+K0BmSS%$WjygmzuTA#>pA zwdkR|VT{z*!OThU$`&+Q_w@9P`{M)m9|Y`60QRl_`E|`TS98rZ*RpZrM&{0)d+ei+ zKKg^czCIHkT}N=jp{Trh8(-^X2N1#}9bKE8ha`nUXgE?>3`fWg83)u+DW^lcCRami#rv!h$Q{P1&pdcsfm$v=OL zl+0O5mqG|90gP#BxaW@J@#5weQ3~cwnn-Q779DvwB1JhIBAu=ULLBLu>RO}`LJ)-k zX*UfLTs%r)*{ZWj99)EwM5>JIq-<9}B%f~(6&VhP!SNA93>J$lUA~SdmaSm&tR#WfBW})2$do$JrfkPu8bYnlcry3 z{|ccg`aXm{p#oniTLo4+2SNyxRVIuSY}(y}bX`hJj@ zVq60UO`VFbr7u5g7QAV4S=2M0$Bf+*s+gAZWw{CPAs)Z)rovQC2$l?uxU zBxwiIuE(g_9N+%JWgIYN0YR9;5upL%Ti=FI8BB%JW*#4bks;Pq62aQGoAk&JPHKrL zmH5CJ$8yGD3sK4>r`nNb?-~X(GsZS>=)CFt`_n7Yj#II|#$Y-UY@z4C=AG!KQ83E* zHR#$J#DUXc=~_flqg4n~TcM{PvAaivVW9g42JXsab5E9v!#gg&^2>bV>(}o~0QRl_ z{yO{Yv$^J)Yt03f@~F19wkPuWyaJ@INyBl6!y)saSTHSO3vJaRFkcIS*xZKhFm7cc zl}1l%#aX-vr?nY;AL&PgKuSAk72;*nw7&Cb+)UaAe1$59NIx{sZB@LglJErBWG43t zw6s#6CP4^=sZ5nJlAkiBK&dKu&crN48*vqZIhiVIq;$ao&Ftl!1QZ}~u(LRM|r$x(|I5c-i30kRc)?6aVR z##7)25nFb36S{u}m7>L>O8#T&sp>_VeBakc1E; zKcl@g3tmrKK_JZ>-*#6t7|njAfs_H2N)L&|m)h{|6}WE36a;7j;S)wa3Xilf_ov|^ zxaKU84njC6B0MQb*JY5T$hi$@p+HCi9h#QC5X_jkAD=nzTn?VLkb*CP&?r-i*x6B| zkw#a^=2d~x1VCVv|LuLQ?MN@a$wLEaDGc$R6OZA>i_ZqFDV53wx1!B{7TVBAJKZyNjoeslLP z0R~1j)E?+KVtEwl1`#Rr#_imA%g@MVGhBV{xfBCIsFm>su;*1Mz*B++txYs++QG7y zx3cWPXOQEYn7CgHGbW8^!lY5m7(brL&0}dEGm7ShQH-vsA>}B_ei_F}k&+tWgp`8; z0%h>@rE-D(zCrSZVY>SI*xB2|j?Nz1cXzV8tCw9py%b7CqDYbU9BQ*!V;@h5QsCea zq1n~fOIKeXxpafo5~w)s3cDAAs6<4b7dCC+wg>Ju|W zDJM-B*x{CCbi@=utw;6^gq?v)8$7`#z&bX|71b$Fk_^ORO<-`0F%RA>C!v07B(6<` zq!oNp(k9W$j(L<(@e@MCk^vwEk8G(_mDV_9$fZWv5tXUPwF=MzTu1V;v(9AP zsEHK)%C#`p!AT?+6q-mwqy)ZD_y{}yk8`Dp1h9y^NVe-pI>TejUgWZW_4)YOCoylz zc!r8)oCFJO*e8V`nLlk3FK*a^PNymdmu11kMouuXwO{u3x4)gIo_cCu0_q&^QWF@C^tIklHoKZyA{k*Z1MMHPF}yryK<>qd+)_ zP+?enA`yIX;{(LXxk?0q1ED>55TH{SI+9hDi^l;@!l074kpZL0$exu-B_=XTs02`^ zVhdbMg%V+nRYq{5tzw!@%vH>n)*4AyOIvQKi$tvCNouW>_tEqw#|P3ep?C5oaxjnI^R!Ky7>_uaejL(Mhs zdmmvSQErG6nmMvjVH1pPX<=OJ7zWmCf#Cvb`!2R+*R!pm78>htM%9t7%TZIC#m#0& z=d#o{)Z)21ht?_5AijUxqV&qJmKiKbng zBnk{oP{ZKRAlr6#FuAprAPR7$L!`A~HE5020YVhmxMK^S`O)_nE|kc+E<)QtB8+OB zHG#F}FeHj@@eYZT3MnK#y#oY6XlRPcLdp>d-cD!`(xI<^fc|_DGL?$F(nfl-3_uv> zi3Wne0$5**O_(uZJSmx_EXpV(j*io3m9QI77No0{i9<Aj;R0C3Yh81CX z`$~t{BZ<122DGYbwO5UQ92`c~H&9ZFjFR|hLMzZ0CB7K(?B8O1UXu(MiRgQue4eLQ zujjVUeT1VI&1PVD*t||5kV2!BCR3B)($kLM(w8?vy3$$^$=-?#m{tOg18cWIT^2pD z3CbZlh#=Mocx5X(j9^S1Oy3VSwE^gzJ9dBU^wUqvFIn=y7x#4l_O1W)I{w(>c>KvH zxc$x_ic3Fosr&46%eM~>_EkFVQ^zCDJ`pl$2$X60+4-fCkv;Sz+L5re6J||D&X|Y_ zLv!PV_MoPc*xpc@4fjOP#Q;p6KT9KA{A(3#u9{hzCuRk z_c|8HqlG>A;`&BY5$LE={*v*GQ$Z*NXb)rr+uC5oS||)xPP=4eU=C~F_w{{C?q77@ ze)so!p2v(Cv-0nH=b7*P=8f0?>Gac2cb6<#k`TF1JMB~+c;Lae?0OFj8dIinDeAxM zvQK>d)?0765t@y>qoz&WlRnKbkZ3VLXS{HiIlGpP}f+;*w)c(T(iX-{-H+a z3oulG_D&RnLdu~~lR;!_(3!NEb9z>7CFbWTh0{C=-8_aYf*Q*S_oT*g92}u>gppHXgGeAuyi(`{e z5sUr^VI2Nq@Tzt!p&)S?GWb0NLJEe;W&AL(bib%d!q`^07*U$8p#p=&64cfu07nuB z!#5nho5x3{-L3bk2d}}EG}VtX39B;kMClSzq!Bj2Il_SJbev{eilPw0KnyGuQ`&?_ zXb_HJam2FDS_?~yHwuV4mU0$?P=*L?J9W|k=qjB9Y!YtMD`7;HlImqw4TOg-i(otq3#(R(aAi zW-9wM!9Cdhs+F#^?lT#7^$l^(wcqDIuKOeh&YVo4RJIwF!O-Lj0jD24iwP5(*|EC^ z(w_Z!X%7uMVu*1nGJ+R2AZoKvpF^t<5dyO(!9W4Mqtjfo$*s^i0E2@f3>8b3{Bio< zLoC_n1@M32di=>JIPbmZH2wR%|9-jB${!r;GbM}^hy^p?L#Ls$HMRw*QAA0UGyzi~ zw1Wsk#N-y3J=tWcaaNm=sH`MxNKVJ z6YI?jN#scUl*4dsn!ZtKdd6kg*;32)iFNFpP)qOV3j)RH=TBM8)nTjl% zzjAmhOWx7K@Vx~QboIi{ZfF^em^|L_xtkiHp%!W~kaDTw3jq)W0c+R3T>H%%uYV$& ztx-KaJw9;YK?fdq!fm&GHxmc{OE10nExqm+UwkRI-g?VbXPkEWGwD>yNZsTMl$UPc z3pf6VA3pK`DH-BP1EzB@HnI)1^|Vf&6lY%*vy>zhS(;jZ9=)p*UTuR7TjAwbO@*^= z8?4<5>$elF-h`_R88gtvPe8}a4rK$kaBOlYsyef=7NKJ)cebT0Bx|<5iXSS%sAPnC zv;>4Tr7H=K=VUCFLsj`xD3qxD9!I)15g3VI z5W*qUArqU&kj>^OL;=1Q_?7`gtTmzZNWrOi)2VnIW%bj%f58}D5 zRax+ zpL>~4T>E`G2M74_d(Q!tLPg5bpHj@2KOHyi5taiy&*9i(P9TaRHf-2H`(G=wEP#9& z)te`5s>iX1tU;|;ss7o~ja3z}dm?6Y*y*q`V;9d$vAJz0-Tgh(w={qjXjMizd7gY> zDgXAH-_YLKMPu3|v__yvCYtgU#!96!*S1Aus&-*<0F@F`Ntx*D$3teVRbnz@C7hg<>v6^bJt5PwdY6m==9s;z|y{78gWL;?gpUMj*5d_on_ zUntU7D46kut>~3)(`Peja_KbLOokfIC6W?HxVQ=&>7leq41&lqfP|BbO$>e}R#U3# zh9uxhIie#F>Cn#l6+u`c@**5uG%k_yDTjsRTu8Y&i(9Y-h)nyjtw?$3kkvZuNPQDkQnF1Q{H48e0N^oOfvt4x5X3 za+RS6jvoWNyHUG(gbIB6d;6|=`w>T8d&oftvuwrkeF?z6_4?}_r<}q!Z@ivg{o?NS zt2hm=NyAyk!?cN@LL;ZDut;1xdyQ!<(lM=nM& zV;vi5+=7oc9FWTU$g*iUMviII3T1$ZS{tAlfnNdgfXUiD4^kewHV5OdEyTzG0|)c4 zyBj)sAzw7-qtj&PR$m6b_z%=`*L`dL{t~ z{D618>s@@{10Nt?7-seA)qMQ2kJH|^gR{>*i!cn?wrv|qDLQv|5TWSm>>?BSpcZ^o_|4fe=V4>cOsdbyiUsdcs!m^O9QL8@$vJ3n0H`L!FEz27tuuWVwj7TU){76lf31h~ZKrRH15D2AFjwB5F*ge?AL(i|} z`SqJwyR(C#f={vR<3~XSvS>#ut}97-E}5DP_4W0%jvYhGn0h8Rk7B~8dL}e9GA@^9 zOk+KD=@c?lAY7Xi$VBxJD06k-ny>?uy5^k{nJGk^Zna@ z$R8hih%-(*ed+r?@V-MqXr*jv-ZTo%I}uvP7;zgVjqRxvwwf_>PwmBteB91dM$|&t zU@KySktmTnHDBuyg?osRPx+a4xULhqMhWiW`=Ak zrJz1TP?x5lG;Sfl?Jpn(ONouD!e;c5Riuk`!nLSK$HrRW$_VHvFh(fNIcOb+2qN^r z5PJJg*xd`oqCi6!D8isTcEiT?dc(%`+a^z(#HE-0)AXCZ{cmlnURe_?oVS4Yyyrdq z{`bHCU)vXFoNk(!}s5Re~keN1iJj}%i_EFVM@g^*Z#xV)HzKcJZ8+8 zLbf(bDPIIM%ab=PzC zRacoqZE)Bix|K#qOSOzq=sGfhOtk3`#Kyt);wG_E3y_YPJ!^Po^~?OjY42d|)|dI0 zU;K*aURg)h^KfJur7W0E#?_w0wE;_OV+uD46%*rIsS+K19U-J^ zg1@ZjaL8D{A-03odyzawqJ?1C54iB8qqzOSr|?SwcozDvb>b|UbR?BVM-dIRwd6}h zB4yh2LMwYLX%HUh03zQ2O%nsCC}BCcu3*8m35b+8;-gID(c+{fC?UP9>0WvgHt!%x zr(wZVV-OT-Xl#IkX2SF9AXkH!I~BcplK@z;@`aZ8{a*g1EBMAYuiKXZ>|5}Wk9>q5 z|ML&)!l*W=7OlYMx!is4Z~n*k z$C4#WIPJ94#Qpc*pF8oSQ&#-xPfyGbd_PU(!>Uc(@tt3>yQiP8f8;!7kDtK!(et87Gx_r6S8%|>{Sh8CHq=?i zH_(MLQK)bnBf_GTAQX`a9G1Q&laEuQWvu>SX;gToPFEnLBA3pxv8|o&{q7Ik`{?8B z?(Zj8lQzL!X;bwlxGP~`cYJ!{rnhGoZYkC4&3M7)< z{X@L8eWw9|VG~wiB$l<{&4v0@WIijUV7Qc2|8==qhK3EOGwn&58tMpiWT|D6QaFqs z4)D;68+qxO7oe>J(L0O|%6n@vRBm0z1mZm-6#R{={8>d{@6Xc3GsW0IlrDn*Q8MmS#(X>w&?;; z%Fc`{S%iq&f+H+wM+_k=|Bu03bvbArW4bN1HRj)j%SkV!x2MM|6bkPd7#RA8T+VC! z##g?+{a?O)Q}=t{`(Dn3_DU15^Y}nAo)4MvDGI0zCO`pWwk3U1l>dgT3_4abX2S3EvrY3|CyztUWp8m_z z35t6C`t|(&-rur(4la&#>^R=VkMbxTkn(Er zoXiODU-eBMsuH0JQDMaX)Al2iO|xp#cFKK2=KU&Vz|Q3|6wB1*vV7yx^EmCW1uEtJmvCPge&rN18zIxsY-Yj)Qip8bCtqWk^{aY;E%^QZPIWg|d~`t;|Q0 zJfoT}^}o7w)hI#i0VuGq%a08GrYCP6>WF0ih*ir&2m_pq+X^v?IHnJ&YW#z;{ASn4 zyABP()?J2apc1mUa2*$g>OcLo)3@Gt-+gZbIQ!glxc4{r{FmSDJ@@`*^pgKra>q}8 z_S3WC?_G4!CER}d571i6aji}1p3dHaGV>uRgh1D47<1GieDm`c@XU)Fx$~cINS^Q4 zcmJAm&pQ`@pZ@%3Ty)_@guaj7qg^ek{2LGg4wwbgC*tW4M+j0vkP_eujb}O4(tOnR zP*+G(BO0`O93wO+OT!b1n16(}(#9bg*SZ^wgqX+?BcZsJA78u3)~3p`PL!}lkZAgc z%Pd|rhhJWCDZ|CU(A-2UumklqSypatRXWuT#@rGFIBpcnS3JUu)@FiG5fRWkybDmA_1@3%;*-mg z-&0$cqiOUw(%CGI1BKxdQb>k|2N@n7W_WmbFE_{Q-GBn&n9obMjAGoe2XWr1$FZ}k zkF~pc=;|LLEc;|qX zJSH%SnbI21&5(6+q`g`MDF*%B6vF}Pyk@dqZ9;9VP7DDG{vgGu&${zDc#dG(?k=8M zy@@ARZD8Y$PKw1Mxon!F_n*o6Cmz9^{hEoC!gD2UyL))w^*>YW7e43Rc;mP9;>Ab)@%iVUJMl+%-cfbR#Jw6Jm_7+{?1AWs<4oYv!gyBLAf|Oi zu2S3CA88LVrrjr`n@C$~QC;O$1OE1Mj3ga@VG@Z^^^gmozW{zA5nxTUvejFdUMBd2 zs_G*F8wp5D^yINHt^vKfANq%ljIaeXX(16&XoncDC!eaVb6zYq3#ibC zdGxD0VOOUhjEu`1qT#;#?mNJBUHzW-o^{tfzy8gK;^+L@bzkSIE3W)cz12JK{P~hc zAAaa?fZ4NWvwr=0ZomBpagbJy;}n%rqOoz5?(gqMYpoe9i=Ic9a&b>Dt@EbC*ak%R z02)~G-~&klu>ZXIxQ;`R#8`WXX*GgdEn3E)Cyq7pua*jCY*`JMDl#X&nep0l(p2PT zZtYmz^;i!;3fH3c6-qd!dk}%vE>cD)?Ywq&9)n0@8DJ{j@XF4mwbh3=bA8JULEMmR1i4EX#n@5l9h-hKE%JXz?cx4W-uB37*k_XgWCG(bIFEG93$ zp`n3A3l~)$u8=;_XK*Ui#Euo;^H2^y-`LkP~8>u6HGGRmDgvICU>8gey!kBIyTT4V_uB#LpKM0xB+{8yGj_0B?k49*t zC6TR35k(Q@Qb;*6PJe!&nA+ORBR744Ykzbf|MC0_NCaQF3J2hhU9wSEE$ zg(D{E{xtgR^UgY=Wn9bYTeohzG@s9p z%-p3g8ECE+rnSH!b4?363T(A46BRQs^L~+Xjf7>|LpUBuKQXN^Ne=o&OQ0gNa~CBtXrXO(mS zV!;tzg&tHDbvP|dDlLUcFxt8di=bE<@oJ||o4P#;{I6_p+wl{CS#xHyVcnY>4Sn&8 zU*v`xZlJy{_vGNv@G*-QAAb0=&px;G^&WrbJI`ocyMEKkEn7A=M`2`ecaDTP(?Eo< zW-9;_#!sMqhoJ!W5A-v2>U0MCdd=IKGs%30-F*-laGD-J7N#|Wo3b62$aVmXW{~Ls zNL*oE;e<+rcBQaf^rVR&bF^b^`v{>OOgdqup=E_0S4s3lm7t8JdtvkdqSzwZb_imM zcohEudJAPf{hpKf(g)tj;80;i2frqr;_hc&;uGKb1#@RlWbsi4^7GZ}2x4|h3}~$0 z3$N1waCh{f2FvKR8_=sZ*e>5O7xfdVffVnd$`ymCt4=C~6ORw;r z<1a!5Q36sqkI!#t|pC(B;`3cR*#`;aEJ{%x>?=U!Ao1(*wHgY-$0Ra5Llf72m&K@ z>iUPt&*#uCM_3EifjjH$>?9l-j4tpt= zhAo{lKspAX8Fy?X6)_~s{{ty;l))ch4TrMX47+>!K}wn$Y8fn)>~z$4BSdz@f)@;Nl zUx4m@cyWU{D?rblJzMk?`@KWw9UMOJ;F5hEfdALlrI%jJZMXdpfKyLB_0#8`f6lo> zgZaa|J72C2wSr9Ah}ATYhL$nr?_(Pg^);418=rorYS9_b$lazqwCg0THyzKZlG*nj zRleS1&R(4eRLg`WjRKMUUTrHO(U5~sp+i6Mg4g0L%q!zcQ0fs72Lo=bn%k<#gq*rG z4UQiXYHjB6b~QCMF=N{F>A1`d)!Ky9oY~IyJ zQAN~v4z45VFO+z0?Piv)-C|t+>at938pHJQqd8#81ZGcdVZSkTMtk4)@xx&3{Gb(uY?ApP2!DFSjiQ*f07^v+IHu?%mU4K*1<1x*RW?q2lMt6|P$nA!qU z$3t&FV$NiAM-OPt`t|EM{nXQcv*f`gXT4R&=RPICw_tt!+OGj{+igGOny+4cQ6`n{ zedLixZ|LmkKD=BilVF|d>tOy=IQBrqiHF1Shrpq8P4!=&FgdSs2rZ9yb~q z>J9SObt;FXuE?N{jQFq9aEop9;(n^Es%(T9krY&90R-B$x&m=KHqj3dZ&C1%84Yse z->qQG$bYLCt?0%K%xs2_R>DL~`W1Zbimf2LaS& zp*ELvkz_0tttzfN3Zqh22n0$*%x@j$q`3o}yr7Hy8h!c#fgcKrp`;i%D9b(9S|#I# z2x;2>#y-l7Z(^=~g7LJBo}O76NefKU~A2g$tY8+uQH_$1nZUzZbk>ozg)hltY8sB<9FNV9C*l zg-611huYv&8>OU%hY|=U0_h~Q)0_X`6Z^)R~&Q(sfo1TfWBw1$aEPze=a zsz-vRLP;x&j%d&UM52f}(-9}lgT@R(mih=Xw&JxgMnr}u^n-c-&9?z-z98-$gj zI93HDlOe5cdYh$~DPu*Igf5%NSi>Dnpf$%%^7+O&Lwx>>9G4wmWOj$5sA1uhEFV7k zWiC5@3v;_hZO9I!RjSjH0ErX|EeTurVLP{6Tvz0TwHBd4kSXVKC97wpZOhuW{QdAb zHaXE+Ahcv$D_SyXT9b8F0H_pjq+&2%s~Mo9s{;@mdg!5*nf<1hs0PsrA?VvXP`*DAOT4~0voWMnwha{O2+~-WChA&M z(4gd`Sz0zSlx+@2f7)o2()h~5NX=nA?R@t9lljdR@8)|Szku_OnL%wVhNlc#*%q_o zI7FpHN<-1}xOc@m{^ke2p?_qISX59@*)Vr9WyHMIF;NH|SP9=ysm}?4&L#K4zzOxe zthFCXfN>m*wm;I8)IvqL{fSEA7j}t^w#h~`5@G$$e%8Lc16;SdojCC`7v&GDVk(wN zP7JE!Iasj?vSYUErK_aYNAifiL4;$#GsvD63(f|S&*se8XP@1B#~pX@u6Moj%>>|o z;_C6N|vHa<}~ z@UQKtRspgVyNE?$Mmuyj+Ac~d2{7!}+BFAKzRGRs{qK_%{enP2rWTHy1BXwyw?qGd zzz@v-{mH*y-`d)`Y{?m?UjVT1~nP2|$S6=mOFS_Vr zzW@F2uH3S9b4No%!?zlmTPF-!S3L7HfeIKIAEkeIsPe>!i}00ggHCM=ooe(1%UxqM zQo{v@X}+-7r?s(`K-BS@=j!?8@)j;W8s2|$of2J^sYgB$wx=Csz`2V)#K0Uxhd#LY;pNn!qA-j4UUe%2;R668uIg5z0r~A2?Mu#wxTi zmm#IpgqMA3bXQ6AMd%hTx%xv*m2PtPW`Y6tndI-q=4u60|f)EZGjX)xoTv6t80d03ZNKL_t(` z$Rt4N31FmB)m(mijG3r?P@Pm@tVC!mVmAm0Mg=yZ>uiMuhuTq(^&1y}+0)l|#ENI0 zz4fFMPG0uNV-HXGv*(_7Zg*2l^W{~q+U(x7t6}~6^_eey>6%wPU^ja+J=Y6Soy*#wrt#t3POV=*MV3J9pXu7&Omn~LW_wPMPN8)vgX~# zNR(4c!bx)f#u&?9mVD-Pmw8eh9LEYnVMxUyJh!cve_Q$p zqAtZ(FFqYFP&~1HkEM3KY792}UGDaG#tVV9-p%DhuLMCllcuwy1AxVg7ngs-iWRFE z&JN;6BIV0xC|4!=Bj1QEx}v@72uXc1VJGer8i^ugfK*{!N}V53mH-NQ^MXKW#)}2A zg(6LvTHblme7^p^v-$4FFXYnGj-jvB-qLkW$LI+U1}B;rvr$pqcA>ye_KO_VS$}&w_3!4mx3Fbzno{c@H zT(Q7oD>tKE^Xj3oBm-S42#kPa%y!E5-}?$hcy1%?=mRNmf}jM8wI)?Ee2twgwh$2r zN6MBfzxc&Z1HAwJ?|(A^_@8oI`1Xs-w>vvK&8Cf;uIcOF7ed4lB%&~XCi1A+=mm$u z5mTWtWd&@Mwq;K|0Zk3i+-Siij$7Gt-fu);=uSgMiT(3XpExPJh$OxZd>*ucR#(F$5wA)LhK}168 zo}OTnH}Qh2Zb!dTTl&?aV0CMI0yD7UsD%?Mqxl{pSHNU*HW0{?cYwW()(4=YE3&|5 zB1KA6FRX*DsXwN#`Z{#~4I!wg(z3N?NhJVds4OvYSS8{17+X*cpTzUOeS6yKrsrK+zQ12_Ksk*;ez>brq(AI^99L>WaWV2>^YL7 zCPA*~5Oozwy9gD-jVLzs)p6spcJ_?Kh)P38Q<_=b9X#^GK zL6%`Sa=R?FHbrTbFX) z+2@qC@`uN>RTz%3H!K^rwg!fXtQ55NE?t&Yp6Cj=UlpvBwek%e{w8z=w6!7j4LC(j zO)Sa>&pev*PMFK@9(jSA9$!iS@F-8Ld5QNdJO)RAALNNfW2I(2LEr%nwUHQiKfjiL zy#8+bN5{z*eY6lngdiG=kc`J@t4lF&atHIKbuzQ7h3V}rBwUGbLahoFSOBT6rgWOJ zf@DM*p5MHSzL8uA9(c9AsCw_UpjG1th(|5;*BCu>#*D8hr3O~7Ui~klqoW3;V9iz` zjK)mrD0?52O{;{k>#J`c1j_8(wQI`He)_W+z=k&yfWP9SzOkO6fgu*1vhWkjpMCmW zcl`dgc_BMr;z($&hpAmKsSVodG0ho-QkbH(<0TQZRcAC-QCrjcpb6)J@$t`Sx10Ui z)m4(XqErco35dz%VLXos{Ib+QiE?8fs;H<*>w|PD#6%FC+0Uirfa?4WZf%$Ax1#}E0bBO~=-s>fb^zl1 z^Uvk>+wb_3-iCE+*7BbBy_f5L_@m2#%h#@1`}Fo5JC6wsrXU?AqO}Q20VGtGR0gKB zgRc-nInJEpP*eiPkpvD*YgHWH6UReiVh*ln(e3e=WZBD6zHw)SNCc9uVKi6Z>_ZRd z(j_PJ)Y{GXzHf2j6VF8fD3n#VlRA6o5PLyqDg+JBifBFcfj4(ej@d%Z|S8%b+Har05k; z%10GF1_wuQh4pGIvwIGbfR(G}(tR>?+r)wem9|NMV+_Wz20RWDEe!_6@R%VUaryYU zCveWuhj7#5FL2Kbo7md7k69hfctMUtBooStX|xH5xPpBnqkQ4#x6?mVq$wStv%Zen znh4264K=X{t}F3$z^1-^JiTQHLI~1{7+uZv%<61mPEQ+C+gs>rtR*5Nc!9!Ge#q_! zlXw>%eQ^`ox3|l@|AQt0RmGDCH8QkgnLjoumG|6p=czk)^({R6?DNvASFgNw`}Xbj zuC?0)**qLNwY(=<*0RDhWT3tl`iF(@`=o2rpP7BgVRt|D=)=LA3BX_3aq-0$bJI;X zF*GnlLsR2jD_5<2OWyi^TXE6a6k=+-6;GMej%cmJxDq@c6Ny-}j+!_)ZdHa|U7ec) zt9>E%3*7p(2hFk+K$UlTsBC6r$N|a~U@U8;E`>Sxps2(dst)|sM1+!MXo*?yDyd3Y zY0o%s?092>R`GuMlL(RfqKXoswFSW)+67zsESN`@X8u(k1SRK1DsPDh6vlDjkZx$N zhqc=*J*fIn8ksGivjr24MaAaLo4)z{iWP;+mS2+rPWi=xulxZ(1;LNX&xyxvQu)$e zgwb--rcLGpAGq{uKmYl!zW7?+ieLZ7_2t{U_w;^yUw{99mXnf(jO|v`#KNfSTEQe^ z?ERD4sF6G9Ohr*fARX)Umag$Z252LQsThG9L2B@|!|XPfLpv3#dlgYf;Az7llX{px zeG-RHpUhLMH{rUn${A84a0ra91pd;c7k-91qzS4}^)CpmfVFn;gu)n&)|$E*9sKy* z#msN1C+GVJAnHh#u2|2q7dLY1v9q~w!C~}`<+*3e4pgbrBV~A zd&<5J6+k{8E>*+SNmEE?GT~TXuxQZ|T3TD#+t`PQ?#WE)X=UT?er9*J5~u)We5ACt-^M^9662;ds~PkQeCvbf z(A}D$Ig_S7nLxUhzA4MyIfc@Oyyw$DoTYbYlx+he+`Q~X_KxOB#vB&Up2n&3W-_C# z!H%H9F6^Gc0*|eI2^<~nLtz>BszAW1txyU?*>uRTZ*bTLSi1BNU%mJp?^qR!#lN*_ z)5b#p!^?ewqK}z3%VLC#viqMBFrypUKa2*mef!I&ZQimum_P3b@%+jc-jKoSn;3vU z^SJ4zoA}sAKXzGNL;c9$z`$FEhKI|cL{9EP96JYd$W%CDI`lMIGZP~rU2Et2siZ|# zWA@9m#X+L!ezzy^^IvNfY!i(#yRVc~xYBC-4-UcLC?c%LDzj}a*HmiI=L!A=4Vi3m*V#IvP3 zQb;1A0B)X0WR$2JM~DF71V~4qwIuGshmP}!M+Er*a9pOeHj|1ra=}SQQPc)MoZei~ljvw2{Ub$de#U}2RG|0qVLyru*-g#afAsggy{8q@$% zIy5vl^M^Z^a?wQ>F?;rGF1h4lMnkl}@B94bcfV(BJcnaouUAo!^nLZZuY&HLE|IKB z+N@U@9(!sP%h$bx=g9J8%QYI;NQ4v?dY)2q$kOV5=u#N^c z_V$I9aDXy_#U6y~&(n%$x9ntUM=S3;{b-Jw(L+abEy-Afm}3(FM@k$ikkTRQy40nT z%;;)i;o;Ny;NqkB-iI#WUq5&*7au>5+g7aOw5xy2Xf9x5;WJ%jM< zT2RHxcv1V%m_awy0SM3cIpXkn{u>qi-%J2r9z3$MkKNgVy;hB~2)94FmK;lnGlpbQAyC#EzUV>TR`N-@sz@eM?+d|<@or=KmNL1((iod#ZL<m1?Uf=O=;=TlbqHcc zH_Yfn^fZHTFsUS>sUFhFig`o{+$Sdr>`Z9!zmbD*s%G&;ANCDnM#su7d7?ae5KMIV zsiJ_Djdw~)d!gxyvf!XHt3la{S(N2tO_*Kls@L%sQV#qtZxGc((vs|ge6N+qvN ziPk@%%Tn%ugr+8Vfo=P*#!BYlbLqQ0O;#c4)fv2(GYmKjMCm<^gfq@_>aK!X3{&3}IdGxDa;=wO{ zmVdtNoh+U`o1%h1NrZ@?jV2P4?A$lRw{E_lw(d6Gv*>6F$|o=Z4{qIMt#^$DbxyGS zJ;*W=p>n2{hNxB~iaPWkFa-I$wW1E+LA4*QXMZSD{lvbBlHgrBc+{*OKqigWmx5xMwBHsKt+E` zR3!was!K5O3`@^bA@!}KEg*sVcm#yQx*fZTM%=QEvoHc91A0eB85|j>yQv;O2+$IA zC`@F^R6mIn4$@f6NEwi;wFM_ii3$wkd5^uLISy@a;Rhc)hh<;;J1#kK9zVS00iNHu z0}+c_{|WskV5`i;Zv-Nw{o3=cP1Vl($VWf=R)DX6{p)t#E*%kQwKx`w{UQ=^Y=dni zi+*}743B{0qLqS79i&rb$$&3h`MKx8T7tis0Q@%`Z-3jx6!KXT$=bI(`|OI_R;^rh zY#7NTDU0N0&ScEYF3hw}NT)D~gyrz3Q<#Wr(elO$Z-^=&nlNG_r~EHa(h4Chm2Y?q z21l%+g)C8dszhx{igu#f4mVT)EQG$}xjgvA@rOep)=y}VRE&FzTedbpHU%dJ%0195EQXCr168J?v^PYE-o-w67sT~;^dCPbH z`P;QiPCxCBp3&PbyqMK%HkhN1ocr7LYu6ox5XK_UKPnJU=U0JA1xj+hZjL|4G5x^Evp_`{<%(TZ1uA#c3##$UZ&SM!g4bREW+ zM15U-SNQ^sxbzkBXl-=?gjV5rN=y_JoxlbV;a(E5M2rqO_%^v0LLZPtI|SwSfe{8} z46$g0#<9eas}lz1s5eo(*|#jb%d_Kl7+qqUhp2VtktCe%V0wAA4k%~Ux(gILBDng&nt$ZGUuYK)nulw%y zCJ6A49J6Q7=65&W#F=ND*?-Ty_cZ3qp-~7r8ZDYLRRh!8p)O?=)Y7$>SS&>IPi*aL z#fZ8D%xlZ~yPBA?OomflQ?G?N1S`qT!ir4o0&U>F!i6;?hE%V0Wsub+bYs zVo{_~%xrIAc0-1#4Rv&<;v}PS8j^8pgrvrGNQ95e8O2DUh|w;id5^t?JiErn*gQ1G z+I>Up7#$;<4(QnP&z$Mcr% z8*JSz00xJK4DjCeu1W8kJ$Lrv z`|n!%P&5)Hhoy!E3UXeNv*sPi`R{)l*I)59P*xuJxD$@w@xXoezv@Z<-Df|;_rLoC z-v8dqzH{TvzkRy|V~i1|vk}>lLATXgfNEeS(84e-$Or}pv?3k%m|o*E?nBJA&S-%f z#Ss<+Xf$Z0F&YBp;Zr1Te0B{<2%sh=hzf~g48Czm*EH~nb5G{)|MdofXp9QDRPQIW z6DEt*_*0|EBqO#O#~`$|jztSZXbzM2vc#h}-i zliEboR&+Xo5kb|px8Hh0lnt?BMMGUyqoqJ7fv<{?%};pQCRJnI;OaA0g4k%pBrvfE zY}k$jv^L!J%nI zU>t1>t9S0k^E_sCHB;~{FjN?W2yLY8gwB*D%Qe=Dx@=KiRwf0sLgJuAs0`=@_}bt^ zB8Z%CN1w*AUy=J=a~!z&l&Q{+1p!7P7U*3>6bc1)Y}tN*h(n=Z@f~~i^!@!YM;|}w zx#ypLyHW~SD4-hv$kD5J}m0HZ@kFB8~}Kq(ZOfn1Sw`-WKAH^`$q zwzF|yl<}O$nDVTrb|jpgNJx#D~ zC#0gVWiPDSU?o8tY7v=K=o02)B2|h>x-#xC+Ttg~Vbd`Ub+G;=7|#oU-kmR-p@F>* zPM$pZl)-_4^5x=bB zq&8AR*2M9HDB3Xy-%f6g5g0tQal$riK-3f%DEK_PJq>7LP83`x1cz#To#33K=kndw z2k9LewtnhH+ls16lf7(7T}>(VVN!EFfwDUBGGurgX{BLvY7}EUhH?Sly6qvdxja|B z`wZIaGi37xc8z7Zb>j|jWLP=680lAJmy8Mn4wW%hs3IghLu$MjKGcr&bf95;yb?fS z5jb|XO|13~pf|jPkS=EK4CItf^tL_dq6hgR(v#>2h`3v>GxrYky>9#2s#UARk|m4V z$H&6g7f({#)ymmN&Z4`qp6l0a;}`!7xdHsx76`(cP|e|F9Kf|@w`!_6JgW#y%3AjR+~a8n>aZ_ zqP0fKa8yCXtDq#wpp8PB@Ownq&2TDUW+MoMCKHQr%+xOKUA_w9QEMk2vZTx_77hZ<7T+U{ID>exH0J=LN zlSUNw;dwrrU*6V!-$VDir=NOS@MZ$=1|Rc}I+EvCJjY2VpLFSyPdxSQ&6_t@Qos5% zV&)`FTO+h(psNLHQ?_O2I95cXzRhw=_#V5mI9OAOxv7G$m^|yrqG;Z7m$x+Q`iMG+mht z4e=;ne*76k5OD1&M`L6JAsf-cwXvegC`Vv0jv<2B4=ZC?+S(Y90aAH1)_5$MRLiN8 zy7X0-Cdvng zKg*;bok9$a!mP=NbQ(6ijM=<1YzaD$h(julsHwr!ro!7%jO&KU9@gTyt;rfaZQhC4 zwHKq5DCF~c+qP|wQpHLpUtq`B2#1>j-RTy-{gp59q4VBn!JDABZri#J5Dg7=3=UQ( zWbc0WCH(WZzRS12^X*w*`NwPj-{{!rbiimK1v9#A#WAb1s{2zdhGO5(X|Z9>YuHS4 zR5Pkt88M+xkT5m`gu+mSI4Wg|XyxO&Me@ZwKYlb$agT&O001BWNkl3IU;FCQ0%vz3^H-+~uoXc ztQ(;taFq=&1+M@jRmMu)t&mB=OS|C3mk`RgzrMH6GKCs5u)81fMYQ%oyO?OD8#ekn zQUO2qv5(efGMVf8`}f%&bYz$@V+!3(bu_1j8L5huI84w7!x%c!_3RrPW8Zj=j!ZLoFH3+xctuvf zw3DeV^`ujARFzYp6ccp{su>6}G%?d66#dfLY7>+w$y%bMO~xHp(weC$8=skKiS-Gx z;Ro9+Dq=w8{XP1ph1BO?c!rZtJXzfLz`aW@zWCy=KJ?(jA0HUp*8mt+Z4vkiI-4+i z_kn?~uI~5#>kqH{6>#613BVh8G&VPh=T|&ujyQ7u#uZPmn5MNV4X1^e+KK6D!!*>w zj8155wCa71GhsGns)LYtZBfWb5P=5+L(FWbC!KJ4abT2U;FqxiCK9z(MZ~pjN;jn3 zg-B9DNBLMaU!ug%$xi@QIir%{30E zPL8v1N;_jkkDa4=zWwA19@??nGATr8@r45-n5Z34YCrx(fRy3ia~;IwX3XfA#RGIS zLR|u}@+Hi`kR6@)Ss2Y?#DJ}4BM!!OEDf}-7Sc5q2at#$QYp;5S(wfy#EY9T<9S&z zeFzV)$fiAeV6I}!ALG(R3%U72?_%i>e+eLW?AU3Vn(Dv1Z{N^o-}~P8asBoG!GhzD z<2S##kxzg6lV862s;e(67K%NkZO+V|4Bc(WDedTZ1fg}6RD!8c0Ug7`BU9N@XyoFC zRV=6*Kx!x`gDVu$L=b_4kParKdiusE>E_upTI5F$#8}-Mv#OYWsHP~bT&odwjvkRU zoU>pq|M}1}3@I<1l!^WER+U2=2z**v>gZ{0zzYzf1Gq&aMRkY{OI;a zAra*tE;7`_xRnK&31lU>dxpO6nLtn9CkSygex&aSwuXF@k@$d0vR$uG*HZr zTP=-JHs0QX7|X+!ofzeZkTC;U4`~D{75dHxL0O~2L}Ov1p~)8tugfKS;oC0Y)|-Dn zDrKpJ7s6?8;nexFXsL~p_W~MfqP%U^G#=m4%Qv5Sj-%RIIe&ULX(!HzR|pN9j8$&b zww10+P}cCww6NF!9Ri4@z@qD=_17q)eL`=Cns@})aoE;Bz@)|=26N-M61ESHvg+kt zPCa}U^|f)bXmwl}>=#s^y$@<8m&p(`a3>VCt$6&s|=7CtD1t0MG zU;`o0m~;)IDGhrDZSs~#VUC>*FRX{&eHDC#vFr$x)ekV^dDyeBvVqmrVj5}@^=V9f z22MN@)^C9wd&--WFklKE8~X;V^1YGxLBN+U|2R+G`xrwTw%TEmkstolr#|z*4}bWB zJ2UllEPrYlCoeqZ$3OYWPd`?))H56W=S_jm4rEUox*;8c8bi@0Z6wZw@D0Kd zNL89VNsgR0otZstEZ^`_NU1Va60;MpFk`Hp>ij8PwACdU%|lHjq^D|#8iSEVR_+_( zZ*IC9M#i{!;R24F(vI&JiMVl=?doIO-T`nUVeY7GS51rZ=)-R1vLgDkaW|&1)&};# zG8{@Md0!axz*uEefgS6akx>}SQ&NerNtLxgwt65Hu$&>(o{+*OzOU19>&?ICob%2e zzw-}E?G@ZyPpZ9@bB>;cQo`!x>i}sSPMg}viJh(d`^xov_>RXoeOd?SOzokeCV|$5 zLSQujm9$BsV?vJxX$^vu(zp%;%63eo)L|Pw6j>@ya14$#_`XN~NFJ?yg1{qLZ(=?6_q5S-SD>cjxe?Z0JumZuI-!d9L@6M=hyMjj-3#R zgxw5X5m+;ZSFYl!gxd(|(8eI5<Cbu` zM~o>}}JPteLP_Di9THbldCCC5% z)?2S1=--zXr3)*Q6k_%aOj8EY)_|GbWkG(fW7W~r{#xNx!T&V@(LzBSU%}WIGn(p| z-#!W9)XM?*Z$?4AxTojZ%uCU;O5cNzB$o)WljigYxEj3mlK1*3~R_0m>u-@2Xa&p#C@ zBP3&ub_S>gM%o$g!P;XJsY4YmajBatWN11Pn(9~tvLGHw(l@?`&))wmx2#x4B2~jj zjys$y7R+I9F3&fYy~rb5wlm@dA;V5q^w<%987+m085?Fw2MlDbkcaT?ym;O$`#qCZTYx*4ELwQ%9e3S*%9Bq#^)VIr7UJZ%!p!V~u1;ug zLU%XX>n`jN8Bw8umM6W!V1iKjPH0vPPhrJaH#6gd996rQj<`q0Rk#Mm#>d&USM$V6 zF}CcC*bY^s2r3FvS!F?`FcD$tamL!eXklosZQ|_X4(Hi5TTszZ=s@cOakAw~RB*vb zN0BcER(i@fD4}q1@yWAme26bS@FaR?KlSM}?^$#>fe97rjOLaNTPX+`23}p|Wl`GT zO{EJV9Zar(EELgW4zy`XVnIgOPJkC^%-H_={Q=T96^dI&E5>z^oy};WE8_yksp!H7 zL0J;~pj!N|@wnuYOStjI8@cbE`;uiz%%%*-A31}=I$IdY7Q$LyAVh%YNnGjhh2!S2 zZFrR5ZFq@K-TNeyG8yKyW|&={raqY@6>*5W4vqxZSXEPrK}GDiBpR^+-_tHq`(bxL zlqYN27;57&V$mr5BV!n>1E6bM9$&K^q-NgKPJC5D`|pp-o#<5{jaB8;vP90YfKVe1 zIX~c~@o|=K-@`qdw)5!j-K3<%_53PvwXmn5UuA52P$aTVJWZ_90cdY)JL8LAxbl0z z&>#DJx?0+C93hl4nVOoKtw84q$DeTN{SVy#+Y?SWK|J~7lLmNQga4Ze0MOLZEY_}H zXAYk;_g^1=_~B2KDkKAfu2z`djj2z;^e#+K8zL6B!A7faJ}AmrK2BKa1^F*e z&BjSpFZz|%ztYw@ue~0&@4+|@!YHfPfB1~5Bp}3GB@$vSMy_Y?sLv*E+mUpfde|PC6+IXx zM0nc?$MXH(-px=h7h0@RRc%!9a!qD7lc)<35{_L z#bObL$0uGV!{eCR+7K`iUCmoLwk2<8Jixx6e!-Ux_^|U8zP$e-bQRxgyX>D-} zL4X(JafM-|P~iU68)o^2Dpcp8243DvT-!LnC_wa1r z0DajawF0Kp*YbrEj^>N+v(w*p(Ob{HHVHc0pdk%&ry`mgtg5Zn6_Y+kSk$Kj427Kf-GeqUm_Oa>Jik)#H&rw@ z8ER^eje{3Z6OC}$5l0de4n=IRb*dVmDx6ORHXX1Pxs#wJnWipg+h{Lr-$ObU<~@Ua|Gg)YjMou$lc52S zMi>Vnby+Q~S}wFC{4r4+#8{z`((2a$%2I-aAQjQvxOzF4-}MB0_6>06;WPODnWrx_|lWlGB8?%gh417N((zxJ_(kNFN2^sx_-7_4W0a_mCxv7G3}Q+i&|pB9XWY#SV)Gu?qP z0?#OV>KnQ0n$PjU=PrY>oG2Cx2Dp6V#*JkppJ{1;LnmAC;$mua0?GSZqkkUm8t7V__M$kfl(j+1d4{qDR*B@ODu44gjndE_96{YLl ztHE@)Vzh@5QG}6YIp{*5nbpzF;`xVh^ZidDQf`=RyI}>WO5*D{I^Z2=9!Eneg*Fax zH%W~!i8dU;0 zoJSWt#8?h9t;e?aMcDR6Q7jfp^u0=j*gJsfY_lwY(Q(A!2L6}pA zmd*%#6%cqnj<8sQ+E|QxUfjS?{}9I>GKJQe4xU7E{afLa0He`~B);c(1CMI2DXM#GsGNfZccAk&ewhOa$H_mV#mCZv# zE#}Ol?HpdI11rvI8QxM=YFtDwT^BL6ww7@fArVOuag#)a6H@dl++7>ILu_w2>s`BN2j6(~89sjO ze2(kr#K@Y8BAyVT>YqgJCt13GBCvn!(uk6Rmn9DgDM&en?=OFV%a=X^20pRySiW`I zTX39OipmT9!66<^5sAbZ%k9JUhB$9-4@Y&i@QJ%0=Y`$97CEg2;D?CxP>oNzD5LB~ zZscq00=!Ziu$)7L0W=oDG^b(rfW;>u?1)Gkm_OZq)VubgjbdAA4WoO9ShZ~@ z$MwucN(ZS0c|XqwmYl|KKlK6b`Nnl6#~l0O-3UzWgvo7CQv-)}LbApN|I$fnLmW71 z(p>UhAsp9ea>W4<4yjmu_*rWFAi!4{YT}Ldc@dZ0*}#J5N_YoR4f$rGPKB_ob0w@_ zcGyJ6K_iueB*uGAJ&v32eFS4-fMdmm+yGSACie==I$|d8UvfOk_#`7~94Cp;0m+EV z>ODL7-G+^{j{EfW4fCmYoW`uK7KXBUgkxC(w{LjKg1uaMpc`d1t3=vP6?qR`D8T4A zCRem(Sx(fhg;3lk7#V|tKd}QgG>-6!Fu4O(Z??&Ht}yW;OGKfg5$y;V9D~8pu)i(E zz4zSHcGg*Eao1gU{aO3n;?qv$!TTR#<@2i|<-eCnao+LsiN*xkaZ{174y$%YI$&Je zl?gi{<;x`ucnLQ`cb&sz0fIWBG8%ef1V|z%qp)d(AyAN2eyGx??ayU^5Ha#zK%wB_ zl=dJg`NQ)YATS&TBXwbVz}(m8B>P@U+HtBqHz`&gQG=rsWd_%=`ay zjyF2^!~a4hz?m~=^62;K0C z-U!z|zMQt&B%eF(aC}{ZBNLeYXgpHB`fPHde5fcZbcv8c2Fwe8d=JJEiWo=l3{-+2ZfJ9-{9x=Qz;T=xc6 zkxfUjN#5%O5STFj3)u(F^&u6sES7FfP?W&TnF37>rT4`Q4Gmp*%rVD&=Y1DmBCPLu z<#^A#-p&90*-!6!U}@wU|-jY4w+9Df+ho&=rEaP(AUGJyyx9u8KPTC#R%FX#fk2=H|g6;?x@D&hqJ zzET7V0v!+-jZz9fupOh`Y|f(lr3kCZlA~I+K1ImjQ1-(Klq%m{QeRaPyg+dB+}U*W z^gu2M^<=`Y#$a+eI$G-Zw@+R|Q#6Vs!MHb$z{7PV1NkhM-*XS=c6ac^GwW%e)WqMM zbt1W(hcuF?bl5aB%HuoxO3H1op5z&ei!kGPo7DFWLpE<^w2igG6++-Eg&sVJeXsAs z&VJ0KHcU(XfonM;VQMF$w$@(1>&pCbF=g_U9l)O*`~e=k{~@mV@>Q)y5HE{vb~dx* zh?(RIUe(JnR-i~YmH9fMzsG)G1qQ7ZN*PObQHJrrXT&QqQq&9;^NbZdhWvoMwgykG zbco6bE)ruLTopy2QN|#P0mcPKIt+}A^6(2=h$UkznAVN!Ml8loD{u@6*C8H_(NGg* zPIDb+OzPk*(F@9VtB!~Ns}g{Qx<)o`+{m0cbFO%C&5L)eU%w$$ZcKJIBj!#+ zwA91AsmLQ{+6`3MV5K9DRepPRE#|H#5NoztvyW&L>Bj6H=QxPQ4EV|h(^o`~%E~O$ zE5OhYc#2dk%1_QdljdX#zUSE%ne*xnRfghxR+_@8#h$pA;tZl)d&{uKT*LD>A$I z!%RK&FbbknE}DQRH?HANYc_H9aR*YL%;0(T_TDJJr{P`x>q61X-z!X5@q`EXT>j8~ zeEq?vncULMPtQ1x&mV9&u}%_*fU+<#)}qunCmQ?Cq*q5%ZVbpQkrG^S_&$7h!6CF| z(ss>ERF1e78evu4^xI`Rq<1RHghIHT?Rnp^Lf2-!-mg}nlkpF z?|tuk!+!M5zqw`DpU*t~jN-a=>z@(Qeja^!UR<`8-r@j4N49&D6oV2|+DCHv#UF*a z(_o(&#(Ze%c$hX0CXY7z(e_MNZ5;%-l9gS33`Kc7>*OdD2$?prs9IawRb3UAL>cH5 zK~f|P0#GbKsQ`WnN+py0Ooo7{?7c48Rq%=9lC3|=EN#R3kK>3DxmJ#uHx>MX;S%J1 z7%ITv5c6kE8-+3#KOcErAW@44?guIsj;0ncUjj0ucu zZ6J;XN*E3Ogqy;X2?MDU6AP=cVbg@UhwVL8c>~oVPpcRgg<%i~w3IZY61=o|8~=Id zLww@KyZGG`i&0vmL~J)a9J&UF2t%LxR1(*9cw*HCy1V;nXv%QF)GbB2bzjiV4DqAc~0W>yTQagftslcH~(mBNj?NeT9M@16ik3 zYHfh^>+1%}@yT)QS~e)9h@$8pIw$@=GXn6uBt3oIw6(NCXCFbk`*(L>Uy3@&V^zR*FF0Z$4(i;5u?YVMZF1t!g_64agTCAAaGt+@~=f2 zQceQlmN@_JyZF^p&vW3^vHa{k3z*tIg&@`l9a^n#0}MNrRUb1BDUT5xA!$grQH&bs zFK%VQMMZ z8|i55K#&A9u9gf$Mb16yNPhG3au#jaXpw-V8Gn>L1!5!CL#(R%)Ujsu)*bW|hG@@a zOo=KKjudOK}ZmX z;D>A*93WH*C6yVk4cj_YgxckV1NP&;ANU)G&6$ShC1`JGV&=G!oOk?@wB)jAksys( zGs`$RTwUbZtp#Q@yUfqkbIG5c;=uXSIePX)3Soejf{Y{CJlM}2D>mABt*(;)UPbgp z1Nbo_UqTP$jrT?Dpz}q9QkC`Hpja}R5P)=~o<4nsSi5E&K~RFhBCJ@Cm^Tf*&vfW+ zHRrOS&Jf3<0A5;K=8BlRD^?eO``cG9`}C(j&9&EF`<71X@|TtuqQEAjRFYZKr;tjx z1VKc?O;Vp}C+Vb6N)g6I@H4P7u?8uG>%goD=#F-1 z%E5uN5ZM$u)>SvKo+0#KUqo#0V#?&{{MUsa=ji$SGV+`gDFhKDtUReu(AI?T5@yDy zYZ6U)=3j2R90@~t=x0unLx92*A9NU zcsc3%6sJv_h)@#8^N`wF`<6vH?wJL!001BWNkl(zNXNZ5gEWlHB2&)B<_JjtM|6C>if#Tn zD8e|#v1Tu>aP9on>`FTblvaj&5gXR9z!XSnFG127Pj7xFbK70+JnI-fc-KPKcA6r< zE?AlYziTDaa<02sBAY(vho25!0T{koH_$A!*O05kMg-8T(d?YBfzBggHJ<4VF%AfzVaxcqea28u&PNZSGchgbMb)E0@3Kn|2pVTkCTkd0q#Y> zh~kJ+&_gLK5JY*jj%?z0ENQqbifBo`!ZCaJ8XB_o{QRM(x#=&@^7}7-nDMO*c*0?H zV;w(zXc4C#ybn!D2N#Ezw{#;sj|pv!tlr+s^Dl1!5%YmV=i_MC5mL5MM zDYTLORk2N^Rb{Lyj9t~G&j&qx>&X{5dD=MUwzZRUTTogVh)|iNt1W@BoCNo@i(45f zVC;{}-{UzhJ*5FIx#xBsSh1Q9AGjY^z58ey(`^KCY%F7uxHjnvA&vW78MPM@8EcfI zh&4D$0Np?$zoLXTPJ6;(M0N}VrB22-xZHjA0?xnZQJ&en!zw27N?TV^1JUnJ0(-q9 zfHFFwl@Sur8pgE1vLW!KAs-6Yu5>8~1++9GW{yR#*nj|$FBO{R&YQb%$@5E&-IHj@ z!iSCe=j6!~owaK>n7`~B;`T?L2l3kV)C1N@|HD%c%M~ zMl}G0NF5MFc{&RN_$nspcqmK|*A{XPRKTpJ7Op$xB$5fAp&+tFta;f|K_tO7dyqIz zf+x20Fuhsv$dXPT``b$#w9j-7n=!$N+(?CkpsQHq*UQ&Hs^U(|IfF z2*2+V7F|-IhBep2zSE(j4Q7ltkep`(b3_@!S-b-A)KcDm=uzD9jqmcwlio`< zlR;_CfByP_FF&;V_XR!ORM$KM22Atd;bf&7PtAdIMY6I^xNyZFXo2OvZP zLME*qwUuD4$dap95cbN>R|v_@fnNT&YArZ|56_uKG1L|3T2XVAjUKkFo>^_Q^flm# zL4LYq8Ebla`RxAl$t9Z&VP2a=PKCrLYd8R^@;<9>VCBj{pro}!MUe6wx(l6Lc=zo* zuxbNWEjXNOPB@PGbSq(87Cdn*${}&IFivAiRy38QWm*d*aV)&<2#M4h6%`2Mewxxr zk}^SKGQo8V4&$gvV=A_+Em_)OxLAmS zP{a5R#Hd#D6Jo{7t5zQ|d*-ZtU+dY;zn5c-clIh zNsnA2LB{j&c<|9tO|l-;O_+x@594K1#YS4{zGR&c4B_u76n-S68p6D4R`{ zCAISbx)6dNAPQErM`ILxm&wloEC*Sz<>u)~w^wZvQ@&|b6;e{i6dV8A72eENv8_jhY zv~WFnbjI3+E95j;H>K!LUg8EboExFM&=f=>G89^plk1IU`!7E+ilO_|A`<`FP zn3g)mwl{Lc?;hY^e|jfUNb*IWhD?&ih73AZ^bX}&yM719&zXde=J!v(2tmjv7aW4? zc<9(%d4)g?9A6-iHqZ&Xwrb}42IW-3Bzd7FN{EWRv9?A|VH~k$N0&j9gg}=^ zg~QOn|LOJ@d+;AIzloygEo}k3g8;mR$4f80#KDIgy!XOKAG&w@_U#swL@=@yW=@1$ z3g%9N@z#@DDR87g03Kh0+`5bJT=+@OJ^Dm6A;nUOhNeb-cK;t)zitg=Glm<03Ho}k z@kSFMimQYYjgdc%1iCP2VPRt;GP=2epPYCkhmD_(B!iHSowHM!t?hBXZujZS+1(}N z;q_}-zO9?79qk-6x|M<0uHR@?RX5XiVq1ahG)fvau7l62uI*g?=rde?)VrA8)`1c^ z5CKw{?o8SwU%SgM%DMr%>2bT%W#j~##S&aUkj06RYW*-!D&k6y&}*Z=HoiG@42 z?NXuPD+!WG8k!qv%BDygm%yIdwY9x%?dmlzY~QxMOp+FiZb$4r8Jcp){imDcUvZK%201*w z1b6!`e(~k6bKyy+6DhMklBvrwSj_X|yKf^(C9JW8Fyx)ltuU?~VLMsM%3)F<^8s}2 zLi80tDP*8HX4*I&KJQG9ojey;)*~EU4S=d_TPbbluPZlTEKCAcTAAN#2;)4zUA_jQ znA4|E1Sbh`NE}DRQB)1y6}{?;R5}`gtDq1LaLqGInB3OP1@mVUi!82n^TNi$DrZ2~ z!2Y@h;jqn(RzzA+5+&jwAQnCw`c`q$Z|-F6u3m0C=M+xcYd>7Cj!=gnm6_+&YWeSp zGFh41OCt&+L-NJ#^yW8l`|{Yx#u358k&ba&F_Ezd!|jB#=3RugebGIx(DfAzMdNvK7lJkBYBE(=PSRC^4IGL zM73OvO7IeUE)aGPz{8U+xz4LD$zeN4+mf!q$XLpwX#1DRO&3@m# z_In2aqL?p;l`B`gXUwRvWm&?vE%^iZVIa!uzvNQXHRY(!B=BU)c!s_RX4F|M;~V%JP)lT zN$GL_b1RrLdK7z4YUk^BJ_d2X1;-wQ>pFx&TU`MgUn+%PmB5T08ncPy(C-&c$3-@^!j$20mu8FcW~d@wOs$g zayE1hGOfLdOOM)z<0npLQezW!i4=|$l%gW84w=}LLS$@*S&J4ZD;)DGK~-C_q0pp7g8QFe!t={F za><$RX3EGB^cD-oJ6=l?4m`4PE1iYBG0iITbgb=h<=&u%6CecMP=JiBHFxjO@FLOo zp->{!F{ObaGZHYbFh1gtLx1<;3(r@+^|~MZc-VXR z7hkkSa&;LR8?z)Ff#;^HMml>u2ZlSL^{_*3k8%|<({{`wDh*4-_@*ZQkS_uyK6L1z z{Aow4v00ru8r|GzOdn!p-1A%qo?S*;caiJ9@D<)Ydmi0`dE1dl z8k?Hg(%H#(Z~YZPMQFylc~usa=;jwMtm2@ttsF9T3`(YP>>j&vB%Ughx)e$UL~%$Mmx!Vg zaU7%Yjq6sGYme5NwCj=geJ=Xb6SSq1T=$;CXilf;DHhRU2v78q^6JQVb+}H-$fDK~ z3~OSJv@1M9`Q-gBez$BXKY4a38;0_nF>NAO9epJGcZ{Ja)o8ujC9yU{LMgNC7~I6Z zBS-M9BM;>B4?a!_t9!nCa(XjPLVFkim}=BDM6bc(Fj!KT=gwtRAc$bfXhiQ2x~o?J zI$tb4dCA8wIqkV$0Qd z<5~^72ePuQs;+fDwZ-aiCCPH&Qz&he;A%f4t+j=StLtM4Cxes;f~ZI`nXT#kYd=c8 z$6`Z>GG)~2$cH{x-T7zQJ6bsRsJ$upzLm)~|0W0(x2;%Xi~ceurfiYB2lq}Xkg*~? z=o4rSftCNQ{eVg#gb`uEC+x2l09vc)hu8h^`m@h`AGhBAyT5Bpd~VUAM16hzXDgpu zGC^}g9WE}OoBSUWlzz2yGCYu&(TODlhAQBMd9(TCFK%Jkwk=E>*}-WC?8hN9XCg$A zA%6!AsT9}z;R&X+w=ivNE9YMQD-yXBmz;7K4e1QUFv3AmGZeM!ycPwhaR96>SjxAg z80H;G#ned&L8LWF$6>|hU6g{zkTL%sef46Fc{qP{*y%JaDNrvJnG^=r+X zA0QGiYaEOo1u8-XC3II0boCgsk5Y+*bUFWBb6EHGF}2-MVxxuLrkpC@Pp$Iqdt+O6vs$3E-sNaTL)eFjr10_ z;>UUO{>zw0rE)jg{zCP!vU3$@-}whV`R6A&XzWN9o_9JwJn=M+nLLmBWGjL2h_n$l zDZ|O0o1`H#f z5T%*`SqX-E&lQZQ*$Svas}@GJnhe-&4#RbdQ7Rf{`cy3hG;thOYMK~Iy(ljO{_ifnD z`pyBv^U>uE@p8efYU~~=7&5LOlL}(uID$e6T`bjBeGrCd72$XH8h(#`j2K~re*WIc zA7IOtEwaC_e?;Zoc`hxv46c`;%pDaBFSu%pTdm5qQH@@L9n6)_mJqVmIh`ODjBOsl z-jhdj0?}s=yH8gkf6;VIG_!*Zy@02aIgvfH6}Ljz=LXFc@^xo8L_L(0Y1@wvaD&&E38+A*?ZMmAeDpbIP@0-PQP^_hmULLx&?TdFW$b%m|l^>sUGIQHz;ksF3Wf;FwnNbN^R=UhM zR%DV5Bop<-al{u7p3Urz4hWR7rqwlQ<{P;BDXsm;=BP;3DOC&zI*Nj=Gu3f)o*wcRVo8L6W?!gCb&t@~`+e-ocin?trukZ#y8eWM~ z#+*o%YDofCbVZ_cK&VOxsS(;kONA?wG$cpamCtGcBCWh``B!S@z7>mU!1FwI4fXJy z-`~Z!v7Dm#?`&dNf*@4GX1X1W~1^ zLmRTBmR9Y#Mgh^(zGZT zRaf^=$&2Y?p`Pr5ojhiHgVy8bGYjR zr}C@Qj$_}^dl88yLLE`^yU7PT@aZC!MU)<3u(XYQIAFoZkU@V3*ZtuEPWaq4+<5zg zY}ww$Lr*@>x!?FP>vwEIxJJrSD8P|Cv|$TGA5M_x~4q;egps<5L z6)Gebtp|C2+cxf9zlkp#GM^|4=p0;6e|{^2#V$(WAd$A6k(9QY7S;c>w8Aj4kpNX@ zUbrLg^W{hX%9(pj;Oe6fpg#&wDhB0NHV@P=cC6{tr4R&Rk*=XFbmzB_4+ap9&r3U2 z^3i+l<=Vf##HEMt%f08G#SvroCeZaLVc6Z3F1MzVFH12Cs|47XX+vp2LOT59JqIzT zy%|cj`j=P_fj5l(SGN{wzibDBD-q50RMcwh0UfsKP=Qc2V%lhgN$O%?aDbwp{{p~q z#~nB9nfKXe9#1~`^tCN5BW@|DYq|zmc=yA6{kOM}Nq7~aVJstrGT^&ZwOb42F2^w> zJgQ@ZS{Aj|%J4dL8Opb}fr^QBP$}xlr=v^+RXR3ElB#7!OQJX&J_bR*=Fat=x+yby zFz-C+xLkSHAL-lK%^64S%fyjwD6NSt&!yf=@X*FhytKI+67DN5U(JxBrbyEWrO6fz zN)bhYar@j2M$usiaf}KA=&vFGU%c!qGyf6d<8jBH$V<<^Q0VXNsUB4=Xs$~k9oKfw zp1F@ChQsgLbSNAY-f$ZSyPh1^thEj!f$B;VO+F}c^1l0%%cQvKj(g}C8YGT~*tn~Q zi+*w&9V6;kx_%2k_|1bHeaJk1c)`gOeWMB~wIG&NM8P!UqWWbwK(O7uvZz4Cc7pQW zzZFum;$K=zlu&q{!^+KFZ0qa-=atad>+b{fEB}ENRr_Z_1O90_07o5mIQt!PaKl4? ze&FdPFDw~V8N@bZVfGXl)drK>jq6!92br?MpCuxDF1)ysd2M6($wxoI&M4siZEI+9 zGf2myZA1%;US7e!{@0a6ku=h-3Ya_=J*EZnLl6YWM2f>Ej_1_rlR0YKXhznV{pfzb zL`LOtv`@ewo+sF`tDj9>z35nxOQo1Pu8oB26Vp#2Eb-MF?%<~T9ydv%A!BAOiU#!jdJX<}j2uFARtN}Cy)l!7Ss85rC}I$e(^ zJ+vxv>0{4v(cGC#Yp$oe*k{kL?dZxamaeT5#cs21VeLx=jwdPl5#M{}1x}qhfdx~> z(c?$BY$|5HQjySy5=>$U5B$~C0I9SVM~o$*d7^I z0#uB4U6?%){I`pAy z4<zN zK63RBd1&cU_L|hjvh~|py?GbHby)lIR!%x%f4*_hQ$IDOB5Y_{t4c zUFr8k%}A}>2pHXvDo;U|&%4spB|IK{VU5w_NCIzXjxL+30gmI~IL<$`9PmG70Wg35 zzC7~yUnmrdeTx@AUu9u6DEka4AIhM*~ZNbMFI6PjZ%tTg*;n(`ar>qwiX(bE<=GKDC)AlyOj!5S|Fu^BBoI4 zBH<-@bi-D56^nfOfH@45d|Zq{hO$FHsmp49<=L4Wj+58SY7>qmh$6oE*Cl*l=4AHo z7(pS5tR8|9YSG%LbSY(^^F4)PC1Rv>X!MeN`7h7##D*Pw@0dfGIU@+_e9(iWdk82h~zjxtjH#tD1`%*qL_|Mj&B~ZKNtP!Q3gYcbkq(+-*OS45h_O4 zWgwX}*3t4+l2AE!}yV~afbk*7e2V~6oBb7r?G0q>dHU4_~MHZLJUrwJf*o) z%AQy$O(_t;^Gmt>|J=g-@l%;Ns?9Li?KM-vnn#t3k#cSpk|^{^I(2qcuR7;-5csiA z)j6mte;mdIlxVJS9?HR3pzVIY-Ys|wqByXc?WQvmQV{(+V?gfFEONXdWyCXVckUppuSt}u-KvJZ+7yN}%UFx`;~ zz9!1j>{T5Dp>0utz;z{Er4skPuo@B$Z}75(%{MKnJW|x0B0O{FZC~@EAS41CUHvXjGX* zDV3R(5}<+*RD^alj+AWbA7H>Y^EFqn;;?nxIA_r9%{l-1O2) zK7Zieq#cL8*g%~|?58Y_Bg?*6HJyIVAuq3NNy$(UbHfWuxoG|jrnNLMP>Sp%!gK`E zvh3qn*!eH75Q{OLg=8oQ`QpN-Nx3e6{=o4_;gI)3lrGTSzm2BsXk3{<#0po~8~!!U zjFAjAufdZpnN$n?g&k-FhmL9E%$bw;mT|H-}u$9`T1u)g(I~Me#SdtSR%FSp;9`;Iz$oRh=g6=!j{y&BLt3=tnb{x4fj9D?Aen!=it5R zDHKfdCkAP(ZSPpUiGk3^kqKg{UN!j(Ychop&VnW0QRGhCk6a(8c_D)A+)vM|04$G4u?T3?~Q=v};v(Vh6sJs{%DcvN(3or_(jH-~ zNIG>S9W%$&Lg3<(5Bm|S#C^{!<>G68MX6YVmPQK?#U}6y30W614fOQ%nN<|wShqgM z1|%x`OpMAY_AEYe%E|QmC8Tjzpn3tQtX-Br!%|QpmrM?u=bC;-5vvlelc*Fh z0#GU5h|jqW=Fr6jwGMV?&04WvsfBWkGrd#KqeLh#h*Bh!s4O%MdguKo(W zE0f8bH*@-oTQ+UllmlRApQgLt$apzYEMLBS;EHd2ohvT8{O=MYhlUCO=_@Y3;x=GJ zx%o-#KaG!^aTNQFZXu~4<+(WaIu_!H0Y9R6SwsF*~3EcJ7e_?yi0JF!9!j;f9ShUjB z5-lTyHrgc0PVQADR_3Z|F-Qkd@X?Ew^40S{!`vCu$QSag*|weQe|IB)cxWM;c5R0djWo}kz)Abe z;G~(;nAh4tM|~rXlSOGLDP_E-g=J1FZD-E0h0#l_+t$NnH~pSc7$Gug3rT6T^lFsh zY!XbR>`Iw2j*(g!9c!r|mekj$Iqk6hkxmK~M`&Q{V4fh3@e&^6>T^VquFPg7(x{zj ziBq=6)Eb2%={P*TWgEv$8f*3NrPU)aa;nne2S!9V#t}wxH|S@nl<~@L@IH)Uo1f?3E4CctzOF96_Yq* z=1huyp<>}$p5F>#3L{4er0@vhK@@c+848fftc0Q=h)ZOWP3Aq>WGS>DibFil7Ir$O zY+|9cB8ZA4Tq~$=bpw=uK>4KYrbk)PQdH)r+7Q8n{eSGXqc1d`>#)A7i)-%tGY8F| z!GTl9Qwmf?-d8D2+D)=><2Kgy_8U!x3hPk6%EU&Xr6%KR(xE06M&~Oo`l!A^^LgN~ zWXY24b7svx=FmeA`D3Z%d&M|v$R~0HK_FUMnrUrqb^cz-|BN%v6nEZvyBEH?%Wku19MSv!V1}O$5nzLC()MbgH z7(Y_hO51+^w$+a-#jq(O)E<*A9)-f+HV#Mrc7dFt_dkK7M_AAjuF~HISvVpCAHa^wlGZ7Sj8kA!PURLmrYwc zO%YPwpLQIo8s=gc6s(bUC>x<%$0QCs$PeY*@F|R$DfC(dE=~}eb?CR=#Z$op_zQA8=|JmL5`~iTTo^CG=?Yg1s zknU(>V{b3lKk^WV&)f$sd;~GEHXv^KDWyFeuH)cGC1OkLQ(B{>Ld7QGhp|szX=g?L zIgUew)Rdw={J|k3K4jJV4B#Z`54w?|eGWS=a)BuFQK`s`w`>t8aEOVK$^kbvme0z} zmbFF2gkv^al1`fcyyGVHU_T!^<`mLN2R~2-$1po;gmJ`gmaVnul_+n9*7$AgUb2~Q zNEah3b?Xr70M*lvFso>K^w(!Jfhv8;5MS#-EsFiBt zM-ta)`@4?hiIwZ=?Cr0t>gr)8K5qsED6bvqs)V%NU-l9nX|vVyP66;{AN_;<>GRGx zcib(v-nz20tJ6|X5wy3W_n8V4JJ9Wors}d6)2tswPzcZsjuFREpyCj=?qVp4_}q=x z8rZ$1nZ|==an$Uoe0c73jvhae23b!@B&rpj-C0*!5fh?=kdlrnMmWMXD{-DklS`%e zz*qN)7>ODfnyVeRwgk;mZTI}@f!*SPCROVF8|>B@FS-(k=H`f z?S~LYjLX)Mag!9n(9F7o5yCMHYqPZLXpNSFgbPc1dYLhznYM;3K@j1(<_P7XUV zQ3)Ypl$BAIP6B1hOr(-#?;c@|pfoN5t#pM%DkCVICADB;z;4(7-vfjbqSYy*KTFm_HINXxd+T; zPoKZW2^5(?gClWbjUR=m-hpyJ7rtM*dEvrGo)JQD!wtW91+Kel)vCV}H)>y=d+s?V zPo7eD#~rs#srcX2XSm|qpXMXS?1vwusLwW=21b?T#f_!|0$evi(#sldBS!qlxHuLl z1qH&$N9%~B2ggikXTju=4EgZnjvYL_ZVR`qTF->~97m2H$=vo9nlp8zoeZHW+0NKC z%8RzBHx0CPA=I)4ohh&V>0y%8|HF+|vl(E`oDjy}O@Pv|Q7DYyp%>Q?Dp@r+LBGi{ z-|hrN`}?R`U}mxznwy&6DFEK+;~W3+buRnb$tGJ7vVYR*%KipncUjKg6UIu|I8W8YaL12&EZFq zqBa6LLQAxch$xXDB8Yu@@|)cd9@g*dWou^-g+h_A7*N-kWzNKL{O<9^W}fVt z3egpcgyZ08WBTKvZ4NbJH_9==I7S$c5dnVabHc&<@XJqMgb+EDj;)=q2BjzlJ}5D;oD zZQHupvS}-&?g0p+*Ifq>yDj1(+UB{^&TbaJu$sldZ&Ds!doz3OHH}&Gr*P;&`x3Y1 znBURHq=p=W`I2FVOJxmvtevNwqZ{>QZQq;WHUx2rzWfeD478kp3J-Tr`t_BXT_GHY zT&kJ=QYZbf;@#s$F|MVFO?`t#L`p{yVrd0@!fwyV^dwKyQjy9)hJET4;bp|Aq;&W#Ibg}!ou+7=am9F zhX(n#AKk#td><*9pegN<&1CV?E_LZNsbqr2l*fpMda|hm>4Zl^Dv9e^yWxaOI_=^J z2Uj|VaOr^KNE~T|SK>HE3yq2)Mu93&@`n(@K{^Q>$HmiGgyU4!6Qs3gHU2@;$N|TS zZ{6_+DCW8F_yefRxC|5mgfQbK*Q&w&aM7~LIWUE~FQe zN)*=9kZd&XOT|_dR999#RawcgY?qD16A3&C87ECH*@9LPQRL&tMM`mzd{9D*h{H#> zbIkY-x(Y=WZS7*ou5KP!yM^XdiaBjf%pcXvg!+0SVoIS^*(0*!HDR1aE7Q;#Y3|(w ztARWJyOQZyaSfNCWqa;!(l+1$@GC0`Jqf1x+U-r&B%&w~H z|DV0jIk!&Blw^`g?<9mkfKU>uG(|cnC@OZbU=$G)5fSkPc?A^93#izTCLIh_qy|VJ zmGn$9nM|g)Tjt(-%HF>}_PKX%LO{Xyr|9c>o;=TF%Dv~Fv(H{@eb;w=zdW^KBP-T# zrKhcvzSd6Mfebo5WGXu?z_yY5O-I#KA*(78mca1?V#18IL&MMz35Ie;kN#~kUW)8nEkYN)Fk^qyXDaXEwREzwrIVG9Jto?}iql24rbKK2?vifk%t1Y9tB-Ig@Hcr&`LLTKOc7D7HduAgNf+d*wr6GDZM zV(29I#!sS4W+7-u#Hz`;`LG=d$>A$2jhXe7^n!702BoR#9RH% zFzSRGphwri$Pv)hFEpAz-gEc8K*OR%i@4#28%lq=&)$1qvvK|A(?Lzd_X&pb;8^7H zd5TiEN}C5>hjUTJ07vuM<}EzgyoEwM4k~SuKdm7jP+y(I)&YYLS1z=meL4Z zlyGq=V3WjAmBuhg=rZ)i$C6Q=-?W*hUVfSV=FH-xdDF?}Jw!-;b%mxP;;^{6jny69 z;Mhge1w*Kn-kz&}A<%(BxXQH4v>?zvZpP^QYakYjGH3Se#L{KU-ZjA=;EKz?1HkGP zD?gFT=3+(8(_tTZA74J_I7CoIB35mrmUUS*U4+|35Vpt4r+jp%T_p$zu#`Xx3)_hi ziNvW0uTR0xl5&rna5eTa+IV(r&iiqEy&7k(2;2QxTEr&;;%@j*OB;xS=+7`C;^&3R4h&Jsa=lu?W z0L`#3f>)yGh*%^_O?9>UPXh2a9!*V6EMB~r(@#JBo(CR$;Qg-aM~W0aos1i%|Jac* zZ8SO_3E>v8%Raj+8BC)G(&kIIK-7WHEtt>O7al=Le#1~hWL!ufjhbX8lYqz#= z+f%P_&yv;j?$`l4d(eGZ=u3x$z4FClR)Six1`;+TtFanKkQm=UEM{S8jkU{&Ubyju zi`x8kD$?KJUdjH%P6iKeklLye7%H&s?vK6>MgH$DM4=6poR zFBtwDXP$LdMMG`f$G2_Yer5CK&GF`KTkyPqU06E`yuJZC`Ud#@s?FTm;$Mn?z2Cn3aL1kZbOA=L&JAEF2h|A*en4?TU+MsbWs=Y0 z?T|LlH*cjdvKm=kfeMUv1VKQ;j`Gk)j%9=sBky`>ELwVdS=-sey3RhbDk}Et>giq-DD#}vO&`Yv=buJptcFCa z7W@DuWhkXf31%O*^A6jlT9tWll&0uI>VzVY;j@Fl!Y1KV5sy@(0+;@w4)SgaAti~3 z&Ad@{96Y9hl<)Jz=AB&g!Wy)_hEMG?gX1QRMQTkZkVd{+8csmbJ#^DhPC7@UeDI9ZM*ilu+ZR3f;6tYezS1QUcS9}gI~AHnA;ynHI}QZ?@P;Wv z=BE;6!7RM7u8XZTv&W3&yGI<#Nz><%RTi%Ag^R^PO0#sNRP^O~d3Mzb?s#%34?X`X z?C662K}2`DG#XdV1{FeLO98e(xjsR@0Qmx{FN@o{lfG9WF|koM%$g{ingkFS`*F(j zR)j`}n_b=uaNQi~!T`3YF>|-lKxImU6b`oXsEI@j8B3P&W+gZ@HcmXJ=aaDKmkJM+Iz(J zzH|-u{qA8dzWkFMe9&B^tq}zgraNYqzesG9p~*~fL)SPIyfpopc50HNO@}%({}^5l zqGYvfNr{Jt)RIUffs>D*q-I8KHI0cR&8dv(5o#N>|IQGAu(~dp1KEy2qP(EYMGbbH zFevLQmRIT3mB@w>sO|v)=!?Jg^_zj|#aCFq!dSf~6G@pJ%4$>~=uSaX13l?MvO&Ql zPN8&iNvTjl;0CN}YXiqY`2kWpDD8vmbLo-$Gr6*o-a?*4%m}#5oiK{|lSdP=Y*K+o z-sQrG$N&H!07*naR8{QE!(96yR1>ufdW0_Z+jS_nYl{dCRg=i(`bZD;;8Va88aMEX0%y-2&sno3 z@!s}v^HI6mTRMx< zd=o?>4l6fqWy!i0Y{xdmle7TO7-zkse!v?G42?jzehC!l=TVE@k;^%Q*Oug`a=;Pmg`Rx3_n8@#^Ym493|rT08hU&E3yE$4&P?#$zv1-ETzQh{Ld+fp zE0olrY#elDx>wGPe9S;*USvtB0vWPhWre!SHSc02qaNQBXO8mm1I(V zHO+%*P!b{DAxl`7)CWRdf<)VL9u{Cp&7=y4nbl1=(;aduAnW?{ z7hJXvrrD9rvuz;D*8V{{b3^obif!7XDjs1{V=c2QlI-13k8oW+cjIkrZ|$J1zn>|i zMj9#KaHFk=#JTy2d+8hO<5S0y(x!$GnE)s4_s-uBVMXZL1jL|c+-MBG^_ou($ zV59{M`M*d;}zO>S-Nox%kF;; zx_c2`P+|{4_9{H})Z;6K5W$Yl4(K$eF>%VI`-E1>Ll!Q~ zeB|s8HE-L|8oBGPyJl>A_>npJmp0yPA*i3-NZ^K!WwKz%PRc?Guq`MAJ}<9X&;B#_ z3YodP_Q(W+k%^dLQ@a5XDQQn<`RWrd^1_aG)W8s8M-O`K))IMs{P^)QlgXT6SyubP z!w&6kxo!LAZQEMewyl-Q%1SQ2_+q~Gt#1MFX2JiR9L3iJxbn&?xa_jaS-kj>yMene zyy$Bquem!lB&u$8h9 zC{!plY;KU**wVQk5>^E`apIPZEd!Lw(3KfvMaNDy^!2czdytO2M_)FB5`yYTl<6ZX zId1A$7L0A+*^MoDPH{f?omBt3*Aym*V;S(Y=w4>ZO=+xTxAeoT2?)zZD?fBgENT)c z7&QXDHHt_L5%_-X%dae10PKMR~ zT4)+#4h_)}9AHV5GWW;xe0uU8ow+=1sWcn=Q>^dqw=@3{T1I_mI5KnF0IV|S1%jT;~6VlqVhiZY^L1cM;vwZ(Ti5DT=}lqxM$3mAvSE-px3W^{pwN&x~7uPoPQdVM^vFi zBGl|tAyTQ|avAS2P?f1{?*8-g{}!*O)*8o&Qk@t@UuH)c(a^{QXI*nYr`J_8t+twe zH_!6+K5kpJf!~QuoIQIgM~od!PI(Nu${3Al)2|OiIOS!T{*ewnPqY@hl4u!rpVT@a z5sUE3mK{9y+Gea+v~1!=?AF44n~!%$eYqiZ*9 zTHpKXvRCx*Rg*%Gsm0oNFTV4s)A;OhhvND!)9PwCZsKVEXZhQrPUq*3CYjCV8PCxn}?)&Avbhmew z`#gyQ4?IXLUHY;}#1rCx1Lo-szxfS+{__(EA^7T|3%TwFgLY4yK8uQ^tWDs$+T@@@<5<2~%z+>x1>L;^xLyHm zhs8U?qb@?jxavw0ktp3mIaYLcbMF05u(59dgbmF*(HplRvqLD*@mO5gGV-~;zP@__ zZoBOcjz9ib9((Kw0MhC7E`j?0*Kyfp!vZObzH%W~Tyc39(3MVaKM0_XIp2_KRDn+&OS=qURzqGXS z(54nvbao?cn+n@vOjVR=RW(c-JI2T-BWO!yx%}Bzv9Jj&s|?}``2cUb1E9*e6(-Qz zR!M5vjH)VwRMl0$s%A)K(Fe?cNF42ZAhp>91Br;lV9ZE#Y8z-xLqq+QUja(U)-b2*>dw6eU+$B@2tB`DG zRtIS`*kavRsqzpMz%?qnoX<4Xuxh(KMGy&LW@42j6vyxkG{#o_s&j0erCm#RP#@^nZ;W2L~f;DqI z2cNKz?|sE`P7D^kHDdS5oLcM&8`IBcc=kSC0^U7v~_OUHT*p@tC>C%^9 zJ?Nl=#mg_hq+fr1^)8>O82kY?Z`@S+`qWcT<^KEcXH4U`acf^+y?smbHU-G!*lO&g z#FjbY2~B_A#u6G=n+Zp$1%9BYuB^bZBB4*Z>30_aQKV#CMI}`gNmg|BaO$0pv$HR4 z=I=MQA-1)lcl4CxOD)^Fsd?MxnD2hC=3bsght8mNv}frykIV6TuSG?VR>g4IWGu- z7y0)0hg}L!T_Q_jTOsUhnUE=s5R;M?G}R)S+t7bmj+i|e#x#@^^$;eBWo!d9?*KQT zqrHPzG`2Ue4B*EFyV5XCEutTG(gY1Om%K2C76p6;jfb zN#jX@=LVplsk(|U95@T5mGOHJ3Xgn<1_WVuLLjA)Sq(z8!nC76SQ1DQcPh=;WqZ1Vc@L0+QOO9$?LC9rA6~*=R;^{oGr~eKJ3?z;JGVaZ6w{|n z56fnG!C&d$1eEs|kr9Fpx3iOl_6!m6U>XAqRbfr5iY5 z{CLr_efzs=;d3g@{{k3U$EVLej+%-H`GSK}9AOm(jX=k5!ShYVd``(g6hxBa=0Zs|*#*q*0Ixv?8y4d^cBu26ZSKpb%Kf z4mqNsJ*q**2((Yck;G*JNbs2tp2%~*y%(?F#|u36-T&ZE&YyqK@}K_XM{jGK7Um{3*C=$Zt}cXpe_pNK$P7wqUlZ`u(m38Kc08!xwSZ&@USCvSi7bqZ-G)*Ru4VcDA*dDBs;j`lZ$UU~q^(KC_h5jyr@8AGt3hV^Put$%erc zYrA{cnaL6$X-Xtmbih80t4=VsY6MZc3fqnW4oVBM9_Vnwz!)S|GU!SIKg(&;$8yb* zB-{G?dB-9^yCeZ+WHU>a5ejuU{%OW2MO`(zr4u|4ykEziI3yq+;*hV1X}zoVudq|TUvQ==?c!AHy=r))FL&) zK_(!mVjov2zPVsuCRA3DD&#?i!qD152#M6XM8_&=El6ql%c>|c95S)BLTXA*f0nSZ zEgP_i*cD_7X?$G(X(3fWf5Br~V?84pMzDJ8R@U#_$pMolAcf?Xr=KO$Gr-3`a2(YY z5mH${d?yPXD5??>e!Ajy`Ug@F|118kMdq#V!G;~^#u12-^=Ln=FqNi|%OUzQr4H}> z0}sCQ-If4+@2V>=jz(j%a=9E>lF{>K@ZN)Gk;xaRu;K{enD(ajL0AY?w95V83;cVU z(JzvkEg1_HIE(y>qCpSC6}!+zWl>79o<`zx?4%|RZE9r6jt(B#+zJAYoG_aGMvcH% z5;riDEV|q{qHMB5Xe*RKw+Q@zJ6>2t)^m-RRe54qrV#kf5`yA`B!}g~J-teEuBnzu{ue zKYoE3ky8=I)J&u<*+?vwpgI~Q9*dHU#c*VVyjG+=pFz)M$Ssib+)ykh{9xgNEB5|| zdDbdqmIm0iO~*hxr(OPi&iej$x#r$K5UGhV^5FeS=ibt?<@|>qy6v5O%_0^g$EIA~{#41X3Wfa2hJZJ3hwNKP1|X1>*e}i+{b6{d79>Qjt4h2(=s^7J`Htze9m5cVcu-c zoHdbI4K*YqHbcGyQGp5^e5D9bh6Sxn;8G#0DCtzP@WqK27*Yv)n8NEPSGHivE z?eVH?a#WR(#6l}+sdqK;(ORRl#@9X)Njy>$YPB0KhYkewRZ*rjje=~BM_yft6cO47 z2f6>*=V_WShLh({C7W|mA_z4nG>#?d$PV%A@?qha;tp%`q;2&1(6T4k{5t{LU4i!X=aheV}HrDVnrj4b!6pF(pjOH`*rgOsN zu{^S6J6AlvlAW0$Dq|K_NTAlDXjNYJn!+R;QYxA|`*~``CgX~#cIPqZzxg>9yI-54 z--whY<1Dl`)qe;_NK2+>&YHF1-M-)cLlA&hUU^v`a>#=1S6p%BxLvM%!lL591Nq7q z&*Y0I9!5}56kLz`$|h1-j~CZ(p|h`#u2h!1n`gqPQB*n+8tZBqRaZ@QA{l0op$ux6 zh*_mcaKi+*ghFX6gc`z1McPCNcyi4;{(Q${c$>HLN82)+ZEZ#A6uUaRsjIJhTZvLC zm0`q)s$;U*^hH`3b&9&ZM?-a->9rY-nVDiJ5Ja#zdfE_6+9TxMBymfT%jP-vgku=n zFcv=uQ4Vc_QIR}mg^pP#Pae-LudYG39=f#~Uf&d2ml{n>&-13d_`Tv z(9><$l(i#AZJ07?Y@-U?RV!XwF%p3GE~tp2CQV}L;^+9w-c$I@etVJk13cy8Yg0|D z0DKW3(PZ=8__{zthfJD^P?A83l2?MSBtf8#V1doI-X=OlMS;AGtm%tBtKieje%4FVn$S^I2BOb ztOX(2FO)qdUx2pIoiWJ6rk#kr#-VM8Le@q1rAkn4ZEY<}UU@11Zh1ZqU3ds05OcS; zZoj&9#||y9L~?Q?#~-ve5`im1M^IsA_rXRekK%;%F0=L+k(|FSxBFMPE?Smex7eR| zl^YT*i+0pHw3nu2|E-FSqs2r^8b?XLsHi6dlWHpX_M!W+w4#N{P&U8mM>qcXxgY=J#{VDyYd5T`+p=+E1tsxGkag9JKl?=P`T5tm z@RXy-=ksVGiCH6f;DzP<@!2J0b9wfkI*pIMX91sk|M46}oiL5`{%k{X`36c4HCH?`HVZQ!n7Pw3)x~17tP_t=+p^n7RAR9sFBA>*v1sC6XYf zOq%k5>$-pzi4jRg%pObJ(VRTjM~Yf3stI(0`nb(OV*}EGB9%*V;(|l?z%hrT{b=Zi zZESu6{)yDpMBN`3i*7Vf5qdmM;_*9 zKlz`|1Lw~F(8P(84YNjR*s>G)dyxgfpB`JnfbUUI8l^3yGR84Vgz`aJAcRA{Fhq8! z4@+9RW%FSb6#Cwa5U?CwQL(Gjm;PUB8tS)(rbTVFNfLI4tk<`|YwM9Y7oh}d{K%3C zdTVQo{>G)3Pkj8b#az~W6Wdyh=EJO6vo>3nbkPBH^mEsv&+`1H4J0CQEM4@|()h|} zFq`7i!}iCvMHq}RWYW-A!uhhwkY)Qeb!+@ zBEv#c3RC?TT*P1+v0^KzJi4V59Rw7758X9T+Dc~3n7Q$YBaZr~tGRvnBj*C};`2-B z>gze6t-T}c3M!iBPGSFPV~yuYAVNVO5u%EISRm;VQ(cFsVo{e%h_}DQwGJhPwG1g2 zMKUh<+N0p6u`DN)xiHDFC^|waRg&v9WWM4)E=tKk>3LLwY(8M#=mxGlay}!X5pG_w zj#XW~cuM04VSqJl8G@nKL@k?^-hS?QZW*=}iXQETfV?SZXSYngxW>)ZlEaC75g8MN zo*7|c8IlZhxuJd`MD|l;wn9CqIz74aB> z=Ob`PMn`e`Gq2E8ThEtHK9Tnwa3B*#k0Kt6lXT+LB&(S^rioeOCsA8f6)MBMb)QD) zBI*=s1Q7bf3yU57ooskSfX)GK9Es5KL&(4?*n|8p)?WV73o}Zn)eO>$Cara$q{0kqaoOCL;+t1kb&vi<>@_8!#Iwdl4EsI7+Ds*-5xefQq=5Wtm_ zKg(rXZW;}+cJ11qO`0&d571WB1C^RA44B2_>kA)`j0UJePog8KY~dPbN?~k6WL8foIpPLB0q%M z*@u_PLf>HNQ!ZKZ;>Yf|;}70H^Eqg2Y~;4z{hse!dBxEJ=j!xe>K7{T!&|61{Ghos zR3yxVQ*ka{TG-en$?)N2DG*q@sCT}z%Dw&a6%T2>F&OC%G(g- z$kFh58EN;xQsfIRg&^SA$xVD@)?`w-fJe8svc7i!3yCAmxS=HkPSoc5`=4VVohM@3 z;cKgR==oD*wv_#~3JJV2e9(*J(wrA&Qj&NqDgeIsz3>0uP5`dC<{C~s@kD<2+u#0v z#E9C16UhoQzmfN7e)w5FcEL5gwzZvD)FN9LB$XLrXMZ=Zw{2%fPdht%yV$&ACl9{# zGCzLcet!DkpIFghZ@K?>@^7)R?$A=t819MaNkgv#axP}rY7;;cv9X(q|j;#Mzj{iLH(ES{K)REkM=UtDFY#cSkwryDqXuQ6SjB;80 z+)Dhw51GcHJTq3fK^bu(i2aYprA9F5g#t&67?# zV-7{O-nMquuHMAuciv6Zj)xnU$E1cjj+@*VwwnC#TrI#tY0ucY;*?cGVHo)vAY-wI zWJ`w@tV%25b_I?dH5ID_lwwRxCH3`{5RY)nlh4wX8sy~tXOMFh5H>qobpg?i~Ap<2e76h2-48RH8zXaeL{{ZpZa=NMV)a z!uQnwHUanTO$Zj(NJ&ITgs)*aWD5gia($)1Se#-i_GinVyWKemyZ=mS;{_lHQCtmq z4-%0GM~rXexCu?9b3PAm+0LMw#}ZH(bNKU$4cxbM1BqC~AX;HUq~B&TKP(w}zZ(Dm zAOJ~3K~yOoKEYatC88oCEu@sg_TE~RxqT|CDwF>bd+a}?1@Ootj~L?0hV?JUqLKGT zA`w%X`-;tvJjdBz{yt0AZ6g^|eC@3F(^y;2JXDg42U2I#69=@@u-tdJo#_>yxUt_DvMv&&lrR62JAH|N_}Mn$BtrKNu(7+ zS_z_7lBgYHMneV3Xa!LnB?zH3trVGDJF!R=;Fun)CCLo+5@@6FR##I+Ob$QRl${9C3jj`SpI=~KNePy)P1Z_P$_bf!H8uwQ&OgR^z z2>l8$Er<}}jXTwbN2q)df~sVU>5UDbA)U@Jsj-@Ija4YEP{InyZJL;E@t4+4mUs3b zq#Z)hMd!b8b1Ui=sBi)!=fObE+=xuh2rw1H;nohL{+UXbVBCgLBRO!vq5l;4KUryf z?@=u+Eq4zL4#q1`DJT!@OuQlM8lw9}H3x7!0Kjq+(ZTx?03oR=asv@;xa4c!~H*u%K}8>a_$PY8rC zlHZ1?t58xAXdjJFfW%b+jx9NOd>x049m9(DJ~F-{n=f$VLrcuWiWH_*fkX%1I~aj1 zI=5J5Xn^Se#GS}68h~%OLV34@vFv-mJpG>pV7H^DriQ-0zDMn-bG~Cm!h%54`_xiS z|HP&I;<0BLaJxBr&R$%8&WHK#M?b_h=Y52qeCdl^eAd}4oHYw6A@3E8^SIcxx3fE> zrHa-N(ju=0=}EWJKh%k^3fPW71~%{6dkzafbVBKN5A^lZ)HvqX0B3*jL%Y1*LytW8 z*L!v6oPAeufk$eqh}6WfwB*1kNgO+Z6b@2KB9@IUZIrZ;PMi@@K`x)gS3VLOtu^UF zCvm$1X~m4iv9QSIyYW=s3}Xqj7p>*vi5~PTmWjjME>?wp#(_|OPQJ=Wm#5nmueE)5RuY-{_%tXX@-pMLu3XXeb^=h&vEvAu+(dpyrnu>>NQ&C%Z8Iq~j0 ze;@hz?60ez@BQ_gPQUR>0${_Yjknq|+`!hhGPJdYA3ypuB80>hkaK;6uuN4K8sd1; z!?7!fT8VJ&3FEaAl>OLbfh;kROq7+6hH_pQRIII;WS1$L_f@Z z(R#Q8uJvxoU9r#-5--RyklH~Y{1AN&LIkcn^6NeP|BXo_WgGyh1yTuw0x6wvUsokT zC)b6lh~${bO;p(q_bpk&>Xr`Tj%C(KsHiEW{k9Q+(ppw!Z9S!l*bWgpe7)jF3RIW? zXoSE&_>e=c|4#z2+c7XOKs=dXD4qSEL^A%ts_IHnEWLwOTlm`NzQ>oZ{ROLct|MTG zyz7xG6v(NYp@($w+Or$$xU}cWa6<@*Ky7`!oOkt&eCH3h@#KnE=+AZH z;Bdvq&w`ngO3VJa=bt<6;;&uu;XCg9!`uFhPyOYYeTt_QtE)r{o3XVvlNueP{cl6W z0?P`&mJ%s!qK=^8<_L5Fv?N>T0wmE$l^LxPf=rgV>SU%~YiCT=SfRv3Up2xl8+N1%gngV81EbGQ;Q z?V&(xDxy)Mk;vaq{wv!#1ffiIagFW)a}^q>tSHT&x3_n&Wy@AQdFm8aEnoTMr$70z z_agaREE*FSYn##$jYU88gKMv!4shrd7jo~HZqz4!^xUttG&euxtDq>EiEi!Uj^|%w z$>vRHpuWl`Jybv|5i;?M61j>Bs~REA^HXFx54)dggjS)Kyc)iqx~LHVmK0P(6GR*v zX@hM^l931z+X@-r3fqcd+i_I*Kr1voskE`+6_SIdjU~_;p)EWe5Qu=vsKb35T3FN8 ziEu(bgVd$-DjLWXH)t&_B3YNnVBYw{yRLEe+@%~vlPf^)pyAnAl7@!*1i+JzKK2h= z=T~0wT>wUn9JRlVy=v?B7E0m;$vE>rax6Fh{tC`~&jNHl!pO>z?AJJk{Tu6;Q&)v! zNjCPUc)WQh_ibunS!W-fuZT;ZT)vIobPIi%HnLs{B|u__Ntxk(nEM#^;}M|Bc^pgJBMMm}_4nE!dVqyngv4zBq2cmMS9 zPoDRm1Yq|gmmQ+2s*1tE!Mhsj8|IH0GiJDH*WSb3Klm;0`@$96@#51YBNnzL2|@x% z(O9iG@>kTlE-^LBNF-W=3}iU^XFRVxt$20GDt`F=U-6*}ujZ(WujYbZ|B|R9Iro#N zLDVUgd^g_w^UDBEIN^l1_4zv6+x_Be#6~2@doX8G9LEM}3v4GqIstaX!?HBewy}i5 z5{7~7sw_i=E#r4%dlzP z-rm8|Wv`|WK6C*uUj9Rlx#rS~mdO0IJL?l#fD}@|)Ny?BYiIMh_a4B1-TNScZzB}s zJQp9&h){)!ZH|nSOxB{16ze#I2yLj#j9`QqhLxq^5CjCoqYkl1j9dQvB!^yh1v4)A z8v9>zIhWpfH<^3^$8kWLKB_Gwmi7=5QW=-$Uf+iD1+%A&Vd2b)1c5>e)6%hpBwcX% z?`3O@u7VW1x>$#VLbCyw9<2-lD!YaZEG#stZxGCMjIJF~Cr&x#l=IQM2+9+UCOG`? zqx^s5+Wzj9S8>_p-{y?d&zRiV)w$I7{HhX}VazDr_tg*ai~ssO`;VVV!WvC&atzh+ zF;peSQC~Tkrs^@wtgGeFraDfXJemWV>ew-uHkv5T?S~>hf};7ZCY9|7`89T^SrR%0mSFwz%74$W(QsZY zb|VCe($CGB3k|x$_fSG0@JL1@-0|#k*0*+rf>VSot>ISH+in5uB6MWFPC8K%RwPVd z!&zdXO#%?g{zhz*1l{_}U;ifo*wc|pnIN@g%a*0bAAkG__+R}@ixw@~C0+>IMkZqjDVQ_P zBG3ZMQV83{iTX&}$BHO~9bj1wZm5BfbF<`vEb&Mcwv3>ZMr)sJzR!56YuhMlNo5K( zN0WC|S=dqhyC3I&;q!MC=Q>4y2Kt7$>zU;^LK|)Ra5kAxiA;z6z#!b--YnY}rEZ@b zUI&7A<_1{okCx_*6~b4gnfW)}a2y+5l`P%OPk;JTU%l?S8~FWg!=B>n*R6l>h38*t ztgNYCWtlN5p|#d?=IpcWr59h|{9pcb*5)5gtw|F^es{8iV`pBluHf<%d4{v7eUT?V+Je^F8<6{pC|nJ^dfDrX!IE-@fcpzH;H$M%{DoJzL6# zMueC>h4+8)bgui-8H}tRPi3qTOV}a#Tww{Dn4P35KAKV0GpVhdKq6K_Q!K$5drjmU zhwROqx*C49auc6_^f~^xVLN$00Fft^ZKb<^BZEV21VMl!jnIw=t(1e%lijQhF{}Wk zL0cB7p-ysM3QAr8MYMq3`uydIz%D!G9@}ig2{Oa{k>dBXE?Gqj0;174ueWw^^JB}1 zL?gQ;)eNISZ@Y6R!vf4y|3V0=V{zj&T8y4LBpv5+rFWb#VS@Nq*-Pa=^UY5=eik7^5P$G=!eedmya$cxINOGO%%VrN*mbM~ zqxvV5G7|$zk=G2@e^MX|KB8-o;MFy>-}x9c?=*9%67snmPd@eZ#Ls`>f~psufA+6_ zmK$!k!Ss@)A-`EV~cK&LAuoOBRrpAXD%e%6lQJR1l3M zjc$Jf(00RrZLy1G~`O(Ez1N-tuo*a3}>K z0SwTaH*dLi_uu>Kg%>ep%J|Ooz~J1;Q>Q#sTUQ4lRKGCS?8QZA9z`lwAYw_bKKFQj{OE(cuxTs4HWSWLD75yGLgJ|$-Kni~rqG0yljU4i|%joFo;iVs4&#G&$V$*e3bJN$p zz>I0rSoX>?&imOdSkfjR7|zz-FE-I-i~c+E}XmHzAZx7 z0?@Izq1N7i|God;*YxDclW|>_Xe>JA`XByx2S|lR=x7A?o52S@aSA{B>?zbHMpGH7 zC(s@mKiny02+8}ULC%a4zp&leBan{9&`zWMBH-0;de zUTyCu>*pzWJ#=L@(35TzsVSh1~r3 z3lxikOitJdQ#kd2hxV9r34DJCB<=f z-+kBYzxDI{*AM<{VJsG@17j|f7m}K!MLbsYj0&)Xhp@6pnM0yN@>M|pkfL`W8_Ha2 zJm2&yGx;8Toj2-UT4P}$Erl->i*EQmw_SO&VKfVr33;6R@0G8bYych_orzd%+OF<&C&Z#;;TQuopfH)Uogq1C5*pD#BxYD4lx-a(0MZX9=fxw zbf=r?Ol_lUXb0(B7dbae5O@f{v2B`rx;gJhKf(1}?)%n7>_2`yLtdU(G|I;o9>znL zT*ToE7x2V0FYv3UpCu;qXsxk36(%K*Z{A7s;9!}R z>+XSn7#*~fqHZ7`QU^f?KJ*NL>!Lx_)z$g$d++-^fM=h5wGb$O|H|r$?SMG)up_ho zs5RZ(+|1M|Q)k5Yg`cf8Xb*Uf%@U#a? zVOtR@6ZOUbPoHDtmDzG+xg0$mvZB48|h3B5t9Wng*JKy zw=!7hB=8EulD9?iAS9W5AL*fvaLliK5$m@I@a5IMev^dYjnC)qZ2^HmivSxzEb8!! zM_*x8^G+(_kzFABznj7na)X4@2pdKul4cJMO^=L-m@=oIDtSlnp7$Jc@_!P5zwx;0 zs;dB)z1QBnw&KAtY9R!wvzJ$X`v@0&_yQK3_j!KyjU|EbB zyTV7xC>Q_iF7CPRcZhTrfo)_1(8mL}{kyjSjy?8R9(?e@-;AiOGZ)Ksp}(J}S8c(| z`34#kBD8%iN%FrX6lms-4arFf`M+kJS|YCu8R>z{G6sT;n1DS zvwUX{FYWB(#T{KN@91Z3{~&96`bfEoq#Y+_*;uy15+1Ibp>L>-&QuHSgB$6}Y$9Li z;o{%l&bF3zZe6s9{U%N&UC0px5codXg3H8_4gB)+pP;^JG(WumLE1BYSe76evswJ= zdOBLVIroTtnK8PCg71dY=B7J66a?JAej9-jys50a7{26nsRFSg>tBQCy3o~My3T!l z0}uUa@t+@2w@pCnGBkLc^X0z2{gn_B!IOT)K z^38LOLHU|QqycRi;+w6FypK_1EapK0S_D9VqYQFrB*e`&AF<-pRE(rLF^*((JoS|| z95$|jZ!XxM%MRU_o@|Z}-~Sw6cx(yV(ixIbO+MF6cWNX5kG=Db)1#{Q|NESodD`}# zWRq-q=mZja3pFuFlcIpq6cNR8uU#pEf}&Wi0)iCjRRtowm_}%+gcQ>IZnD|->^^;F z&iVau=9y!l~N6&*<8YApv+ zX0_hwrtIAQ7dw5ee=;C;u?Y_x3xt>*%VGYyt=vCjA!Sh~DCqQnPTxP00~GfWtu^Ik z3F3|&GH1XFJcu+RQ-EAHJo9gT_uFf)`0`hFCjcMjShiv*0Lxb_%&c9z_K5rMec-^d zvWkL`0R&Si+>RcWKm06TIsH<`o_-G3J^V+ubabGFAmTU!WhAvm1{txh1;UOnxMCQ$ zedEjg<Fy?<(s2^rt@!TkiFZ4ehS>@)kyf z##7qZ5c?KNS$MugcnOqS3%VXD8?j|MT2>>RM&j`}I#^hqpQqrag4SCgeTtww9^t1C zJk29NzXy^jG!|NT0=OJ_@&EVD|LW&|Ee`w7X#gC0$iaUJBgVEK)~(;l)}Exni4;*I z0lHX9iBdkk@&a_S!IM~0Vo8G|5n3aqB$dlS-V4Ng^oQ>P=z&?KQJ^aX2>FtWG+KgT1d-B2@l80^WdDBJoVBnK0W0i4%?%g&c2N(@&+s>L0O7?p}?5N7Owit z*=%gxLThIyamyl8C~)hG3uqi%!+FO}Ag4T}vhjsR;1jn6GuLfrUR#IZccV?k+n>4? zba;fYNMs9Cr#;*t!gNPNo=%ztFD zIbg;p3Z#fo=2X#CHio*YF+`jMEtM7Ac>F;;eD*QeQt-(~UgVoE&u2?I2eu^VrD*Tj zKxf|u`Z8@K)2(I`6dsl`ju1W=uwXyOWfdr`(W=ON3G9`mfOHN#qaxDW+zi0Y zx8Cxxh^O}dwG&#sdNtqs&iDD;g`Zsn#11~>kefDb+<3|M?b~X?5l}iS+Mb=uH80NP z7kiK6_~Q;|>T$<#&^~)Htf7|Lvhu*$%V?IP4E@W~K3?A8v;z-k!abw-#eIL~!CM}t zcjd-@Gb)HiqZ~7Na^Jc&Yad>{W_4s}^RTU}SFPG*N%+Vkk6d%iF~__;Yu2pCuekiH zOMo4~AbbUR57*Zyr30-9o4f+cjxub_XNWp=Ccr75Ur&gdGw=+mR8ll;F?1{2vWVCY zKY92WZod9@=uQScU%qY`K61v!jq7jY-{YtNau;8CQQ?pG-t$AtvOeYeO4HRXIy-t; zwYh`FstWoFMwdI|d8AyAzJiCV6xq$K0eb{uPJ);np}D+_!43;L;AW#NWBb*5M`S9g_{NwAn>Z+1$ax4-hSI85IL_WP{ z-P%Vo>9oR;QpckZjZ(J9D8`H*&Q)g}&)DV$PQCUnHtt9oK}>DDFjlm6A<)!SRpO&? zeLp;%Ar*0k$ufk{xLyTXXwn6rExkFCxg6`e`$+jdRZfJem_tJ%!VOQ%q@l5nFP=Dw zj#MYJmabuIcb1d(AIIp%!Ps_;s1>IihrNdmMOik!mXyb%{MU<%*tTgKmz;hSBO0m$ zK($GZBGM-9`P?*bsbPND{ku6bkhS&03vU%%>U+T#8Y@u$bn~7O`AKC0;YZQ?hg)yI zZt@Ao47hDK{N#Fs5Zv&S>-oWzKm3<2R5!F z3l;GiW2mD`^Y5bMEV@L`4EvYL8sLi}0^=#Eb%5On8ckM$SlLKiKTmJIgP{qFU!Qm| zmrNMTZHwOJ!Y5~O;Gi1L+jlGnHr1oa(3$B)3M()i(rBp=+C~ax7+N|=&P0D&pV~!3 zZC5Rv{;9C+XPYfbBZlDp#-b4(d}#@KWfWcQgcO2CF*SbO#jUq}(i~#Lx zuq?{!tIRd`gX@R@>7$jAwAMY{;VX?CH7d7t>&Hid-TJ?HQm@W^HT-<*)~zpIblzuY zzqN4wa|cY=|D0{x+KbBS8YM(wdnYU3Sj;oezRWW(yuu6f7O-IRCc3gY?1V!s5}_(u zLBx&|wIf7r3x%X6R>_ou4q)QZ`?58cWy8|-#&aEk=Xtbm+vY{=$nDAAOdYUgsf8Ng-0AZ!bo>KWY<=im_*1;4neER^qK$r#o3dms=v zP83T>q%dnt3K6i9R3Kd}iAHU1n*K7sy!Lk3xQ)O-LmfErAbIAePW!~1IdeMy4XS^x zoBAL5Sr5M8pL*kk$hN{L-}f&~_VfSI>a5D zxErp^vh`ef)^Xf7V-eG5ETE~OmQNkDCwbQ+8nO7*)34Ls(aUE~IDlcbmH0}9rYu?; zFr=$|VooKFU5*er8sZU#R+cfUrjn7>71YEc2uE`NoTa=me{sPqQ>zrOqz7SNho^4`oRo8mA z-hS)1zjFB%%$xsKcx_+#+usKK`>#B*nH+oVyXWuMuiG#Q5W;a_?@@g3@=tQ|q`gUH zGgQPIDUa2d&8TQ=E=nzKLYkY{_1?Ox{~s_8(@4uE;Z!uQH~0VmAOJ~3K~!KlWq7`% zI%aWVOB06+5euH1Ow2i9qpZRWJyxO2nDBYBN{f`#hF3YKAHhJnnCMT+;Chq40dAa+U0A&pvPK4Y(4ZmbZ{50O+3p13pLBfc)YG{4 zp$E4BD<(}m@V^c_`k2QueSN2Qc6XJR?xPUoUHZ0luzBe!7QFO2&p!1$_dN0x_r3fw z&n;faYb%$ruCtBp**<*bQBXb}g5iyWIc4e*l<(2Z+_zVvx=mNGP$)!_y~&eDj~jd4 zoY}L_1GxI?tC=-x)`0Un@4WNI&7C{g%X&h;!U{P2RVR zrMvc#z9f_BprUF7b~IsHOU1<~g^{2SmrhH&Zbv-ciy9F{Fx_WyMPFzbOA27JC@{f4cXOr~7<>Ij2ElVoC1E|`2EBWtT^DvQ%p zo}fM+qb3%i%yDR}s9>)_doixInLTS8*{i;sLx)y#@Zd(CTep>8zOj@|eOb0<(t*^j zdjBZ8>)~M-z@%lNlWD}ZE)&2@(XJF62QZ=n(Vf;EkS_pm&t3OUe{%Yhp+sFKlcTYr z`pcPI?pMC=YXL&r5hh(SjlM{PubpxjCmk@3_1n9-`r#LO^7Umj*46O+vyY~(GLB^l z*0l9<^OJLkmdE+pClANAER;3^TVePW23k^GHi(*dGiA{_1cIEO!B-x(rKxaY3@(rI z(2T`w-P*}92aaR>s3u-rx1B8;+Bkfl(M%dWjHm^PSd=w8I{C^iPx98XHT?F9Gud-+ z1Hb(18_axjIp6rqWTxythLoER7(Nom7PO^ueDk@t$QHXNLWJEE5o|gX?ZC4xwt_OH zu$3w9@@}5)WYQRBYGVFZAF1|0j>*r%Yx2+BI}_^!!n4l>h{T>NxJK z$y|5gG}7rjS_*0t%~--2FhB3_ocEy{Q~eYgi*0s+5dpHWiQDBwohpZ4M0o`AN@FRBmO60c^O3?1oUTQ`O?_9=zx}KK{vbn9>Rf0Y z-tMsTWjl1IbA0KyesmqB$oF;^4U0Y=wXD6J_d zMK+&D=d#93DoBF1ZryUtC7-{vW6`38yGH>3jN>oUp9()8xA%TMzxw%&i-17@C!KU+ z$BQq%oQp=Brh;3rjo^w#D_0k~lEUpul3u-u&CkBZOJF4U;&Dh=P+mc0O%>X*amr#e zR#jj(*W+cgh}N#aj0b1!s?|CYiRcS2yl|ftE0(SYG8Gk7^z|jV;DQUd`|i8HE`<1+ z)>u*B*W@%l6hc7(MPZl=4tQp)HB_RhY?2Ul57g zyt-l?*Ia))nH6gToPwgEzELPoj@hw&a~Hs4k3Gh}<6%kCUXgy(muKC^?abS}olovl zLEiI26-X@wS}LTH_`Zv_BvDyQBw9;4*M*dA+;-Aod~f!A?q9ePoT7EG;3Fvl2b^go z6?FFnvZ$6ZY_UWL2-G4FtWhcqJbI_7_r`)ZE(R6>G&c`p)QFb-H*DN^i|h6n7*aIC zNtd6^%~yVoldispzpYruq2q?}jgt>!&N~~}cVr{Kx%gy8G}V#G`;<9w|Emk>=}mFi zr13OWL`fF{N6dis01QF%zElL&Myv#7kxD~5lNObUX3FD($P~Kh&3EJZDZ0}xYqqrG z+LD@hgintf$*0B+=i9aAeCxI+cxl;24jwgxB^z6LW&UbXnH)D>eg>1rk6_-qR{k<$ zKI8Um<_nW2lFSqk%0_4(goR^C?pU~*u6*7|X9lx>EqoLB1KoLi4Fw+qhbd7%r4(ce zE_C-oZyG>bmL=}I^AG=V>7|!(#~ru-udLfwUU;4pKQZlzSuelb;48qku*MGMhv%I{ zCg|d}GzuuGaK8U&-i$Yb z^R+Cr(%kUKi)`sm5_h6uGVS4-dRBcz=1!PcDlAXoSH_{K8hmYZ5rWQu6yWuvn$wpy zBW9qfsfnh>CUN&&cYJK(r~PpX_P_f1jp65~pMEM&J~_P};H)#xxbn&A(?|K5+S;m` z(>l94MLu6BBECy9VFe!wDM$h&>19j!dR<}MHb_ze)j+JBew5Y^2FsUm#^jD{1`oYjJxl@O$)2wOVXnPhk3s*PY3<%k2ZE8Xv&_?`*=!IVuFMcM=?t;iPgu%k4m-G9IRx)&~5^uMzCUwqL8 z{P7+WH|ETk(d)Va$g?cYIn$1$rKz5L!Qe$~D;92&I!s3Yf!&{hw7SwpYlMC*jIFQM z1~417c^-!hZs6;O?#ls#YRP#X8o#8g9B%d{ zc7Sp0RHghl>=LM5;{pUBwNVR*V)5kb@9^@XwUkGlVAd}T0Fi(OSrjVzu)BYVGF15G zF&I)4bd?ldQ6f2*GzlS$0oxLQR&YU&jfQeHoDk@GD7N<>|IO)%$M~xEYWo4l&;4Y9SJ3Sz3;CF)+ zT`1&PzI?@@*=+Z##~gk5bAOvLC;Xi~_uTW`T|Sk4efWJoi#NFlI#6yOuIk10lcY1f zy!>vIL^O&Qs9XhxnJA&Dh(y@1qnnGbzl)BS=7H-6J}?Lol?SzM-!`+MuAYDQj#?R(Vm2ZRw%*S5X5Ho+ixEMkWQz6SUiEs zgZAQvADmBJEJ8Y0VCsQ;uxe8WkH5Bpm}3V_2aBxlQd1FQXufXoM!%{7pwCX2+?B)fu08Ekp4cA$;&Xl!UlbNn_=3qre!Etl!+lwqz27BJX>A z=ZwR-^Xq5vxl<44i)T;f6DLk$W>1o|QathIDxRFVmQu6qU z^|YmPr7Nz2>nOCrY!zHs+io2HD9taFHioqY*QJoj!IqLUW^F^mS^tx3^z)Z~A^iN0 z_uR+jU%Kq7=Apx<=W^NOik7-%ErU4qnEmlQ6^u4CmW)vJRVYqtO&rs^96NmwzRIo~ z_yU1nqb_RHNsRiV^0Ba}j5lE6(3^89cO>6CasrQ>c^p{qsmEXB#@834(8Mh(u<+F- zleR#uP!_jIVdR;Megk1#*8Sf@KwSvbJQa$BW3ys&D>wi3H4`I)?`fe7-$5JOVf}%o z+Ikn|zcRvcxdPNBAm*5^5~Ws!)S!e2ErylrqPtSztE^eG=E<9Gx~c2q6hG~c`v&mr zb7n4l{%0>h2;tF>3U}}!2S4}b8*jwAySjBsr#bx4!xDS!wdZNw-QC~ZzN3A7Z+8!U zsg!BCi_k#WgnglC8Z-<$0?P9!FRv^#)Hgig`Cd$GJ)-|P%%4C1Q2`J4Yd4r>lk9_R zj+yHsoHTYjzRDt$O~lsBSQq2u<1S&J;e*M$D)fvmN~|WcE?>L(J~lizGjN$Q!?N=} zd;ZZ6J@DXSJMOTfv*X`B0l4cAcRmjMK)?j;`{4QPXzQdslVfzE+_VG(WU?zD7kY7l{LdKgE-7Ht4j+ulPzE>;QDoXk z7Oml&`(9w}{M8I=Zs5Wb4#W+-7zpT?!jh~@_VW1hO@SC=AOTw}9|Jak?#@742RiN` zni|obNu~pkIyvp5c65Mio}t>>8u9MC%T|2;(l2n=9e4gq*XA|XUdgrB{DiyixRc-A zdUMOY_uT*2h4bf)_`@A{CX`ZExEo2ts4*>!9#oI7TqDa2fjN`J3pQybl%c>0t0Z(4 z$RCG(7dy@P{~iY5J^P>Ow+EtWMUbKCIatyTWOoI=0#7T(*H&}aCy(L2WvjXVl?BY* z)Xwjw9l^+efujLSOMGFZxD`e5?x2ekVi1D3D*{eOkt!<%S{Y4`n2eCiYOZ|XC6cKW zjuSx@>4O7Qe@jfRT_s4xC@X{+8Hs?IXmkuTxGp-EGi%E)0ZWVa$EtWeG$`LS7@dq6 zD@B~BXl$r=wzO_#cLMOga6I_Heee0&?{B@;1za$0a@YR&y3}iLynYApfrd2e)^GT` z-#ho*b9wk-qtD*Z)JR!*IcwLfF&X=iT13`IclRJV+F94$!pbg(mYNJo!KVii~4?H;M%B!#BC)fRi-ADh&+sx06 zE0;%WPl|CB6=>hgwPg|HgG3_mRF=-(O+=kIzVDH7QzRlb?YVB;e6S&g@njcm*WzSB z^pgecuS_QbesFKfRR8@0tq^98y?Hw{RHLO8n49dZXcHbGA8_%Kr4_}`s}J3mPal0C zz3CjFa23R&Q7%6AAbxnyGyKQzr!!;8T24QBPoAB>nm@hzHaHe2pHCjPH`DeTO(tDH z*b0=PMoM7}fy(3cM4bdm`TaJNfg0=D^3lFcStQP}`|ZQxcbB8A2+zE>oC^;>o`Rnu z=k}6!(_~Zz<>x7jI-E16k^BDiH?o-==bdsmqZ?~T<#GsNoc)x58q4O+MXO1s(t$}= zu@Vcevy|Yv(AH(f16w-KmE~YX(7tcLT0)S?<)AH0ltoL+h(|8^{3ShKzv8R^l7%>J z+BBYh_F0~O?iuS_U;pOdQ&0Qk@WqSXp8M4=U$N85DK?mdz;S3C)kGp<8zP8h#x0p# z58Yajh}Gd(5hJ@CxS@vab*W1rxL|Xa@3Z;ustYjS){32TTpb!jp%q2x1y5@{A3neD zcqTM9@Qvr@aKimhbJGcjGj;4xli~=ND$iT?WMMx*m z>+reyzUNuBp`EIVIKD1vd<<|De816%5W(8k0bU_U7y{XF?fapfFRo|0cOgBu=zd9< zoOqsV=Km&97iHxM_qY>|-&Pz8?;ZjCA3Lu7@pT{eS1QXAiSM3!{<)|0|KgXv^d*3B z^9MNR%(L{Mrlzlld8p@c+?UQ_>`@1xH?`qqG=E!JMbuKXcKAHKb|T;U%sE6YftCR? zSAmb9A|B((R~K;0Ef2%SR&$Gl5Y0oHHzl(@M+3Vz|DBFlJYGrzTp#jzw)bWbQW%kx zpc*W4r8OEUBzZqWGP{FRJ{fHGiZwlbrm~O*RsMmr#QLH7OB)r?nL^~ff$FEi%oT}5 z5Sgr@bUIFuXoSt!p#5l$n{U4PdVtHm^yM>!GROpkC8o>J$C?YZi!YJ%~&WEQ#*xg{?afIv|8e zC@7zNPcL-#0chK{S+R8avtPgBtJ#0{8a(Zk(@jV6*=IT9j5Dsd`1}ih*4x*+dHPdN z&)u|X^T5o`5>S?amS&odoy0L;JdM+jpG0fAk45br%-h<{#$*a#xn#Xgw)d{0y>BxG zFC7XU>EeGyfdCO0T?z4z+gR^}7x0yfuY%1n=uH^oMW4Qc%K=T*Jaz6=P8&ap|9t*c zel}+jt`AYmC~jyCzVK1nn6sJlRDm=%0qEHdu?~h#=z!KlEWz)ddV}W|t)`};3{|Yw z|IwqUF%SU%C=|l?7AEsyQr~|{VT_6Lo(IVc1O{K--QBO>ci(;Yo_gx3AFJ3YcW)oN zK2ADuN?G&JVb{Fy%yW+cFOMHT_D^%?zBb~v+l=1Mr_VkoOgFE(`fA>ozwmWCP-dee z$%w{E9)0BJocXo$(8)d)t%);tLzKJbjpDkCFJ(kS0@wA;1Ta{0HSq{@S8U*0H{Fk3 zu|B}TC>?d|RCPtwfp5MxzhmOW19sn>osL0629^HD_rX^b3SJ=PU(x{%Bqa%(fkGmr zjkL@Ls5GqV>@f~#B50@nw_ZTIf;DS{M`-UcK*Ayrp;)X)Q~hYmhILyIxeQo#>9u^{ ze3Ys*_pj5ZkD4)K#w{9cI;mw*4%)kge8DsGVl7b0!xoB|V{^@Cj%Tltg98&H4+=hI zu_#|V?J#b<=p?Eu;;2A8M+<=#fps>DM6{Nuoj_^t?^Df+04<@&d3nYT8p2iQoB`=9 z2*Ee*eTc_jpF_fqQXZ>BYr(BAyv`SId4g5z+GuF3=f5tV#@L#2T-P(_iH(KC^EE%7 zyLce}vd9tF1|K2PdGwYpBMD&Ju%;DSccA;yfzQ3B;JLWlyG=z0qPn`e=gf1?+VZbh zgHQeSNv`S6}_zj;@YxwYIemtoX}fu*V2SoH3cRzV}&vbIUil{Wo9X zci;aUQz!1txVj-s9Ma5?iYO~PliayvHP5cy3d$!+ifyU&w58XQbCcM@F}@AK^jd4f zgBMEu(`2lRxkS!Q;VUng-CF@gQ-__dbipHT+1zm4!TkKBLwS73S}uM1Rl40AiAcm~ zn*?g6fx5owbOvVA!c4P_<6n_2fKM!HG5yVVd2H4@RKy)n%2+yU#YaK<4`{vg$9Vak zdESa^?C%f>1V&}h*9zCoBlQp@FI&p$HEXn1QoQxboBZ(N)4217uW|g$ zd0c(_P#Zixv**t=le*bS|+O*J{! z#r6HbD%nB?=cu&877;4r4MuiW$oGx2D(GNqtx4sxd~4cN=C4`HpZ_+Sj=pZryXn{5 zb?_`&8X9d2w$Ns!yFKuz37dt&{T_#N0Hhho$7-fT|sgI9UUEW9(?e@8UM_+*D`bj8@Fs= z+O%muyY;qPzpJ!{zEpoiqG0%74mS!Qe|oHTT9%jrMkS4h!w~8RY2z}b_Y~RoBto2 zt7&{Pg<^-S)PX5F16sH!Y2hj#0h}^^IK!$dx#X!COu6qR9zSOaqpK673hsNVP1TR1 zFSQ?xFwFXnMQxUE+RktOJQL6Jacm2PGBVKrj0Q*e{3=7)mcsliFl;gFy-7gv-RJXp z$Q97Nsp1{hM;>`(*Q1X<`mu|hyAy!-IZi+GjP_SvdfDsh?6QOHBa%!e^&^ixy1yl* z9yM|#Eh9$!=H*vjx&5VCGq)srdVU9d6*SvdY-aVQcJ>@Ti1Q{N#Qvk2nZ0-|rya2m zJ*fghDx|hh0&K1DJdYpV`y_3zyamZru`m;7o_Wq26Zbx_=SSCH%a49|&F-7BtBpvj zfln#W7_$s!T^Ac&MN+6h<745JXiHKcw4^haqrER<1b|e3x|x1&RaFE_$)Ke#Wze3L z#`bq}dtfChcPcpiP_#}5FfhG&I}B}riVB4G(XL;tS`onV<;w?}Rz#vOcn~RDvN@SX zNT`lD_(Bu0BW5nFG$JDT?x&8#wrvWYB9qIKalNofp|OlsLD1?KN>EkNjBUq^bD6;T3{W#>o8?uB#Y0L1*wIZh#w_o~s`qCL*T>K7R#Nmb47Z}Zhh+|azeE82#9mU~$ z4W~Dk#gYLNLknz6)0)n6@7wEe9feSq;rVML(HhJ-5beF_?lju501MJ7bIm%sVS5)k z9!J;Ilj})Aj}i8gQnLTP`=uAXz4)KD?tb};pO*dbnje)98PvS(*=L_El1&95B4sg} z4;;^F=TGId6AxreeGQ;-J&9vg61S^}Maq!M0FZs7@DEy3T{euEU43k0bFB8negSCs%BEgcls%Xn@+%EH4a`@l|o;r65m;UutKK=L$+{(w+!Sh0v ziwIOOwGMa(f^aRx9gEhEZoYHJ^CUAaWf42@Kd{l-MQAGk-hNn*4n3f~A(T1i0g9Y? zFYLYr>O0 z)z;LVkm~DgdC&AnYr49-^}6-z4+E~Sr2G%tb`J48R|6vJyXCs%Ibv6UNnX zKhWJ5!l;&Zr`qs!0U@mLK4>is&@j-BC?f9#hQX0jK7+~MeA zRXGLi1pwQDe0?8@jZf6EXiuj3_TA62VOuAONW=(2YZ0s!i=tq)?uWfGJbkfKvMov- zqab0|MY&+5KzRsda3^6WAeTebS3`BB`G2K|YE9fPN&zc6`+8BE+o3ZFphpZJE_;&6 zYj%oa8jYRLoOSLi3l=Z<3P?+!VQ{Uf`T|MOQs>#lbKTOCE4b8-7{=72 z4?-&+G+9UG4&|Ea>$;XHEuYkj2+G~!yDPJp^~~poXve1W^HcgPb)U^=eO7M^u}#0@9e=s zP!WwXI1wXaTY;;Y!1s07>aQtpCML=ZCL$D2E(9?E03ZNKL_t(63eq6ik9H;vB~27{ z+6_-Hpam+*Vo|0Yus;*Wj-ot~K-M;vfF3ri*}C`cd%t?| z7e3G8g&%E2Kku!1#S6p`qSAO$64&Qeaj#l_8 zN^RLNs^Wu)I&nj*)GFA#jHZDovO1g4k&{~=EJTM0M-AwL>sAJN(z@k8S8I!(N)DTh(tDn9$W`i zRp7Y@1u<l6Pi*9AoG15y1N#2TwYLJN|h4=Fy`^ zvUcry(>-$)L(ZDQ5KB^Ckj#GZ6;xX{GT^#~HIaq|Z!MuGo1r}7&|jj$!_1~FA&E-K zS8jQjuDMGgTR;Kvcp0aha`M{89(&BQV^O?Ze)r9IpJQ|TwtkhUWN2*#W$`GkS3pP+ zXxy7trI|G=g!D^xsX`*8Vp&Hwu5T(Dd;!BJ62@y9#w`bcZ+2jBZXKe_fNXsv54DYoUaIVXJFBQ_1kPU06=U%=6O zj3%AWP$;-ml{Hfx8)WblG7wYJJ8Ag$qu&ik5`*N?1El3p8y`Z2Q%!qj3xmp&{NT`i zSvhVb-OE`VuM z<-9b#x%NQg|GnJ$orTpzal9r1t8FE5?E+=d2)9i;f(xIX!Re2_zzd(7#-Q?YvThbz zL{L(LcF;l*vEZi1W;1u?X5zL(iRxGS8y}|WFIB*>5;Ev&h(K*y4HyR)Orb`&F1jyQ zEbb^tN)zCF5zo zR}T;0^)trQj_2*IYk2APMLak6HP)?LPd=5w_dSM>7|OY)A4gOOG%gaSSWsbW)0(YH z#JK+P7kKNLSD~vrZ2dRXH$3&&V~>5~)KgFW*r7`QCy#G`_dERJ#-HP6bA&)U$ELQX zg7RpbZa>|x-EAs)jRt82bRrRo%6S@A?MQ~6@>=MD0qE~Js)=9|!$ZxYL{b6J8-I$NDV##BAb$no7M^;g-H-_NP9hO>)n8-vgSG~ z2~uNg@F@T`TDp|mQC@4^&O?jW8k~R%IxtFva%O-SD%Ya`|PK?-hwgW-5&n4wCCDIOzPT{PL@3 z(^6MWGTno1C#WxLArY&_S3VX3tz_6{|G-kd+VK2^4_bOeoH#?P#?hVIK{DOS=&Be` zo_PZIy}gF7z3>K~7(0~D?K6(3ou?zUmb6n#b-W4Njt5n`LaAWfP)v+vKsybF*+N_R z_#`u}sG@#`*v058&?G2!(vT{|*a&Utq$o*VdBh_Y51e{5pPT+FUw-a2?mqPh%B%#Q zUqA{ATMBGja@$|u;)%J-NJJwTWJ*xsf8breG!n3MQMgAKu%RL}y9xtwSgk2D_s`}H z_D1QF$y7gKCEr(Md=Ig$D?Fu9qeiiA-MWu$3>CY#k@r7-cEgQ)?+4#yk3IKZ`R?`WAu3>p%>UhU{;9s+AA(mqTaoz^bLX3e}T@sxri3`=clA$+sr&&E@-#C-3_~%f2X1 zGSFR3i2(ek1u7V`3d^jwgdH)brxaUz(=6}k<<-sGSiPf<&Dji%@i>zP*KzpJIwlOR zr!gME^?V9SA*={dr<^jYl9*kFv?GBUoga2KO08FojYVGP+1|T~f|tP(kzh0F@4_Zf zQV>DmY0YPzoW-)%o`Cls%$AGV?v@R0J zz=;!QEnKi*@<*QeI~GTucw+punRAwAGU-vGXbUrP2xoukRIa*U8VScDol6sUs;IAM zAz~X5B^k{64AruzwD-aPwpM=N4?!>{5LgIuewt)v2bp{q>2)5xXpGgA0tRV5m?TY>Zk+Quz+L)2-ns;=TA69pGMe(!SVf z?k<`Y}&=YJqrWKweUnmG75g6IT)Txt5N}IVG+L*a% zJ2N)zVCMQ(o?o|xdD}X0wWcl>p+4>yMOn*Y@%AJSELk0Dl_PdCoDuJX0SI^RV5i^F z+fPlb$d}(a?rYfE4+Bt~!RB({*f4Pq*mn%yKH&haIA9!E*HmxCKU3^37}Z-D=o%2T zm>8?uW)^Zuc0#PFsinaV}}o7>K;RwHmaGyi3F>X=DpCzl7MdCGN3W$x}LC3}f?y!yClY*_=L#ki#T&#Q{+?FaTDn8lS*}3DR ztgqoCT0~b@H=Eb5Tc6JtT8gQk*lQ%0{pV-+&N(Mw2~FN}i8~cERgK1xk-!x%K;Z{U zkg`Yx{SZ8TlSr0~j%;lFNGAMtGny8haP_D z-Q8FFgCC0*FR05E+#teA28|fT0b@rpv?9h{H7)pB(Vfk(E$gzTE5*|7T|B(xO?o}W zr^XHCO9$=A-gVWyzI7WEJVY#JBumxb+2nWGb_`~W8beL9q^U6aa!?%)#|$BLNyvax zy>mM*Kx^+a8b%Cf>Oo`p;sN97%jeOSC^`%W06Kw^M%EW;s$rolq)=fX6v9Vn%Tz`} z8&DXam4#Lw+JcC-X-?R*>`}()dk!JvDi*hO@$}kOzW&_nl*QtlGQOEJ#tvaOE$0BN~b?KRQzt91KT%&_?-PoJsv85aF z9S=)c_`)DHML_#P`Pgkq`nmiDE{Z{SCX*?uChC%KD>`6wGidN2B9Tb?qpq(_8#e0U zBUxRf%81wONl$tkJ=s(s|rReMNJIwv_&%2itFWrBtfIaE>^!NuGUiZFM?;KlpsjZ7DBitEz<%| zYlc@O`0?Zk{Kw00a%@Wza~7}T{+AbE*&?KSY9a{b8@-GVGXl`MlpO~j0msk8y|73cFp z^&?G-_XfdYbs_))l(j9Pz02@~SFATGb(Q6W5~IT41%xjR3t(q}=g>yjdlb$4jpU{& zhZBp4(!8~3fPySZm{PJR4TEu5C>1NuehO@|UlI~n7Av6OyTqJ&$|BXYRLA(l$iaMi z{}Jp_Rl$<&Jv_dABMaM;6g-bI$Dzz|aHJsXrATLcNV(l8<$=s&%Q>WZ=pTOf``! zIx&dKcpa*!Y^MhT{d6dt_aUl(A&^D;-k?1%11a31rLPtS=^u|)k%*L2@bY-R%jx5X z5syUq){J@hzGA|ldK_uv>OAQ}CwVuEWk+$OjT9C_N|Kp2`tt1vDT7Xm2yJ{z#u#EC z7%x->)S**hXlWftIf~*M5E57U?AuraQu4Ex<}rKDa$Hv%5v1ZsLTh6N6xw+2x&sgz zatZp`^@?C+7^lFflvLO@LTL(suQi?yQbeu5EtvP$(*>K`p)!sbJ{a9tZMp+m5>Y;J zPt()UjsNZ%!xj*N9XmR&S-5cFlON~!xmybOLma1`F>SVGJDW8KJf9g)&t%EE4Me14 z3P$DQsY1vw*Md;+rIwW~+Wl><55Y1jdfQ8eGR` z58H>9s(61(fMA}g!(<}#br1e6Qm{;Wmf&9%Y{P*BvNlz?5kWEmRBMH$Eo#e}s7o|c zoftzjI-ELZ2$M&S;)Y`;am&<$Iep9!dU6GxTCVe;{X54xr%AAM|i@+Y2n{E^Q;|NIfA(JZ05oTEN- zJiof^lemQfuB$+M#GE+Q@uq-U8OZbYV=oZi5794q`R@PjG~wEaDjX-V*sYxTZ4X|7%OY_N4iqr-Em?NP$&Y!Xoc_ z6gs*P={yK1OC*?l?9q{rdko#30DQpXh@%eYkp~}NGHm$Ju4079tlGrg&pt!M7J(dw zk0|P^YZ*4jgfI?NRf#w=maXQ&Kfi3M#2}O(cG%(8nsv)xZ64CX-FM%!`(l5<+_;O=E{~&>q7}Am1Qpmdxxd<2a@~dR-SA$@h=ipHs&V#V-`XnSB_CK1i_^ zf&u$s0izL67FeJ?9~Q2HY}N<^iJ;Z#`=Q}am_H03jHoMT)ZQ(eJ8l?xfuM>O!6s!PG*p!h!4fgF_OXQ|>Xeg645BhIg7U;j z8Y+i#;E-m{-eWkI>^G9rMh~GT?(jzI4xU@Rjg=i4q%>#*bI}9C7pcP!q;ZCi2!ZSS z{AkYGc)mtR8M?KZQHD|ci?ye4@}>=}!ob~6lu7xJ3KIZz!U-o{`|i8%UY{@I)`1XZ z73J-p`RwPGe3&&gbM_29<;1CPfLu0n)~xABh6Il@qmP@!bze9QjW$Z%TA-975~;?r zqM$TJf3hS25sD>+z_@<`?pjl-wu|j{0pKCVP~hb$kqSw*Tp2W`aQpDyazNj(KrzZ#jE^K;@bclrRST!TgXFO zchJZ)NkI|cTO7lrQ)zTZ7rNjAl3XUUV#eQQ+^{5V>wwSROtDwWGF%L+q|IsF(G^mk!&%HVH;l#~hF{9G$6ia=X53TvQJNe&o> zr9wE*tW29ytyqi6hb{typ?k!tRb=%R(8k>p;DTJDGgC4;3NW`1J8yvZoVt>pwmeDF zedK)3UNV!0iP8`(i=imR%OL)c^XGJf4>7}#II`i!9VG!C|e)02D1#?u~Ncuc|Pr4Qi@~*#mC36P~ zj?ZsgRjUG_SlQ3siLDqVhz(lkrv4gP)neKEhjFsAEmpY37*D?oP&ROibqW%x(6B;Y z0{-EwmHhRoNAZdqZs+!`d+CTmM^8jyYy%^S?@l=Sp1bdK)?spqs&*%zwoPYC(otBd ziV4;Th9I+UwpK7Uq@zu7^SvAR=1=a!sKk%#RZ9wSh?|h!*Qu>E#ue_r?cH+&f2jyrxey}{3L zefUFH0I+=d3s$9raG5v2E6!d)E(o(ZY*zJJJQdTTBykqcJD=0Zb}={ z$}>N#pHkGdMP6kv$XW?@cocbJ2<^zt*m@nbX?6`}_QT8>oOJBrT(V>?rFz5RnZzK0 z3no@fCQqDp!JD5^Fxuko1HGPpWm-lSO$$|HH0>hX_2e-B@#qF5=e7K^ zmah{BQuTzM{S|)=IEclq2YZ#O*%+n2uLpp`4?kQsY}jyI7)G3R);T)?zV_9xOu0Ps z=g$Y=r7wMHf0WCgJU%|&_}R~H+;i7&f3q;riEZuX&=J9`K3@E`%Q*k|rPLEcDAuz? zESL~W%w%;hdnYzhPilU2?t;GYwL;TY`47Rowpq(P8#9plTpDyB6f1j(wHrrjv5Zw4 zylur|zH`}`eB!r{@coV3K;e7?tnxYqDjPEyYp@b|BQ2Wqb){RNmg!lS&cafdWCGsv z!V(ZEOIxV8;f}R@{<^#T@Jal=<&%eJyD!qL@Ua%9g#NYy1@GDyco3lx&&W!zZIU<~ zfN{PZ+4Azg*=?qTxLQZ=ABC|}w*T*b-}|n3KAfe~3Ba>hH{5W;`Psc>G~d1UXKdQH zm0XZ{m-?w|Dg-A?lq-DaraOr@J(=CQGiJ=V<^TT2zyIS~-u8~^O+AG5xzAtC%{Tpc z-s;tBvU_;RX)8JR=w+1a4Y&KoA4*pI+}(W{ufm8GazV&lL;Hvu+H;~?B4idZpUD~2 z5@oGIa*?|S0-peQK&aic9T^&hNF4Rk13(Ev?1Dj<)6d@>{{oDOUF$TZRJFG6eKm>y z@3ak?9^6yA0_op5nb}rj9cOeD(BHj~Le$x;uElua9fJ^hvlizs#vH(XMdE~!-=z|}ea!9{m`QZTU+_{ql3l@Cijyvx7z7pUC}Cf45-f%L?+ z);csW9|;AUgx-rmykeuJty-tE z*q{+QS4C-UHK)k;^a4*5)8?@n92{KIdTIX8|M~KJUwF=W@jKu7F24HJF9Y!ShD{uM z!ZDv*w`T315A7aWrW4(AbuILEa^_`caLFZSbM)c!>FH{tfuNM7FRz$Yn8jpVW7UqG z-1+1l&Ym}mqh|I{i4$ULPy}e(V5Gc%@Ux%R0$G|juf)9sUhL!wq*Q&l)@$z?ARExXEfXN z6)RSpvTJA;-~9SFrxSobwsrN@S9AGmUd{F2yYBcvskPb|OSvXLyy0fv@RHN%$%VuM z$|i^?jIrc_Z~gFA*t$Ixa}hD-M>}`yxMq4spWRx&e*NsUIP5-gIj=l-CF9ka*YJ1R z>!~PCR?~ZFRlFkLXr<1&-TRS1O*tr^(y4vA;4fLGk(DG41f?7U0K8prIugPiHutaf zR<>zRdKL@}@TV&e$Ix(B`XP+~03ZNKL_t)p5!zYU8pKs-siwP9h!L!^9O#JZ-bNZw z{Co3y`sqQMN}u+1%%Z0-h|$J@@KS)Fa`8LPWdjcJZojDKH}LF+-Z#g0v6f=D-f z{|DOu{_g(I1PJTfF)c0c;iY9O!~MNO;(v--L4 zbr`}4X|l=8#g|&o7=YR;<6(bvY@?# zns&MiR%z-tbW`DGSUU)7Z$kuK+#f- zK3xme1I>KpYOI@a8!W>U+o&hCOs!6NWH07L-s}Fq4=3?JK$dXJ6pou6i>o<_<79S)o{NkR;9`IUn^ftLG^C+vmHM zvM72A3s^CG1@Ag>B`41xQDDfc2xSE$meKMKc8;&7o|HWxusJWc zKC!X((1ZV!7%31)j&gmR(ee;MIyymloQQM2vy%Rvn1(Ubwc$ILp3Nh}`}wccTWF7b zhsh^wmqT_FRr2^#}L^JY`tdTr(;6 zzdcXB(00IF;9x(jusVS_cKDo;2`En0h>}=?PiAeRk%=N~+nxROF~=P9$g5uUD*Jp0 z{?i?R=diB5_WEs$7BBvGE}#2&qtT$Tcbpq<`VE(zcATHDDkM~Blklbgy~80*W7l$Q z@9MUjHa-4%fRBIt_vgt!22lg<4}0r2>zuXbxKp-gyo~M?T={dpB_3j(w0%@z_c8A}OIz zP3RwQpab{5ZA;bJZ2J3>GY}Y^$hLFAy!rpVWy@y%?t#znuP1%a)*7b`A0jlX%*OF8@4WwZst=wTY8-m2%wa=1hO{f%~f6+<2_ZJUR$O&&+ zc^JdBx@Qz)a^|ZF#ot9^;>`yOYPZ57X1$=0{`JCp^zS z$$6@Iu@JXMZ+@_8&Ez7V zhocUIBbUHYO9+o$M(?t@gabW1K0L{Pt$Bi`+9o3aLtD_vto~(0k_Ryuv4|*CN=-b-=a-b*B~4EYD==EzPB|V%N$5qd zYzBB0T$kM%Cz_%jTH)xUkKViLo_k&v$8mqA=iFX^Tn-CnrAaoaG$d&N(^<wD@j_=5^1_9KeCUoxnN?_G}c(HIpujg*#q%=&+qr%8frMzL-Fe(RrcYZR6C5Yyg9 zWFb<5@}!crKgh@ zMO|X2d!Gq-+e}Fxu$8viJxJIBw+((gr4>RW_B&bD1|j?x5GGN8qp5B5E^U(D2qmD zk2=YBABC!H=b~i+XD%M#pYC4A%YOK4t~ljL&Y3reQ3himF)_oXO;j2q^mfgsO|@f5 zaM}zu>v*IWqzUXi;P&%^QZ_J*6^E$R$Gsqs%I*gdakjtynrKN79JNn*)`vA3qXTAj z6u9P+GkD`qe#4xec8=`pp{k7&c1ke|EzeT`Xd8OsfTAPHv1|l0?)4UPoJxd*khs65mD-DqdoRuQ>~HTBPY;k)Un1A1R;9!&g@qNVJJzGxJ_>) zF3GOckln-Bu?d$v1&YL)HSc-Pdx{_V$Vd3>XFvPAI9I1J0MBu4dVIrqD)0j9+VF$_ zy_Jna`{?Uv=g}=YSiOFWbA9vA?TIIzcpJdg|M`vPKXGjY=zIsOHlaK_Pm<+8K++PNpNu)Cd!dO`xsXlv)VIla8@=%sw_+!Oepm!HkQy!aGO znmfSG@e0>(+{$$uc5%=4eQYmHG9JemYl&2VQj*Ez7lgvgPF;ZvEFpZNoD1g@PAit;o%+oK|(iE z_Plea5(sT|=&sbgK7y;YvwGWt4SWI@_$);UdUOnlV>eA19C-Y~mtHgsaPEuFZ5QFr z@v;5$alZjNa|9fdd^0-l`x&ncdG7?T8zCtj)OE#_YIbunz@6{p z2oYLYij4+K`U-sJg(vXYyB=k@S|d=N9xJ}XqimL>BtFTGa9sNvezTU3TyrbcMuS2w zKwH&h-CzhZKFHHg(GJLPm~tzp9Vj3%hGKVH*0s|f-7lFz(bQ3i2pFTO)vFMO=;2Y= zKMG*OFqHGpKmP~aUER{!!DIIbcK0yUot8qFi$>n}u6O?wc-{p6=@GzlTp#}Mhk5af zU(DHOo%7=DPi|iXVD?W?T{w$BJL^Qg{_|gR*DvqIZr=@HyE?mM!^RCKU3~GywauG1 zPjBEeTqm7$k_-(EfpAx;RCMRoteJfLlW*my`7^0E8m=|n;!KuVg-Qy76O>qTp<++D z&PVQi0Hd01e@DBs&wLEfIy`^M;fk~Q-8%t=HaO)d3P&&D11~w551zJ?<$YaD>IR9? z1fsmNogp?*OBys1O=2whK(V-|onvP8a`Zqi^E=xKLSdpFGgPcGTxl>?tr03kqypN* z2<@=|BEHcp(2?t>yD&f?3Vaoxngdz!3V~Vp_047R?R@Vs5U7w!JjuR^&0g|avJpdb zPuyHs8$)j)$1k?+?0j<9{l=J6v#T?!pYGFFa^*Y!guj3J*>rd0sa6|apTi|9#%OY3 zfr0MDbQT8P$Vh3=p?CL?%5)T(;!5I0bDU96Dj{LXMFrZUe(F}3-vJjcn?pIaeEGf& zY#N>5#JMx+&j-}BOR#G3B$dWEiAl%>1ym5CtU`M!W#^tqQ*PQy<}WZ(-o-?D4-$B@ zDDSrDfS`W-W90y@eY2y`91kfJ(19RRv8a0^mKtSMAnkG zmdHAFO|eZZN}AWBgt77@Nh5am;$xdr4+-h&>iPGzYuCI!muvfnMx*XJhl}SrHo*FA zPA>rL$`wbA|IfAGd(UfM`&!nlS@XO(TcyM_C< z?BJmdThV*QvYd9w(j|Ai_dV}PZoc{E>CHQY^}quU*waosZRhUYL!jJFLoWQ?nXDaRKXoHZ=~09cbmrjL z!&rFAa{lMfU&Nb_Swe>qYFZOmoD{2=Or|tFoQ<^@ZAi4H9&7521QA1bAz(>&7sn6u zbJqMB968v-oUSf*7i&B|T4K%qF-nQX29|v2(|e;R)<@Vix|Th~tu&HRLJ2^H80CRo z;M(t^FeKm=0aF=xD~g&avuEsatVuk=UuEVi$_ioxtsL6CGZ*sYM49*f;!#HZXc)BXZx0x*#DlszR0D$?nHjX&*1swoks7AC-j?IGq;@QkT|0KTk zu{ZK(XRRPnLZhB|=7H0qGuF@+^)jdD1r(xwtky2*nikImnjG}j|Ivz>Xz^&U7y=d0 zSC~Uj`%(&Ffj?V5k8fUlDtjiXTz2g(+_iIz!F(G53L}cdXvXTh*g3YI;nEHo)CeW= zltPo~E?|W)2rv?}e{wsMl|2yJZ2zp0Oa#js$?{p33)_~C)l`utunuz}A$8s0b;m4W zs8r*I4Lj(|w`FEPiX2wC0Nc?PQLfhc;5EPE=KD6H0zsuCh~GIkJ9sWVwfI*pl9dW& zAVg8C*BGB1!{qW$+v?9Sxqb|yM5xCxwQ|LoPVE~-jZOmCd_GSu7yb&|XvSr}9zQfX z29qT}4O8;a!;dZixc1s>pI2w=GzQ=~uD8GK?R@iF-zcp-W(AL}UV{OuYqxRLcYn&J zEkiKkWq(D<>eZ{SS-pC7aeCJdaSrGzt(gwlZei(M{^4zxVPhxglWH$1QN9H#erD(o z@Dwno6eEp<8=u(a4k{&HYzHR}WYnR&DQs#Uq)kRGcXM)Y3p}Tvi_SffFJ5{wZIY)P z$4KZANg}So@!WQ8%>k)-vpZqD3ZM9(l^*s5rD$uj%x>?aW)doK%y6y2&e1wy7%|wD zqdg31lMrJQN|ilSYWoRQfv)y`I--6;l_w?j8QVZf=mUe7PF4}x)Y&(&8Bs~56K_)c zWB;8>34w)36cufF&o3XPRGWk_?+^1Jv#v!6QEV72CK%;;;7^x_D=2Kr|X4iS7yTA+~cWnR$3Nbw1zeS~kn;!M8&z!SXjr@!G%$1UZZ zCoZQTikcWg9br|2vC2+L_5E~4y>zzCA|Do9f{AOxmm8yuPVOWz9=vKK3+_s}u}-Gp z4;X8_-arZuI8gP^z3b3A)jUOxNLfC0_DWv;%4P;BQz{;hfVMy$#j4#SY~MQpxuDr9Y^^vBr3K)7<*8zxYq>h@ z_k4Sfzx>k|@!qqJ!T^;xaY4lcvaH}mOT^D&r71^D3pXE!-zKZ%OlG{2zT>KKE&0wU zPfxCmq^pBsJ!XHo%5Gan&~%0lsMV2Epel@%N{ll^KI*1D*GpT}Nf_ikiBB@+L~S)A zrR~&{idVBs+srPIsMLtX8kB?}hOgeYkq3tMB2k+M5e7KgpUO1!XHGaR_7vIwv?12C z=*|n6z57x?Exmm`^>fcY=juwSx-{*>t3`9T{I6clM_>P9I--D5&CPJF62vy8d%N<3 z%;;X|QXgfUxRQ~UaAaDVq=yC$QKW>77!?Y$dJku;+Q~$1hceU5`zkmoJ;VtF_g5vhR?~pv`3}UpxUTA zbcvC~Apo((7kxzLS- z+{`;bjHPa>6zgM@YNOP3g-knFjQeC(dw7M)^!G)Y41!c?&$fOU$*7?z7}JWzC_m~@ z!bq*kE00{n(w=U<@$hE)+uNx$V*cd^_wavie27|-&>l)kutedSV9zf6PfY~Ue<~%E z%4J3-CoxG4)@*^;U~|z^)i+x@FzE;Ygi@vKIQ*H5`6o9Q;w#+9DDTggi2T4#WXAfjRFd-t1x4q@9 z(;Iha>un$xS)jeQlMj91^~~<=h5*`vfVMECGs@AK&(V>~kyDC54A{s8DdQa30$@+6 z%!51jW>PiyL(rPk-R)^Ke_PGYTNVAXz}?bCND{ts!D+nu=tU$t$)s^(bQaL8I2%@M zit`HFb3lt(oOHfxcZOu@#7XY0BmaU9bgbuiE|n}t1tESu58v4dUA z?u;0(mU(FRem3qav%lQHs)V|pWTdo}p^-HVPi$eVyo>SjkQ;Sa>+F=VPDa(Y{zVzI zh0aK^tvJDlZhz46>J=>snwM@PAWWdW7JHty92B{I;Qng`5-1oh!ek{&7am)`E;l|l z)&*FU;&WenH*dZ46s(P%F_HiI01qz2GSI!4p28d;aU%(olUhcTI_x!(_s=4Lxu+ki zbjH88xXw>|u7|$1SyVOTBgMzgTFKQHoy0dE+{BxHyoz#c$SG+8E0r_VQOZYHk<4n? zT8mEiucdROd=+e4lF5uC<0&uJreZ$M6iSRm5uniC!P3p)i*dr=p7a7%4UKZ+V^8qj zZ~TIrAKr{8ji|sYZfciDIQ`S#Z|?KE`)O`&?G{jY-~Ztd;L4AF41l(%y`}5q6ej!n`k6Iz@YfID zcfWbQ9bh_rCY>#V>x5Bac|Ve*MOc7OdF5Zs_kojCH`BN;UJ&Sg>f3+PHBY z-}?5yPjB8cssw^mgk@fe8h`xGa4`3)F+hCTD`8{N&dvKL3*Ac*W847%SJB z4sgCwH>t+G2PZj6_2&FiEY0_kv9)|v=jnFFrk(<>^Pr4!ZFp-Ps@fP2O4Rgp%w?c^ zDayJeAu*bUuF%&QWqxOsnk_RlSz%AD&XeUb1MLO+^8tmNVzM^m+WIQzk5r9#mA-Ul zubdk$Q2^r=!<&A3H|1&qxs;2pJ+Iwi9gMQ%D+yuZ-mCI^k~$tXKX}vK(26BA0Sy7R zY;VcDpjvT4KwVw!^3`iT#`!Njk+I>T3r5N~kfpUGVhL@;K<6Sl^E0#el{)pgF;42* zcL2bTr|057?M;Dz4PD?(brB@RN+`r6XbC9CF_#`bkE34K&0BA}o7aB-PQG-}DJ<)6 zCy5ot8r-Ka**)Yo-ThMuB-R@ywV>@&4Gimzq+Ej_ZI3tE7?RQreFwmSG)%YUHP;uv_(cFVZhE|t9@jG1>jY)M z`ARn&y(v&ipMJ_It2b_3H@$JsxRt5_^%*c90qo0P{bIS|@BfU_c##z|yAb*)C3WhF zW}=?3r(9>-#3c9Zs4_HBrY#CNW>z2PESSlX{%({Ne!6)lHi;n$pQirc>5~9C_(5;6 zu9a+J{$j-o_>&_RGf`?}%mVR;TJ~G4J-}$NHMlfg^bWK;ZC3f|L78F#6viekVrdSE z-r3eqfA<1N)%65IC4{P*j$9{+Nl0{s?tGDIGET8xVzg4FoCs}^akzsZ#8~6H5GZFu zV4HL}BTike8f)Hr`-AKlsUf+bX}Xlk#(H^Vsm6p2jSe769A!(;xPFKOrWuR}a*{C( zOa$!M14B*U_9#;H4fHT)?jRrf^jkUY%#}=zlu!z^ae>L8-RH1|e4&f3j@eifdtoTm z(!w#nQwdTIMZrb{G2S3b9H(FTjzWk~tc_umCG@{?vf5yNPl0Ry^c=3d?Gave!ySC` zykmLA5esM-XC~%s98`9Hq(RnVGyR7t*2}&tkk0zkgi&N_GLvazT2R)h{`u%fdoE&l zvdndNuIJu|H(|RASX(DZ1oJy<_}`x%S?duNso_p~HMC)*I6re@yC@PH#<#HLxwP81JgK`zX_H_5ko+pRqFI#pvPdu@yS@fH! zS&LGtbioA|m6|&z001BWNklldj@}V z^5G;#J7oI-2VzFKno>QCQZJnx~_OiNe45G6cy+TM()NO-uEyk9L1e>?AXz3h|Kjlb{ zICdF}7R+M);@J$&>ZhIyxc%{+v`50>{hjpZ+o>f94Q)ZW;8w4Xvv+a>{T+)5RSs(# zKKut{zRG{7Hb+MpIEbmt=e`QnrK*ZVf|{+~ajag!hn3Ny>>(kaOKcidzqYY^L-0r#UjO0iA1|(HU-KuR&4q{bhRU4t|<&; zyuxRC=4J`8X5aX@>w1(bux*GYQdhom;iWH&fAr()ro64doeSBAI{x_M;~Q_h@kghf zb{hBGbI)`FFuk6-?!R}{oLa3G0@z%H^mJxQSy&4?Ne_Pu@Sb!F_sjyF z-<;Y9hQV0_@`*3JiztdPae@gHfpH~`CGf3nP$q>nY5LmooH{SZSqlc)GG64fcRk8? zAN!5#_{!7T-aNZ^n`k5q`Sc4{GFXTx$JXiCDRt0q7bPuVzx2GeEw-*{HRr)x*7N91 z3N&VB!jk7K}hW_G9+uxWj!pXG4uc>gxomwV0|l z^mi9H>!<~sb;MkboBdjrykG%g6k>IPv4V~hj6mKRPMy=oqkG5r?qfUYiXvXJY$kJi za!&8X3W+2XDq|x8l z1SNT5tTTykw>&_l(clwjtz4A(QZUoSBeiVx(8r7Oh_P6bTS^`)*XU-fs z?d&sG|M2?j;sf8??Afzd1IM_xDe}Mr5A*}i>)=0~06fQ4snmk31=ZJ$Rmwf6;OKvr zDYTgB;Q#yA`LBNwxBd689<*X+Mq$W1-gP-guUJgAUib4;gBCY;4@@e)<8;=QRZeeS zG?eS00~>h6*`kF&N%T1Rt1zR zyO}8O!v+CiDnOIPYwJ1YP83Mc^yNaXUB8ph-SLQ<(_$U>Dpkfy4TMn8NRY(2_$63u zVh|OAHfYfp6oGc1Yi4%`D~?~p87mfW{9$vM)6<1EP_vqPwNBhf#orAC;^7&BR&dh1 zK8~9^gH^kR`PxHI(3i_`!Lr#b=#cg^RNJNAc22?exQ z@3RPXU1PGig;IUgq2+B_ZKv8k3PbEbcvi75uJf9s79kSw!CM|=vfkj+=bhjTl5FfD zjR}GBdJ{|?0azzF(o77@R8~MX22f2c04vb06vM?jpZoa(-1^8Sx^j5}5v+=^HbD>) z5fq7Y&dx?A&-_`MI(~qOVv(`QN!P}29kW>Lp3{lROh(-*pe+wkkWJ(y?E<83mH zh9@Q+aJ5*5q5aw8TCZ2X@x$xC|Lsd&{xWX*@lOsM^Q5s*F2DTpTduqAx<88Zb~*ug zmg}P*`S8r|U3dLUo_J!5JB)kVy?BL5hf0Y3gM^wtn)N5IxV-(5yB_?3C^^9zYtO&v zRQZc{TtXZ>vlNX3Z#i(Ev!)gAO>dR;b3F09c_&+H#qzDy8;NTT$mN&{;Xg2wZv9TPiTi*KmQ_sYM+(}kpRg7pS zC)`;Wpu24@R>v8ZptUh=t+|~L&Qp%K_!lz9IS3emLKO19 zj}P$=w?Ex9;|qP0yhiN+>|*}d(oSU7{zmM`GA!v-1X z?Qs0>*f3J6xWH*Ve_g~m)G61EFrqv#4yv($XkIvf2B*y#;J#hM{9xlwYFcyNqM4jI ze~^w`o^qqX-pNh$w9lrmeIAkI-M!Qr(9#jlQ!;}Vvm`m-kNxEfC7_`zj92zhs_#de z1o4P|t5T;*Ltw=5=S5>B0UHvCP;6*kb;Mi>k>UeCe}H<@;8QO;k-UnCeMct?_P*P4 zAWq@wa0|B8{#Gne7@!T@x@J57aocLP?jNV8Esr8}$%F3{fs@-!te{1qG8WAN`|>-2 zf8f#mrCN=NVu@~BTnDZw8=DOCfQH+SyHb=O^Y(dCz4&h^({Kb-(fuY<2g*Q}l^ ziqo@)ptB=A;T_;63OyiDKf77kAKB{e?&hw$?xb8UU1*H8^B2#NPk;Gc2m!H9Tq_fo zU>PrY>d@|K#qHapVx1$P2$6!JQkkD_*a5karZ@W2uwRt{Z9T=w(iD03EqLF8b^a!n zIb9vR^TZ>auDcOuf$P!D0D+Yzb5J}VTc(1wvU%-+0lP)$$JzC^h@_+mgSAe;Mj0a2 z&Ww(Qh)ui#ViQT2P7>Vy>5LlYUM^v{w4H`d2qeU0T?J1s%Q6?Y?`^q&Tet4zlea%Y z%>se%Fr?-~n5L$JH4r?4=q{GOJ@Tg?vBS#AJ#AX^DQ2MA7)b>t@;RdyH5DC7=UFYFjCmM$tC*{zaj` z&UT9Cz400k7^k%_SO>a9QHeDdFP%sKpGLgn$M>Oln14L~gbahB{E-sal+Y@m62ydF z?aw8@jsoc!Bkr!mcnV=}A!2B<#+QF~A9rooMXU|og;cpwd)z_bl{BrxBX}+DOuQ;Z zJouzGbCnR8GM)&-kXoEDIx$YEQgIb~;2k)p1b+)*h~2pt_769=z0eLF9Y`2rO)@2! zPBjA)ZJ3-aIwP*3y|8yAyPC6R&pJs&^ann81^@JqS3l*^4@CY=so>u`I=eo4XsnO_ zx7V}|z_VOCw(pe5$)dk)72;jXoCKA40~9r-s(aI$-ZZ^&2U#yX?>r_aC#lvdS?9I7^Bh+57rr9=kEne%i0E|Vnb_qsyU^*ndRZT13G&q}< zx~f&Xy|qde-)6Q((bqATAPijqv&|N%YmZ8XIlybgJENZ*`-@wtHYT0zEhcMr7-B>@ zJJ?i@zK|0h-aW!cfAugEN#doHTdUro~(!>}PmAav~Bjf`wJDG3&?ZsSv z=8+8cb|OHn-XO{N`>ob7$|Zd&z4pH9M3 z21a3(a&I#O`vp#r$NOId1WqeJluPPth(Qx7=*>s`YV8i*__d$#^VLsc5b{CL)NM$^ zxis(n6x-1Ii%F4j4?_Tm3Q)BMtlc)H=O$h4 zzWwh!5dtS(jSaj8K%gj&PY@?DH0sD>+p@mb8E2fqrj3t3IDg@Sg9d+q*d%-MZMi!) zZrt!6e=Na&IsteNt5UC$Bsv??W-^v3MJG^@cZl;Kpz!85z4=quTyxFz#vQP_+B&)8 z_S-r2^wUhKRCHj;kGz2uCmv3vTtwmh*nO30TjW2pO4`qzo1Iv}D9uDwbMxk%Gy-wW zuGUt*9Qb8j>pHco&D40(;2a<(ZHw2L-`l~T9krN1LfS-;lK>Ssdsv%-^o;8UDHNiV z^O#ruXbr^E-~8Vji@|uU|7MU74{a2Wj5dCz>!?%~LqbQskIwuItW_;yEcT$I1gEg( zx&forolMmBp*$=?*#I3{uL-ZvMxng`P-hf!_pbfC?WPAAtJIyb$`nULX$3G~O@K52 zNw5-OHS|S_zc_6f|NV{&`SWvLfC``zyC7{b?tOV1ViEV{-i>y@&NdS=KUBby;KY6+ z@CvG!MTg(aLa4XW=0|4W!L|fe|>N>_1KWh31h|W3{5-^ zTDycrLYJ(G>t5i^lG0MuTIK6qH_jL-?_g-`F(;WEh${#LP(tFtnwf|XO%SMiEi=XD z*R%xDYOFbZ&I~?t-m!fBzKvYJeu$o2gc0p5i!mf5p30XdkC7kmYgF?$5{M>J0ppbh zpZwYVyz|=I87pf#^HGZwFIi~+-2;7m@NYhY<^ZOPh!AVd(Ek1Gn;4t&xu%S@l)GcK ze>TkKolfbz8A<&7Hj}DBpee-5uwje?B{( z-0`#@r?Z1`8;9hs3Wes+j7bpL4p9=mV;siV{CBy zuYPs%^sY@^r=Na0t5&U|r>*<^dsp340}7{}y^`0z_2txRbx>hTyL&1+xV6358tD9F zm{0=l*|(oZ_KbLiJmXu$>S+%&(m6IN^R~yP`uBd8tu$5(qd|jD-2MOy`+GR7zni5! z9n9-)qdUrx3mkvFW)d2SA3JC>#X7ht4&?CwO0v4Ywdl%}Uk~z`t+hnb#?0;oo=)ey z*{!uttH_pi5lW3w#!5TfeQFd|G$DpSYmgikP2k5K?V<3)jYE9=_D88E2@*xVOQH^Z z@n#1gNv#9}h!f5^d_M0y;|Pvl*h@nT6O}kKUU51D@)VRs>gix1)9JT1AqsMYDo+#^ z$b|)RK?hM#AP6Fq1c0J5Ka)~*AEWg>Xk8_+0hQR2Q^FU{JC;>PjPsTI)^Y2W-Mr(( zWn8dika{x0&haWUyB5)w@AZkG?*?H!?ybc>8qH*VjPc428gUgRfkU^;R7E=_O$Riiv%rE_og)!tVV5HW%fjySwZC!y_Y= z+ittzWsvbn?#yfY>6wQA(smMSCrQmOViRGRRd$Jy*qL8x}4f3L;b2(}L4CZyWFv!_K^-pr^)?KV0 zDYCy(C6tgk?QL}Cgj^ILR?t>qQZpalkw`n}(%N9nBwwcPoK)K zK3JBcsGBPLicdJ;8&1j1f&ZMXZ&OqV3W4zB&HMQDovSHn15sS?Yv(Z-g%$=)we5Asu3kK-O38U5h zKujU(^U0b<5oPh&UZ3 z#A(|4PRzLrX0fAG=l?#ifpeG6Wv~zu8#e+GtiOiMc75v7*qv8w-CyPtKe?Ch-m{*G zQiJv|@cIHNF2?%b>8_*lGj{PAX|t=OG611?hDv%11j>zMilq|!Mn>GMKQ-I(uPbuE z{gQP~y)NKmTaZ#^>Wz?(V97jKI2$DJiKRuXB2q$9EK%M!;$COnmQ?gdw9)rpcG1P} zTf1R>{JYMf_rL!NuD<&7BLG)@;*;EQ=k0$qXRu6%@@KdH^E=<|`ozaS_Fvn!ZGAa_ zI&2YU`2vU&kkGZN_Km{B8$la8qko1RckJGzuc-0mkZt#>M1xZ3zTf`fV zJ)GAbxsci29Yi8n?YQ2F6)HNW8XIbj2K%aYHjR{6H!{f+#WJO89kG^W{oR~6dj`kM z>St+J8$sl%)I@8qWR{MOnxDy}6`2UiG!+BWz+sG`w_`RldX{427*Wbw5_ntVDRKwR z3QMbm{o_wis*j-p!Dw;qcICiyqCyNYSVdK~pl~`ieaWTp}^jR;(96Y7UPpf}9fS!@zJA`J(p!MEH zVFTw@C?bRbyy}O)Wo9noD;J;SFdcvr4@6Ze6OU>O6a^nNjrba^UdmI)tpjN9fJTgMLTJuSbr$x7l6df4+ z(~e3c*o`~j@h7LYfB<^C;OrCN=%o&boA~=#8`={?W%~}KkzjTV!J4gr*dP$O>}7xQ ziy!^)e=nGhR?`W<|6jZJF@aB63)0hrJ?*F_CshTYHQeE4mM%W* z*AG4NVEQ0ftd(VlE&J`{ z-~1@1e;pu%Pz=}@JKzd#vL)M+Wp%Bj-PQJX_tu#?=ljPwGk5MvPT-g12_`$wvyUIi z+TA;I=g#Nzd4JxeT=s4LJE3LV&(S(ZzUH;}AQn`+-j(DK@3gcCT2HDzpqnv{~PkVp>{ipg@B zk+RRh$yxSI%rICekwUPbG0T$13`<)ZS&+++^*lT&Y;%D%@6oOykO_#?HUYLscq+}J zwv8YZQVM5;BITTZg83!|jhSQ>r3U z%E|*x$`Rj0tZJwYozDND8qnU9;pVH(=DbCnjF&2P1s}J+7eZh{w_=ed!68h#XJ~R> zE1j)t$f^dyFpPcsnd5{Ptv&)_?BFb-XkLTzBsvTkFAgwU8X_>E{fug8^gJrs=dbR0 ziaYiVa_xnidBwU#1cWGZbTqG^G24#s7nv;dGgBNzdd}m(h&USAmrpv33O}3=knm9a;k9#58(% z3<_n;ub+azDmgmZTke~foWA&lFS?RDesu-GM+QcD%@6NGDCt#pd~5zgvKroAmE(2#A%XdOSO zBjSK?!9ZFV8_b8Tkd$6@nQu$kGY|% za|juB+6%4ZZ%Ipz&t7pVr*=0}sJIC~df$wx?@nT*qTZk1m;fOZZP~?iG%iAlEZX?B z6;1r_IR;WU=6Jph(QA;DgFI8kqvR{2?)Q15q`(t~Z$EvA8z0)mrAxZF?xK_EZb(xO zp*hn*u{ukjZ5pASj74nGn-Fu(C6&b2$cSfqy#9K=0r;;wytLXKR>Knv2wEE9tP_zkg_fb6kUR+o2H=^#x`(I)^x|$P`!GHU zVA83SsQUiz^?R~;^Qk=f)m^};Nx*OlZ|9az}h)o$4O>Fla(3Xc-KSRv-gPgV!+A&OgLvEt}(i;y(*Y;$Z1O#aMNX{v9zVhLiA=% zQegaY64Tn81UVB0=FFXdoQs|iAW?+c5F!Y5NHGW)E|wUYtuk5i>Byy7($c`%wnkD) zqP3lVGL5(eQ`4CMkv8-X@Zgb9xL23k;QOLUTHn+C23Ev zYkZn_-LZ{Bg{qtOO?}(y!hw*X)v!m`SZJCAeCCQXc;4bpd>vSFqO=Z#R;&MPQ8Knc zGDe}P;E6QdE$eAax4ImA?OtOfnF|ocJMI&#)&OW52`$7isu688rD~pu(qXFMEZPW^ zft=^DeRz`h{9+rPF?{~2vsu~JNWrh7@a)tnt%b61O`7%oaC9m$r_Z08GAVu=8)|#L zh7f6#W&R6^XB1j!Uh#tmS=HIhS1v!DvOBkLJ=VvU9(;{4JRGBFhDVHk*K@g)$_LkR)l@s;QzmWER67KV8>^;L1 z`(ol=cXyY#;QR~z_@}qs{?%%=(g+|$8Px8*xmQs^KyYSRH}k}5woPj-Q=$0UC@eH&<>@l zh1=R%F{iFZtXu?(7r^&PF{xkaO9u((REo!jC;0MXyQl~fMNY^2^mx)YZha7WH3Wk5 zR(JEIKRk;C=?45TaQgXZ;z>N@h~#wg7-FJv5w^nA_tz%k7H9!Nxquzpkw_`Yr966b zIZkM6Vnb&$#uyGy&vHlKAVY-;LKzk`WJn2#C$nT!mXt`jMkZ=vY}4f7QjCQqS5?Cb zqxrpP?ZjOoz_`d@BP3EN0;5q1^5rUTzjG`5CkyUj9T_MQgH|>(K6(RGO)BYE`Lokk z^JkluTUc6HZN9K5Hb#k>xliH?XZE83L`Yg>Skk_kT)G8AV9kppHjF6o=o0@t^3<9d!(A%2h$~6nQt8avxAK%BhOL|z*+DthNES*Gy^pwkM zpjP~A#0B?zguBOdt?--QJb1_;@LY4Mg}_5%LTftIkV>(xyNOTT`y}VA=wWoG=g*4D z001BWNkl?ylcU<$X5~I3vGI~ngn?$N zP-1v`hMCzC)gZL*SH$j*z8nz{k&yf))=*YT>6%I<5r>B0z<|9nQV36ZU)=V@6Mv(% z{veP>DOlbEs}@^>A8ic-M6rxHGJ?n#Fgy1{Xl+2-+FEZoIyCf!`N}lk0Q{F9Z+Y9B zx#?4XyW_+YPrPJwY;*<27>Z>fCT9_y?N+uT3_^#P#;j$rF7HJw>xFa{0{hTbU2T}5 zF@$eNvo&i^c=yEk#HX(M!zJ}LL*z;_rX$ebn55l+aD%drr$^;pn=y9x?_&szrne!>3GJ<% z*3(Xi=IPN{9_k-sAYY&y&QcA=FeVQ&z(|EBJd`7!X@_t~6rl+jp4m$^m?bK++BHnp zMb}Ql>9n9!uJXn^w(|7AIAkQkq(J!8$pVrD1A)DVji9$N%~?x&c<TD|Ye!v&{D}DVME9C;jcP3IFmp^N ze!~Vp7+kWXa%&yC#!x7P(5!B4;qjpf>kshg0s6-Z$eia2yT+3$<|Ih>dyj1Zl4}TO zN+c2{TfSkkRA6|vNU2h>?~|wOhf=C~4+tp}0ufnvP3+%kckLv|G)zvyll!ALUvzdX z*fu#i`Qq!Y`^X>u>emmv+8CqAWe_VC!HR{oW*37w&<~XWcJ;yZEP!ZfZt>4K_ngn~ z-@pHv`RX*^0Q{F9TONIk4I4JFbLY-)wzsz~4XXZW+89HrEEt`Hl!B%lq*6%jU`#xl z2qv*CvQS_=1!)Dt6Mzu;nSAiZ*S~(pcfR{izcam!3g`C#Zy>%_nzcdJ{YAiCD&TjA=>~vXV$w)5+|1S(}jThC?JIR@4;* z<%o5G2H)A-_BLhM*xAbJ_C~bOJTsc-fg__lIXntFPiLx#)@3R>M9DOsw2i06FgmlB zf4Q1cDIfBi8wX8o$mrSebOI~T02 z6iX)?fxWRuCSY_L{LmJ8Ygq+Tv#@^vQSza!#XdK(X&9XZKR`lyXk;WmJw5$L-5_ z3-nE_ovv#P;cw^Q^r-`;VM zAMPEbG3B$ksYGsDyS$XACE!b2pGlbFdZ6+)E>L&defc#8Xvj5?jav)VPP z)&wMFTYdm|ylm4lK6&XTUbJQ@9jP?Alw@gRj*fJShmMZ%qdon!Wm2qZZA55AVEh`< zPt;KhP{z>Hej*vK8EvY_h}tM>Z?s5ElXWOetdOX~6l~vxhf<1)&NDH4n6biP%KnsH zI0#ikW@JdjoUo3=g3t(*fXi1c#7M!X?t6-CF3ow1yQv0M%jqx)%iM%g!@jr9f;aK9 zqS9-pc~g@?x_=jQ0VCq7&=_gq|JGcZ!I=QmKr6oze|`5;eD0ndJTWj%F_3n6kbu_i z{*ef!QQAuOgbCxxUdGFXr~$BVf|3#`CFMeq(oEhuD~H;e8%g_pO1L&$T5_#OqHH2r z_~TB^B3-r46Ql=~GCcM)6v}`wjg5_R;lhPyfBl=^*alDus;`=wnqCV)b0c!iQcO=L z5F*L}42-~R1-9&n?je2ZDW}QpJGNg9%oqRP;+Q7^{wE!s-Cc~0jB?(&XFvMTLyvDZ z1nIhwq*j9B$aItT;DXJNZnV1hr*^^Mm?KP?FKWzN-u13`@ppgs+>H@_%NzfaFMRoC z`;ZaRgf_@reC>NTu=;r?v7>L4(Mp*k`683EK84W7QS$q2M+?n4MO!NC zqI8;-Xc{*Ny&3EiO2kT!rR%F_K0{p7A)nz9Fk5 zO2BRVNBHc+yXbDo^1d@q;NmM7Hamjkqe@O+J%+lla_{0J+hboyLG<}Pl)#H z?sW()9idSmj7DnB$%{L=?!0xJ(z}3i)h9@*C;$&hLmHl$EbxuT4`Muc{mCm?)z(NQ z2yIxA7OoG{vD_=`wX(QJt*Rb9WTR5&|J%5ap;H+GnaTz;yX2 z+C(@~#0#jQNLq?H;yh-9=n;+dpwcuNH(J||VGyFx{ z`&S}R!k~=R^GjnVd?B0xlOqLU44%8DeyPOF*cjzPnU1!0T5^pxvC&_t$ z+DcWc+Qd=T!~s;H{mg|h8ee5&Ybmr8V{LEaZ%;b=QShWPRag`;v92&4rRz{G`X1-M}m;dzl z;kp=OyyYvF%^W^-BnyZa|Iww~^o0+AUqMRCtPXWR#TX`vCH7Ag*gKhL@8k^6jLk4o zEYqD$b5d6u=PmDIb5AGB8q*+C_@PfOtw`-G-j@(i@8kg2q=MfR}II+AYB61o> zN)$TLXnB-^S;nXLQS>KKDjWZn`bS@aP0H~%3c}e#r=;YD2X^pJPaWZJuh`5>Pgq1T z2%SHUK!w73FgYV0NOA>8@B!=}qGZWPN*JRC(%>11@?ff1<>&hbx#f`q>>rtMk=Dma z7j*F_wTC3BBkjWO8Hp`tq;J$?ru^_*(>Gl!O$2&Y|^GN zn!s4jP1Q+ijWPII*FHnq@@tHVK63^_A9nADJ^iuE_3~vazi{aA!M7z(MM`;x*5(Q& zAl$G5alxsWg*SpcLm1CuC8|e>ZZ5S(ba|@goJ1(TQhh{ z(w@n%dO;IsEm^>2%NFvIbxXNy#X@>o8rVHP#sA%LfZMnCaimyaNlT7(ZH@f$&?q-O zxZOtniiE|2NVwFg$UQ8iy&=aJUvv&9cC=8a`gKWsbufR-9aQ z%`!D2STy0+5yXgB0@7*9qg6#m({j3+m(!SPqcPJ)bEcEVOa~3AR??{~3Md6tgb2BK z*+MQ|(aqMO3BLIF0SvIIyUE(r8s#FC?S$BrN%58K2l(6jc4AV}tt_HlwX`J4Ab>F7 z#O?*W{hYPD=d2SrWpO)xU?{sVmKgp`5d4JG$@^|nT-)Bt#mg5^(E;DvHNY@;T~d*aX@i!wmk^DtUd zDHNC;9-}ZmiC-=`8LdF2QY>g`Mkp1(k210bc0W@Qtpo&~lqiRyC@F2qq_hN7Ej6f= z+h+N&|1j)29KZ4nC!Q$2d&`%v{PNenS-jz|Kfyis+|9e+{qA%2?c4wEVzJOvSLiVGS+QaTSG?c_TzttT7-Km7^wSB$5GobSYzaEDNnije zWx7}_rk=~!W6z#FtY5$WoS~tin~c^-sd(vYE@RWlt0|WQgcPw{%_ip=D#j(~xl}$+ z8CJIESl!ydHS3l!oG z$@^6s9jsG?GIWgmMA%Lw=_6SrOdZT@j>l@B`*(G5xpUnJ6K;0Mcs|uSq_cSi?YUk; zp{?PMBUPnjj#RpVM$rygLtp}m;WSgz2Uy&c<;F`+X6N`c2PR8Q76W=4B~_wGTS?Xv z+`9WH|L1{S=!|C{rVjF!2($^H3=7(_yz`88TzNt-nUo|945eydORY@izt?1Tkx#rq zB6Ub;3`L_cQgZ3icFteY!JP-jc=x|<G0Ay0@P% z+_#eh00Q~xaUu~>bD?M=+)09K!(uko6^w=cq>j#^{YK$>Y_YVwQ z`2FvHpYMPF`||~8z5)2}JwE%noA}g?pLx*-Klt8--g)PZKUc5CNhfXQnrmJn@3`aV@7}d*7oh0qZsGNB zeHo!P7!@EwiE_nX3+p5&qz$7DMTii--9e-90Rlr$V}=i&wU(>bFX7|&KgA9AY_*f9 z%7F1>f)&mf$UX}_2SHYN=Q$g=U~v~yp^xW0@r(?S&NL>T1l=A!@?|%P!Y?E50CDVg zr}oe%mIcOE#!M4o>cg&;F zDMPUmPz?=AdI+u2(od)|!n!123us7;_DQ9iX-{|2kZu9vQKdkBc8Hg+PjT6rEq-57JWPEBLGu2^)NZI0Q z!uT3Xne^y42_8mrSD)l;2tsL-AX7pRI&-R`uJVy{H!?6$q)hnW%YZDBZAT}#>Asz8?HhH(KHC^X1=k3xPC(B|)pLNCb5nNN z0G8-kHJXeBUGXW6jZ&SSwnjQCzVj?he|QMG7m#ktV$urfW05&yjSr+SF~1=+mb-y5 z1lpQUDPxOCV4ckg0Z&S1XY+7)5Oy8H7`r%YX>O6@qr=VHezj#5;45GKdVDHJjt+@R zxnfUBDnxT5Ch#!>BhWV(N&buwLj37#{$%$p-}=Y-!ZW`D_}w`cF6#O8lTSUh4uA!% z(B5KM|G>!TC{t5Y{Nin+}-^{?%zs^#lp{Tx#gB0z3+YR|c!=MMVPUkDcH}{m$1Gd1rAXJq2Z)` zljUJ1XAe8mBRd&~T2nQkwTPRlloCvoE4=exw{d8yP?INW4WXtZo92qui}~0kn|Src zB_IW*swUPCL>vL(IQk;F+7OP*V9%|iaT(oBYiY`KkWy(KIa_ zL0DFQWLjjTdwntC(oWE^vqTaRpw_%a&60k0oaJ( zb<5!XCzwmxiPQj`u@SmEpjv@Pc0#^@QXV}$J>M7{9C+Px^*R`1GVSdh<*BJj1BeT* zIGb;N=dUSN$~7~OIO&fVB8?pPB2ZeoUAblGOPBZuDJj@GJjGw!{xGG$PZ$R!)&Pz` zW&%x5W14SYa}i6Ma#TZ|fRM3dB{2s;H3=PmT(FO))lP&7ibxaSbk!z_49FO&##kTz z7^QGOH#8xhNU^l-6w+Q6?HtpR`2sfkz>)NnN4|8F;hBA|_pve5p(B0aYP%=2-RWw0 z?avRYc0;#p}Cy)ut0TbwM+sg1|RK@j}`a9Fwq87VdpALb+*BpruA> zNq6%anzP-mXy}A3zT0yPMZPk{XmLN%6exy*+xHG~%aey$+??gT=dI(Uu2!bYRkB_a zosG+BNOxLSKqtGCj?X8QV5&UCWd0C7)x=%o?xk1`ntb5R@#&Ao?8G}wBFHByw)TE; zu96xW(~8GOW_k7Z@8>lqui*OUZK4nc&H>a~Alu??CunW#J(@`=GD5IraEh-!et<_0 z4l`A*)*E2C#zW{xO=5qyL|~&v=450G%(YGBh<<7pplvmsSdS@(IxCGRKF;AYT9^ zQi-WIyx|RBdoG^;MVDL%Kx=F3y;Dc=J%Pd0H;i-KDc zFs^X~GWSyBFJbDtf#mB>Y6@$mCUi|et)Va`j3?8smer)Zw2kDA3zCSR^-(&YRDwcv zl(DHpF}Y1k2(@*g6JWz#u+wDLgKO`9nn(L5A?ty!p%ifD@-F`IC1>)!TShi(qdwxQMgV_lKI+|C|oa=Je(V725Ft}@o0v*zjZeeNLNu<36 zcxbL!znFh~>6vsirFrQ;Kf=wA@1rH_5t<_XGut^jvlHJ`5i(^x91Lh>7@O^5bb2qo zyIwI?5?}j-8({Rh9e1Pty^Q`}BnZ{cLfU;_L`W3U-k$>UzUIvCRzCNF)4AozK7M|1 zn6y-`e+?0#QzsZhpcPUm+Or-b`6BQC#SUKky$88#Uq4epXcO_G)sm@IbR%m!et~qk zQ%=fijJqG4Nsp9JE~5_*5F8pr=L@*-0@po?SPe>Az%vJJ1TP>Ovxt;OIhUd+3}qqk zrN9@0P)LmQ&?H~kFDd*HE@qo0HNF-y0S&D;0@aWU7_*-q`8E2f?Ia4fb&t-sxL%q1FTvEg$fi)7J}>Qgj3dFdKTCZ=h#HT64TJy)V}NIci!>gcfIRf zJpAy(&zbY@?Cs&19Xq-B(u@A#@ZlrZ1iqbM|L6@b<`sW*34Tzio6h3`Cu)#uJUvUD z;74fCDU=M+QqU+pc8ulugEO(jjZH~xfx`EB``H`#^UW)mECvxu?jGnhc7L6- zAJi;S6U_D+mC(4tHiyX{&5w}*O!Osnq98?qHc`(|3&&~A_R!Y2+#(Xubr7)?k$sM9 zgOG|+Fw5}N9<;1tQ1*8U_qtsf)IuU*=H;*GRrHL7_YbCLo*Y01+^pKfu&%zb$+u z9QYEwSKU|q%9HP9J$t{-cyO-marAQ&UIG;pu&KM1a-g~8$%DLb?Lso1=K`9XIzcEh z9+WB-zVui>Z@c|*b{rlhP?jxk=D_&z$vBilMz1R(E1Kl)Us!5>rGgk7h5k{flwt@- z$Veh->OqgaN9zkb7$yLLTuGJwdXF(<8q&Ne8O?dPGf(Mqgl zi-^G?#Qq@%_hP!cd&KbYkQ72ZH)AYQqCtl8$6ANa2UxITAz%I84Xj_@O{iI>E&3VJiL%ZE3|osmhHH z?qO^H7_ZyBf>)lr3}po6ARwD=L25-Y7)Qxe+@wU;mxOe)?ri?8?0}?~gE;=#in*53 zxOI*+n85IwA3w^;J*|A=;**)J2BZ|Eq~vJ6#GU&__|~=q93G#7RHhbyAf?L$F*S>V zxy;1KILQ6K$d($dG35%3Pa`I0tYSh*XLBuTTm+IH{1T2Fg&hZKpO>@;r>%!ID_}_% zq8cI{*&%~K8AA$4X_qlzY>1FB8fi3A3WBQ7$k-UgXy<9PGE=)lclQR+w9!#_StFo6rEJy`xQR*s$@nLg%}|bpQY$07*na zR0#9o4}au2ci!)O=X=B-T=e{#jnU6{)sahH^#`1|b}6A&7_I9HS!^5=4_`GBUA$v7 z#zK&;BWOrV9vd0s*L_DJld6gF&0IqlNk=ZryUy8&B8AWbAp$!=C$!(m;vYf5zgg?7 z6H}G0eMN>eqV``wB2XydyB?Po?bFty8gmS>U3@2d%Q1!hruT$ zv-GsAaoZg2h?nNL4$ghQk3E-q9;q;94uT-u+8|mJ7>o5^cXkZzk|b5B}Aqnh8Ki$?|asW;HdZ~rhcJp z`l2ZmF#W@@?+8px*wvEfx%9>ewbJhAD?lOADN8iodB`@_anqi%-`kY6uSy9*B?+aZ zBn(9%CC@3f@C@W2%B%$X~_5+TNPf|QO0^8!^Z$R_>%bx$Ky$288^P7C6Uj3?9 zk8j$z@v_rSJ@u0dy1L-$y%2^Pj9$5NCAZ!7^FIgXi~l?V@Vi_D-_76u{pVP=Xz|r! z6XQQDmdnXSq?`JJxciD8UrUxO;q=o_f7OqF{NsPV@WP9^|NeWQQ|Eo!>8G>x@yAJd zp7EW+p>fS(ZoBhyENW?_;#Zw4OFPq%i0kL}nNGIkW>?FmPMDl{TA`JpQF*-QmydJn z?n5q(OxNGW#zN#&eg5K%4SevN4b1vJMu3XacoRh^Ir+zO%sN(hVqK9WlqEx5WLWoa zjG1ErOTzM3Xt&F^jB!IqgKVX@W0Q+Pb_GV*`$QVg2IDxw+u+1*O2IfnIMXB7C}=m~ zNx~Q{X-=oOW8YC8=%3(SXPiK5P7)Y_2@EJ>f2MTOL=9SMr&KUCGNw=%6CN`?*ANmx zPwNJn(+kihh#BEEkAQmM#1_ubCfs2#B1Dt6p7k-=Eo7!N%5Y&H88lN>&2{(g;?cuL z`OFokamn%?3Zd_0X)@7JnPaZ|Z*m+D?Rhp|0OJCkjB8#68X;0>6fJ4Z7alvnm$n_` z`g1q(<;V7OaC+M2SV&ompw_ZB)w|S5Eslo(*!xL@4k?fZiWSVr1Y)Y-?i1nOe2d>$ zj;X033_?Jt5t+1g&wIMB_SA{`wAN-gYa^Vz)~?iaJ;BiSR|cs~oClD0&81hWGBq?p zaCp#8{yK~?vNyfyO|SaWm%jAR0PlL|+xfe{|A*h`{kZkkTh%+>{*ESuSye7qwoXk> zvTD`po?W|ljlAIvf5}(Aa`SwlnQs7ocaOzAy$lQwarMiu`OwdQcE_86C6!V&g87MJ zP1ETNl}fdL{rU|tpd_UacHK*pZ(-PMoQ&4xF>lx3%~>+ zoeeo|d)39XWztlGa4vpdoBBk8e3+>75fUJxO!pWPr>5hdiwIC}oN_#eK(N|sn|23; zk|mudlT{4_MkBBREZSwwTbDR{K}YlZm?{k-WX8_-&aM{|I`_axeP9t2X`md0v^RKE zLxHc|L?{htg~aN%l|v1LP-tUigAtLED7eP$UreGfVW6XF84H?Lf({*8gR`C$$E&nB zy8|babcN8kARZASTtcB#9@U`0(b;|Y!3>RFikr6`;IohJ;XP-cz-u?Ipz5T4M(enF zi1hL`8o#?Q{*BHcc^A!n-|E*kb}BcKEYhu>tolOZA$eqQlGok-I20?8k_h41Yo<-2 zpgMA<4xIsyYh;rRK!gB9ISW-E#%5r0+9ETass&O-pB-ehVA=~ zIbA@A?hed(n_>OR8lUEPO@MJtkG6b(RIx<$$RG?1!BhJo)HMYqqRU{$-uvG7@|n+k zX1*xQHvs>$j!U2a2i*OOUjp#5m%Z%fyMBHr`NC|>8EeSq#3h&fLE-kF-S%#PHEY(2 zef#!2=l1@ud;J^u`q#d~ilr+r?>lnv&SdMUy%aC=(oH7B*3^P{Jz zsQ21G_7=4dI8RExxqUx>`_R)EJm;BTlTF2jHsvZGyZm%scj8JWDpjNju{I^9#`_nd z=EjRjz|&C_aBYki@l;lm8OB00VUF{hGzmC5=`Lt$jx8EYs9Dgmg7&6m=)e*tE#$9b zCYo_ZD-)%D#tVH`*X|0i?M-UIHcD7~Rv|4(F~qqG>cC=75i}q)B98gh4*8I^pJ}3B zAqgESAhDSU5kEo`(3xGqg4UG?ZP0EPY@DR-c>eu$e`6rYX4Aqs5jrxXy@no`knz$0 z)1?8jUdTNMC-}qzJ2|nZnQPDANOwb)lJDDqA&k8qbp}oLgruG$5uMuv2R+Zk zpIS3uV!lK+t?+}8M+c|*?vBIUwg0G_)+II4OQZ(S$No~l>H3l|i6a0SM7aVpMa=Z9 z)zT|jyV*>Aa}^I4k%~pz*l{s9hIwkQOL2sjmKKc0=`34>Isar>z0AIrsL)3t zKSmP^Vcq{@DsO|!4iDP=5@&3tq$q{joDXcBuLAQ8!2kH;s;jQzr$7Da@AWx;VipG>jODaVu3>8155-BB32vWEvLdH9MX$+yT zGD@M1CAndccxY`f__X8}(c8Ml?u>P z@5LYB?Qeb4HPuR`BVvuOzw`{QJZA$lKd7-V4En7P9X?sYg%e!T8xcZ6w3XFK6R^CYktUU4@5B^4hNt=N*c1n6%A}RYqFkCy-R+#c zu!A)Vax|qpluS_!GyxhRtB6oKjkn_gm;kLjq%%dZ{ZT+pwbIkP%EtEU8b81!A?x32 zws5=;5jtc-V~j$|5QJi;c$Bg7VHAo|;L{;9{KJb*;_n~b&!7Hu3txKCW=`)}K;Bf5 z)F$LOr^uxyI(_FcYl*nflO&?nPDMI|!V>2~n$lVJO-=FnEeE-4&j=M$wYQE^E_V9a zn;#>h={l)&(Q&k|2}9&q9x+=cj0$}O_a`o^iHMfQMF$&&Mq5H(;M;3(WC*tIiN4oJ zPe~nwBBi_+d&)c8?ph=?ORioU;ked`|#)R_~EWW@I%OXsL&R2K@Gw-TGNru@XNzTdFaRpP1zKI z(RfnOl=f&$r|Hb5Y0jj{C_`Eaaw22AFlwOQlh&n4}Gsj#1H-I6HKnv|u1;%CE*r?!gb(-P) zZY89jYEoxJbipM>PF=6bjkZd|dt+Gbc zhj_K5jU&H#iiu*CFFvu0uRV5vs$aD+%En6&R&{MHbzG0 z^T+>$DLuwv!PKkGYm$UaI_lEr6l=JGSv+UKBW0r|>mC16IsiIH+Oo^e= z6cfb?6XlY%p)nFAC2cuLPcF;imK@8P8|iJ%(%q1uHJv7-B!UoM8>+hYoHuS?FXl{> z(V9PoPMw)iJRv(iLtEn#rvwP<^96)P3Xh5|GBUk~P*m}ZEq}rlmbkEn+L`J|cP(u* zQL2WN95gJ2;q*nVJa6d&N;+h$=(Bxff`|I2xVLYZuRqmCQ(ACZcLx`)=;p-UCYCoh z&>$7%076l=)3{3s)G|ZCA4kegJe6_Cw&h}om;m|PtpMU!UpEa40aB!>ge8V&b`$E* zMeJfpbvi%+GlAwWPgzZGW0q@wxr=w6S>cr%ms9fnIFF&u8X$5fF!fbgI^-gX3Kp1{ zu&AU**31hd1{Xhda~VVzNMx0ys4?F z62OroN2pe-_OfJBnC2{`yx3~nB%`a9LQKzM4h~@khGF*+n3yK|2&`JYs@%R{!3B>$ zx@Bnoi8$W?%pd^81)69;K~eA>^81XuJa$nsOMW zVkJpztmP>foW%5xz@ek?%poY3<9GJr3ojmS>S#Xywp)L?Z{3FV?0#lGl;^p2%##4; zkN-#$P}#r#VA?)NQe>Wg9(R8FO)P9{q3ruLH#o=e7D%k;k+zn#IwG6ZpnROP%?L1B z<4KQ@fXlygA4g~M;7Kg0%1u#d2o2p08GiDLi)hPwRJ37E#^7=AX!kl0NM+sV41$?z zg?uGs@Ax#24^8v<&^Y@hOXMqMdRrQ}a7i~8FYDm6g&i!&WeAKW@HL?;{ziy|mAkfk za-r>%>68R3+D}J%Y5PZQ;csc2eX)R}Q@hAlMo=;nYt4c^4302qVsjz1!IL&`zHg?$k9H35<7WmLpDxnd-N>6yUBipl_K@`yg%FepZ9xqc zfvnP?TIp(9Mq|3eH8?d!yCqQ8RyvNzt1^=%UAVMs8-$i+V>$8pp1#tBfy z*+LjtyeD+cpD>n&8S?_%{Uwo9L!YskJbHQ>_3J0mp^ktk@rfHhx$eUs{LmhNkKOQb zI@(*kZ+!jhH*MXv?cD%k#bV4AXCoGMI`m4rcx?#>hM<28`iJ0|J_y5z5+E)-|NIXu zU%vcv|M=~12Nz#@3HRQ8&-?@NIe5%x0n8u2)p6Z*AL9P|AK-!upSR$NC!V@CZX#DM z;WaP6lviB1nb}eq&oR_JDUk*|;~-BZ+-kt008x-n?9ncT-JhEfDIn*0+;?P*?``kH zC`HXa$*mB=5Kjrd`r>n0+ulSmG)QAL&?1=)5ZA**lrP4S6RmA|K!_(5ttrKt_C_vU z+083AEa8tfEaIv)i|J{|@bvgJx9uO|yH6hCp}{HgrI3^-Xi7`cN|F*1+|(|yHnCD# z30P=++8UPAnC-NKVBCs0Hos5|P48v4JcOrGuK0%zQm>`d#iTW3>bV2dWNNWreZqlI zN*Nbn6L}UG%O^0#uppb}vQ=GNvvDbl+MC!nk>|%x9_D-dM({AKY-yx9<+-pVgJ%>~ zU1GXCh96dtDosjymgQ+@;uw92wDel&dXpur{7|`KtbwCbPg4#iK%|@vw5gpx37DRU z00-I_dKyxk+}*+l?%mFY1ud*j4UZcJ{hSX@RJpp_1;vk-vc({i98Y5Qa>k>B?8>&R3Bbq*Mq`GFzNwdf+G=9Y-u^ zqrIWgMo&v@v~CndEd^2v6cQ;RrBYPGfQhMT!s%&vY$v7~8W6(sGUAW__%-MJ-RD00 z)JLwrp8M~+k9+UA8{hX^W@huZjtr03SGK$t)-H#pw3Q7i&vFR%_QR1e#J)qY=Wu)< z84#;iufF?3AHMGWAG!V`C4jzzee(~-c?4ko_@8uib$0C@9UEN>KwA^J^G@MMH@%5j z2}dUL9LX1%DF+mMAJ8VaL!UPmj%Tv{)e{B`aDRIkmTyOleh0Oj0=jI%!0&Y95@f?P^6>xcY$V2tl?AK<~l}d5xrI&ulZ)mdll?>6vMJRu}z0_Rc&^uBy)apL6c5s_yE2PrB3DLlz(*5D1$nn;^=f zA__PzpfWn+I-|~vI)je5z542i<15N2DkyG<$UsmLWDS9YERcQg?sR(JYQOiM^Zs$p zy;ao-s3XpRQzuV9>7}afty@*+w|$qDh5}ffFx`@|apZv^RNtU63mO_bB4B9v6!0(C zU3VQf-BeNKdnvC92B5P3_}2e13*X+mzh}PbA-T}e!e!^2!0fgL4ozlgXlr6teJ$hJ z9EZ|5c8yN*%-{&W7@s7a@ku%k3p?t$YT10wo8LiGRh98WM`3C0C`aRJP5)$`E&bz` zo>mN2QfrjbymrYPE?L}3%J+>i4hmi3313qBM>4$V64bsZ8pmjDD1i~j-Z~L_8hlSg zt@pT;9Me$EqQ+V-L6a-^98TxiHZsY52L`xpOE0sVt9b3=nVdAE8Q)i=e2pT&^YbJU zNrUNE9@+dPQ-vWixd}X#MamcupoJ{60TyK{g-6+vL&2m-inyrm7Zt6cu0hGYmGwr@ zC>(ozJtY|TJYrIFW@j6xbu_d4#0_*4N ztS1L($3@iF+2AkG2M$G>^KOS+>tF~*QKMS)$JQNTnYY_1fa71w=J!;Xl-se zE?>wSC7xuJs9rdWE6zFriDX8y8Yu)b>jGSAEfU?d$49eydM46r8Xo7qef@m&f%Vir z66bvWee^&-#`sVp}=oH&HzT>`6=>Y#;2YDGLInBACUeoKcT4&gyDH>wvzA%_QQrXf5!9JVD?g@QsO!5LTJb(EdUfH&Lzv zW7!17;A5(M6?qVtWans9v~r2tNUTUeEO7CKLWcFG)+ii2WmpQwG$y&>+~fJH6Xx@| z$F}j=`#1CRodbOOWs6xp!+<`Olr}aha{f4d6Qd+!O*Gfcp(fslZ~~MS!*N6mg&^fk zFq+;^t}toZ@zP4`V%qx8MI{uv^g1YmpU@Ja6;oco3GEGBvwSvRT(^rao_8!V5YaeZ z3P?JVy`w3>fl3-x%UZKm=&z*j9c~2Koqz-s#sjWU&MRF;7#U4RDkuYdc3m zJ62aBKnh7Foh36o2G8s^_w#&oDow%j5Kauw_mGZ*(gBVzVo@P5_R!b}g;W}z+-h7# z1zKw@uDRwN-~0BrZ~ki`1lPRd?R@*@??k8fp7*?muYdjP#q+JHMz_?O=dtx5a%2Lv zw-0vp;%HS=*N{aBNjx5B-r_~{4OBq?l@UN?{jXY!7cXWqn_HHioOpI}eB6Y@z7hJt1|wArUP>78nuH^$b{t{|`Z5_F?;GN0+j~gH9j;t5m*YB`a7BRD zF4B=)|M1iNYe}356@Y{+ju)bjbGe?vw7$8OI4<>Cu<;CVw9!`* zR=!qA5XwhL86_487vfHg|J-$mFFn4U{>cpQI%yGaSw5GVgdhln4cun566icyYwF@{ zG$*^LvdK@{8)Y)vN5)GL=m3{ENM(a~h+EJoZK#Y#Y*jkcXApKs5}<_>UO7|YyMm8D zw4Hg4)x2x@d~!Mf4gFJDez>idTQ?uTFZjj)M~0kIInDH`qzf>e)>mo|99~ObAu|Ee zf+Zb0Xpv~k^iafX0yfpxkA7$)YH+0Zm`mppKmHinXUqVtaFlsZM+%XF;&6W-`LPMu zunQ(r0NRbY;=&6qdid_U?>g&kZ@Y$DZu$06Kf_nN@r^(E@sECVIRKq)aOqhvGH&F8 zclN^INZ4aDY=_nsXsUu8z2NyIlgY!Mzu~j5dhZ9{zp=6-zVufG1Xx*r@EREzp{23m zi-Q9LD*!=V4e{lRc*n)3bL^b9h!Is3g~3w&th$<|E#-Wlv{F<#k|izmT(+p2*-drq zA4@Zy&(mC0O>Hd3WTC)U*KK1w>)XoAXv32)@TTSSdEctVOn3z%!x~X+-H$t~Pq{&-SoqJV$3;4NVCLpO3+`oU2*-iB< zX|BPK1e^p?fW)Doa!eG4$>k@R$PF-_>8B9nkVqV1y#uskF&fxTjrqOM;>c1(0NOzd zKN8$o-HEv+_&ym?1540*(`GQC z+M%S3%IGO51m=H75=c-|5Fqdcc*6W&5Q4npke{4HZQg<2*I)j;VlJwy1zA^zZ*6(= zLJ>HUf*&w4FhqWI3^wnEaTEMwF;|>&@+nU(KW^#S-LvNfKls6|&-vOX5>-F$@9&QQ zfFc%$ojtI1pV9XRNG4#;3|Kr5=5<200DU8X#`C;A_ujYW`ggwLoov`pk^8T704nQ$ z#X9rMGsPp1Jfh?ADqSe#%oe%)80M^6%n$$RuV|{R#`isrW|UV9NV=?eil|g*;!@%x z$ao&>4vjFsv4+XK&l`XKuxYJYuo#|VUULmUdBe*|IucI>b{t$j^+(zUrj{i(e__?H zj`BgUHnt_EFlEgHp{L=%M9GMOh}94Z^%y*%9XsIQ$N)!6dQ%y`@$?>+v^MajrQP^U z*GizoYB>CehNefw5kRTi>-4t%^zX~BdD%}T4v0mo+tTAlymWiafE<<(Xuys4MLhKmOc`IQHVN9 zhk)XXBqExq1HKQNx53(HAe}8ctf)z%&pH7)Zw{i`MQU)gKq{ZY!9n~?8lKo_+bHQsbS@6;Ke$YGGXZOADeJ?lOXsmb>RY{%C8L%L$mcYO`^d2^sx+(_qWe)F5T`|i6r^UO1Yef##Bs8m-A zi@Uh=Lq0JKIJs2Q2JMt$oiI|*0lwAnay0;-^Crt!lqgt>l@)m+xD|}cnVwr z+68=sbolHmRsmYzfL{EA(qqg5%!MYs4DC4C&*Infdl0(=DD z-`LA%*Y0FI=P{{#5HX9n5Rvyo>9LMHz777m2+9og69}wqv2?6dv^11KX+^K3#bQ`7 zC?rP7vhOfFwGBol5LTHWddWRs(A|M(;H~`s=ShW7n=-TPMawV`c&*pnnu5Qcx9xMRO1* zEXJMDVxYJ}z`zJ>*lCP^>^gbXs=?mg-v3wG75_4ptXzW1`hDxxTW@7xV4&fVM;-~H z5^eSjT-W7|FJD1kS-@IZjoMMN^setE}k41v$KDJ&^{=^ zD`vN`dUh*$rH@(}PLC3yEldP@qdZ885+0qlq5!40(G)QP#nFK-vyT%L&2n@khpP5H&gXT@l|K#?kVTzOnKKY7Dx92`q= z&7JGnKR!WC+(9aVz(L_h9TOq`wCAG*_Hj)Jb#x3ZB?(vJ`5RmxE&n&vZ9%rO7qpjwz=c8|aNUbBRfiK*VE^${=1P`KM2Od|q8`?b$1qFMslr*I)lgUteEss9UI|K-45)@f_qU zPNw#RrOcc^m+C|uM#m6OZh@z^!c;1{SU^<>iVFGrM~e}8?)+V3cDvu0_Y|GuU#ERl>rA1+gZVagbVc<}@ z*ai;efbHF-HZrS1TX|O%wuGgf!K;#%xGXuEEOSVFF)g8m@ng{14|<_jF#Uc+}^ zcREX3Yq;v?Yq@LpVQNA?eFV&WVUBM=k{WPH#$8Z8ckMpRd+yo52Y>I&x5a}#zKZxGZi|!dj$Ak&`F^sT~3%J?Gvf`tp$uQ+!8 z(iJDH;y1s(PXnBN)+@ws*4)b%zH(#xy!i{i{G%V-z9yH+{&v&m&8wmTmH^rs;kbp! zGgs2Eaw#nf=aM*a8L1PNkjv)a;9>O8MA=nnX>Ju4z53#J{owZ7-uL@no7cShRh5nN zC9*0sz{+~w^{<~aA|hM2Ztv6v>4t7^f|%yo3szI`ed8G~WC<8tDlfC!rD#oD zzV{b{KaqWJ=-*y`I}vsYREdT_N&aEx^bTkrB?1Gd6PiFs939FKQ}hua90%CPf1X+X ziz5RFJKNUdUigOESb$nr^67Jr=ag-S`1k``n8+1)>+-ow6};b5ZU1q{R|u+O4hbo^ zfBz6)dtw*chbJkZ5i$k_VPS7?Dt4{Hv@vw;lSiIYX~Jazin@0QeP{@F_QKF4IE$dM z7TW6V#HpA>YDt;XpH|w82KtBL$(`sz0YKN(CPjOD>&eeP3p;o2TpwN6i8MN$g@Z%r zu~FE05HUDPs9m^h>9WJu{lf=NdEcAgsQ^wr^;FibUCRRxJ*dw+=iJ>N`M`SYT zX8^KA&8YSk^xRHlTO-xY_0%*p;?0`L*xZ@;4Ryqa1_{y`kVl4v$*D+ z;V?CcI8ALGw6%4ROvaee(ec#J?zr>Km7TMa094jr$Xb5Xs)As z!5mgE=^~xan_wq3S{Z20!eI-Fta5{>+FtKrC+AWR0dC==ERgMY*V6WW;VgwakH#e0<$ z#cDs4=Pj{;HTSbYM}raf5ja{Qt-rbw5TJ0Bv=qjp%i3Tzb{s(W51GX6 z83z&xL_-oCcR@M!?1G3%s6_}=1Uw(s?*!^%hXhgf>+Qg zn-`>Wh^&X$ybskkfW1_rySv+a_L*lp|KtCBEqX21u3gK^UiPvttzW>Hgl(xgH`UUTvB-JCSDk&#Ru zgo9Mz;~=bDiJ*wW$6DbQ=kYocBr<>25!-8e!$O2eMIG|-4c{LN_#+x$li?Sq4Z$lX1tY_9lf_YESd66jn2hr8lmAdfN7ah9!rf&kUY}s*o>(*x(9UT#PJ|dk( z_w*YJUeHoFqP@LkS5HsRG2PwWV$-Hg(Yx=w^UhhdZQG6yWipv!FC!jwl^~G5rOidr)HX#xP=WwgTb+I55NXCZjw`8l95xS5aN9FIJh*p= zk#q)P65`T$*$Xd{`7J~CmtXYfXlYpe0V&a`Ec6YV;J>Q}2FA*;CMs-B?CpiB1iHQ& z=Cq@=7rkeqH-h6BP~Y0EkjjP+kqH9Mx%sAVK6&w_m+;G9+{FdwU+~b@XEr|z94i73 zy?KuX;0dHew6?Wu=$f_U%)(>WRPqqyzJKgOjkU z7Y_8p?jA(Ji$cHSI=ubuZ|6HV-$J16xl0MBFNf8~BARN@DzKxXz_=p167Jsszj-n` z+PP<+6Wss6Z(}VjZH$Zzm7dAZfy<_~-*sJ0?Z{L*)dtYrJ%^s21JNHp`2G)k;>-W` zl}{1&JeDtnh21#K4aDl|jD&DoBYu4i@l+lsl|kh5#B&Akd}7M7bE@K~syM2;3ctFV zpgKVz7BeHNpn!T}EBWzp^!NmfP8o5ad>*oSCgqUg`5cmoI9{NpxyzM0(G@lJLk@j;OTNURuEer7A1HPX zjz<)2>AGCHq>F-YC}&~sUf|ltv9!YH2>y|Ts!~OB9Z}>Wlm_m|Y(AZ?PSslQDu4dp#`!CO!A;)nOy&WsTLBBdF;_K*t)mu zWu7x<4&S`#CSG~L1zd9RC0ugJC1F-+1bvbT^r^>!>)K(C3$6ou`r+X%(NSvaYsCEz z{5EEj>#{RwsIO&mDji~Hv;!iMOy;N3skZvsS|(E|dU_7sK>9b!LLrB<1WfIo)jYR(T+wa z7w4&G@kd5s$9~w;cf|X68W%@bcFvd1st5s9)=}3*7rlmEyLNK0r|0^pyL;?B8tRk$ z&1GjXv$c*ufsoot(3;PF=v9vu!!ZFlw4@Ca0**R55K_>eO7r7qdYSM%Pys92nz?4h z0%DFVwv4q2uF^{WmOf7D2%s$CC{vg#nYl+wf2FP4P!PD>cGo}~iXDQYaE&ez%h4qr z=MWh9d&%a1Sv^Ioc`t-4CUOXT9Wc8tNq21(fB(Q1mbTTgtf`)Spdw=?q$D15A<(Ql zG{(mtdWIiuK7faVh)X+;DV0GEQT{=R4)q_|0Wd>uGg3-8h)mW<-`WwE5Q4kz`~~Nn zdoD^VmMmUEYg;S#-m@l30>r>LG}R&6n+&u-NJK6NcRv~m>FC z0_dKJY-&Jw0a}9VIH;N=L0c1kR~xzcU1a8WlbzE|zOx;#p_ZUJVb}^tq^A&phfu;` zGM?FvzHcpT*$F)ZM{QdPA*fDPQ(sq4TWjm#iOI>ED?8{*V^wqjD(k50o_p@*^4DKc zRQ#&1fx0R>S{hk8yB%NIO?z7EU*xP8CDlX;Fs$fPucuMmOfWu_&M}h9Mw|FaT`e>w zT+>oU*tx$(Sp%C=9)CFwp`^QDt8y`2m`H1*GWgxzc@ zX;m5(qO9O_j%u9r2af=xFbMv54Bg%e$IOW^8(M4r`TBohVBj!PNEGnb@4SxpzyH0( z8aS1P-)%(qkDAuM0KH)+>^)@79E50WYWm5Er>s<|iPTX~ipH*Ygm*!tn$9zSUMgL!heS$OAp_+qLMu2aGD9eX`x%-Clcp`$vGc0&jI(=dB&> z9dAAExZ~b>&e`XD6yW;nudi&PFOht`vMTGSt8-RY=1^~66(Cs94RgErtBX$JhHGBK zST>JTfkjW-hIa`tP8`t;)J1%lFc^Tab6^148pn0H?U{Xi=8?_dy3`2G*DgAR(>hzp z`^u`e6-9og(+o>160M5kh;n}dRm6xz$o`O#A0`H+-HB6VMkcQ9h2weiY3&$2B3XuOZ zA8#A}bx|cT?9v#!X2Tq)O(gi*lRLR%dq1~cb_z{ZaguSt?OXf!>f^f@%;e30QkT#x z!`Hv`MT!nPUDV-^#Q=nIR5sICzYDhPhJAg}&0c@m>-f%X-=#L0L?FrM^SthLuj8J3 z?kPUj{F!j&D1j-5&`je6*M*Ax7DMY8d33T5I(YC6%BP@{#O!5 z2$UVKX(bS@LoA!azx^K6-UCJs*c?fB&7R$R?Uh%~zy5Qd3xqhjg3{|Qdo6d|`SZ#K zTIm2()=POE>g@~r;n30m1YEfKIJ`iaib00zb(A*COLX(gDS%<;R$Dy)N^I^G8Z812 zj89p5lBOw9#j=)q0;Qu(UW+2`pfv7>j((w$PpPV3WN=fI^Roe}7$hTY0!0ZSAe`e* zue6QN0ghoY$bxNmV{D8~cf!!(91$S3B<2X>F_&BbBdLJ?be6tMivFnrhbD52=JVtO zpSX;X5E2)VLf~SkX^s{ssVNA73>1zC&>EDGD5Mc$(uOsmMeskE+lz<+A|k(mu&<&G zm{Lln@;TnUav^gXlYC{}4l>H)qrZNZkN;{jgSos>*9+(JrS6BNI{l?zNBr);x|C7< zo7({kx)3e(hOUUT0O3icuvc z1qFc)toUH4RH%zx3@szeV&_FDAf!vi$69M*QgSGj=i0lULMu(*cnT6RGiHf0OYz^c zOWF2!(H2<4?n8)!1LzGq5R<7$8v0ciy^5Q@@lCqBX92Kt$4<^W?_7F%dyA3-QbwPT z&hE~85A__n=#-OBXWf&JJx}nj6RFIU4*x&eZLWIr)vx>6Pk#2Zd_JcnNY&jAr>}sn z&Zq<8D8q_~X$K9sTH_WxgcdliOHf~hUtfo6sH0GuL?^3Ij$_P~gv1RL&fO1^-?I-M z-V|XWO5?@3XP?9U5B#>WQNF}ig#}PqM_mv9?x7ihQl?(6t2IVEE03Y3ri!W5lvV!= zrEqm=54t4yPv196gJ*V3R&Y%n`WK;a7VH7|-QN6_f$s>5>XR)CBmmH!5`zrfGEt z1QOldicVz^CoMs5+6|-Q2m$xrb1#=%atUAi+KrrX#u*&5_!w@z?KZA>!y6bF9JKFA z1)w^+x@F(NgRd1rJa6y^2!sC7f`3O#s~8v=)(<`S;Lq~;oCc(-OTw}Rh_*Jgln51= z^A^g8Y6*dm5`RVuesv8ZHAy_3!^vc*?mdjV|F98BtV*Dgaa1xv5KrJLMK+Toj|_#2 zOt6S0?&|KE>79DYso($Mk8i&d;G&Bz6!+Y-rh@#hbO0*rFJWDF*=5{$=bZp|0T&D5 zpci++%o*JLv8y>}<$N+ZuLycmph5&UMhZ9-+ljf0a0 z(>??)zr6Acj%ltV=LKbn!gQJ+kueY@sQx0=59{3?YV?Q46^J8@g37cCDDkMb2}7t` zfQCRACW5lbPD3I_?^KS@J-Utiw)Np8V!UEr2d8y5aNLY0X4h7ckgiE^5XPeh2$Uia zn#r8c!O0AJCo*gunBs{;L-bAMAn)Ty2e;bgtnLn8zqpGtW;YRcBx%ntj=rP7Z*d4O zMgu_&RgT10nh!m=nP2bd1II14`T>E17G6uD?Y8gm_<9h%_hTMvSk)W&1H_wH2w|M#LN-ApS_EhZfx?lJxNupsZ-DFWeu_hx z0`EC>F`qemDOWA)=A;?TG$j%^LL!7^GnDEe2!WIiwQh`gbv3M-*~EGC+j!Hlb9vSL zcDh^Z$!SPu1GXI+;+MM)@!JCf2m#&o4b;Y@v7QZl5E><9R5KeMz8zD9374JAmt4|l zEb^zu+47_*l#3Nn0_QrCp^VRU|GA#W_6ZFMZa7w$4~G0852{JoOd@<#WR`l{kFslOs<4|dmQDtNje2>EZehR}AXsxLlPZ68QLUTPj=AsjE zg8FK_wnlR8&7`|$GPR(a+{`9|yiX$SlS!wH7}t2lpaUbOigqZumoNXj zOE10j_Vw%6kN>fk{pzc)X3Lf>NB!H0C#%Vgi4Gx?qA@^q%;k3nhxy%seo&gl z?M+;{wA)aULLR>egD^-WF$dy~L)?*6IWBQW;yMyXnvR0Dn)1bDAc~67?~8nY8I7Dn zlXxwJbrmcc(G&#%%x@F%IJtbl7uId(+fVJ~&Bu51rSn&E_UtAS(j^<-_KrT=e0#h!x)+RWktAUFbb#m^!Hs-c9ARUL@!ztEm?d9G*hZ!$;G*!8D z)FyF-V~vnhQSZQ>tH8Q8MkYKZdDRip$p6JS8cu>D#zrv_sCFH;kEHp)Z#MGm;c-aB zis=1NyWb{ONL}*tpBV=rO1~)r7bAUuWEIp`K`I9=^*BiMWGd3hU;Fr4?)cdqWU?8q zzUpcwCMLx8Z94{(G#ix+*@)n<^5mHhUb8w`<^8@-* z1^QBHCJO=M**r1Vp)MYyp(@7A+5~Mi3E~zknDz?zw)#i8NTE^qNbR6RC;@EGx1<#; zLdjxFuQRd80eos)huz~D{_fXX7|rJR;`t}AYDOcz3h-6w2TYW;mrI3-$_(&ySxH{R zQXp_72q}mOP2LMQFje5e1Bbb1#~?cnkI-0C&H0NuxqA65RFZivkt(T6CjuDvod-2IvS3y@RbhRVq8FxREBgv=}Cp73>7QMe8 zv33hOn}OD5L{}TSr5@Lf;U?lZ$IQcDzJz>TH9{+@`-f5YuO&Y;j2;|E3{RnT!E|V< zs?f1Nlp6~zQ2l%%yf2H{I``>@<4{p2daz9WD zbGhuoY&P;rprN6G)Kuyht4>(8@reyjTo3S;x4fC}eec%F?p#R#D(la+KL6Rz)%@^> zKm5VQ&6^D8Xu&MprStjDhcD;EMcpW6j6tN%P}*;F(aAMxI}`HrqslXs z1Qs+_xxD+{r?_XE83A0raxVY(+?9-F^58(N>yRg4)1fKu-rdiA2M#lu&Z0a+$y1K0 z-dqWR?;~AFTe5~Tx|(^}tQO9k(?V;~B~yTc@1u2q6t1BkN^Lm&b`uS4VIyq=2_mo+ zsZ5|%fohpx*Tf|6`o$9zT$i7}_B7g)3Gzx?j`a& zcZi$U?`Qj=3F6f*Z&^N{cbzzwx`ZHC0404>P$Th$zzNxp2EY-GKC~T8{OPgObcci^ z@s*+}5#!O`ajv=NaeUv1Mb$?%93DgNK8((1(c2Hg;ps76BBa)6 zazcn8UY(#iSz})VvwYtto5_&(JtQI~AQ324Hc5#duD%9lwZn`SL{kI0r4j0D&5@MR z$3#dRr3hSs*x!$SW)EV=KAV`^&PH23%pHRnEP6~lg0ZN*i7{0f4(^JA$&4Iz=NB-~D z7amE%fvbP9mZy3~!1uX&)k3~_&I(2gdD2;rHTwp+dE-9%#wTg3tL3!L7FKpPu(Y{> zwz?Xs2+$}rl9V4Xn9A|&@HlJxN7*@&q7X<{cQ$hAqIQn&Xr?yiqO>+be}Kj_vuI`g z1tKhfKq?m{J=2;NJ~83aH_mLW@UYNGEp)SgZ;#Ji7 z(+KS#gr+9uP|%8db`SFHO?%kZGfHby4Ie#yDd*2^MLID86`0P8btN>+3TwZsjc$N= zAu8>NuIZw+N3|1U{oojXeb>{ZRA4!x4hYX2QybK}83DXVQHx;%$BIbdO2~L{a0n(+ zFgSwP-H#rh1mFKt3<=CNa3sXz&|D9*+7K;`P+x6jB&En?MjK$a+4xz>8YvNyo7o{YI%S?l=f7$f}^Iy&tt!&0EkBfD&AK$0O_+ zoPTY zrNEI6t0tTTPzIAK`7Ivu5lf9 zjHh_tJsWVP;OiHi$n1tB8Luc!t0EfK3lo2g+acB>*Njn66zBM893*w|7!&yd_a7MI zdr$9UbN?78ceQcN>Uq4pvy}i%UMZwDU_^~XXrtyRlnfgmFF*od#yW8+*)cZG`|jI9 z??eh@C^Mt1WuRjdg3yQI#kU;^t;+NsqTucr04P%h^h6rQr(j?d4v!+nCXA)9=bJC3 zo;%pP5?mMJF-TTHT`e@#K}#bv)Id!VYHA>vFtpnsKm;1Cl&S8uGNU%nL-;;=cmg(U zhkb`a$SjK%E@0R0-A5MLwMl4iH2ww64e;;=n94zk55@^6oIo;}WOQVNvGH*xCnqUw z)mJC0cV^O=RYHgwwFP5rmscKc5&yLKf3sH_)Y zee54U&JCaa^i05{=`~5j%TD00&R@wtUUfckDaZ!_8wW>Oe|Un4LIJG>&9N9W>ykK* zqBa(zsVdHt=aVZ0NY|mQD#pU*I;y3lpcS64P{MH7wQbwyJ)iS$f5dpatAJy>I%rQg zJhpFuD^|?m>f;tLyRI530=z&FXv^)FAhjSsMW8LynFy<8i6bz&e9|TB2lS0+c%W~X z$9hLt+EmB8R?eZTuA1?JXH^O%N)yQxht*KhaXFOE^47c7lgs;j@3kj0yRn)=!J@{I z#;zEw9PbNKf}*09iipI25N4Jyv_xwehE*J?afC~%;PIOShq?Kwee54i@!Dg%_|WQO zm|0)NMBc|y4hjz`V<@eWLKP{Fe_{flgrZ8unaJmO%Uw^gYa|6R$2iPMX-Dd%Sc_8R z;ESpHH_2DToUj>^z0w%VU)Qh&0u6Z&QW?Z}3O$j6sVt<^=J#FzUco$1*M*pM3rxh2 z)d^Hh5>Z=aG&ic^P*nvn2N@`|uS~`770lxl^5AQeTx2o^n~=>xI*XjjqYfU5l8)D1 z{(8Rp<$vRzHTUq1uYZFLPj5I%)*m+@KgWU5Nl0e^sI5t|f8PNDG?`3>d@e_!P#~2~ z^X#TgJp9;WJo)7MiA9U%J+^t{=ET9?UXnG{okBQEriu!NjupJ(65B>N{l_Dzg2zp0i}XSUHk?-#D*^v+iDUO*sBt!tdylo3Bcp`<{n62_U*RtU(nx=q`` zwUj`RD5T>M1Oc~iKg2J0^>W3rbGUNxOfmrkf$^d*w%QG?PNBH=?hS10ALaHpoW}Cj zIx-$0d^C=Q1}a=!(^h{$Dp~`o69iUq(Q+3wXyJm+Tl|`7p-ZKsmU_%}$oW41vFQN+ zv33`-D#qtuemt*UGLtFKL-^o30j_pRsExMJod$}Wj%X;Q`xRyQP1Wc~!^C*wosaQM z?<6FgGMXmB0p;7*D%55WFG}GeLs!ML*)>HxK&U&VbO|d~7p;mF#t)znm{xY)1aP6k zI#xm~1_>8KXK@X_!w+e$0UQ`cq$be?53+faK;`l}) zg98WllSm}2^0nsS#~q284bhbcK1JqWNtg5E5x`wKR zYe$9xKL|_;tu<0WK`SQHDKeQHst~~bJ~+?|o-SGtTdd8s*IxVWn{U4PT7VCJ@PmB$ z%U`Z+=9L7Xvi{h0;e{6tty#0C6@X)AQ@3;>H~sx(ESlHNw*Fy`o!Lx#!o|}Lo^M*` z5hq_1t6l*JDM>gEF%ghcuyuHx-J>b$<1v=DHPDhsARI+pNCvZ6&iu}A4XsHPnAK3j zcVBZd3!Cd0&-vwhve1!!fGYhtbo>+390x6h&=hnIf#V|raD+>JQZO*(@$HSfNd@qx zWwTjOUq!*TvV}GktK%qcdinrge{?%vy?7NDFY070Q$R=^Q3As-X;Agz1&u_yM6obJ zNQFK7vfqoyEl>ecNE+fXHVjN~!y{YSba0f5m(St@s}|B)o4`{xXjlp3kgqSbB5BHE#|@ez0{^U;?*mgSd_X!qD>2YcoZ^O#I9cS;E3q}Jm+RE%J?J8mM!DTE3c%n zxrv6ldOEwhXliUkYt65I^((&em9H=uDi=-1uWnoW0 z93C_YmN{RIMzl7!OrCP;>Z=?_-t)^}-mOnL^rnsVt#D*Oq-^b3TIcyY7`iY$tqJoL~*{}LoV64$ zFw{XadDnmX-24Si>20M+sZo-^*BYrc$F?=`$^{(^q|$u#vF+?h{+uEKBvJf% zdN)Crj6EWwN*#4Y1cpv4-8j0g%CykyYoVbQ8tP1C-P&MK^YNHTI#lq7LHGZFs!$xI zyFe@kbv1~#2AJ6avuD7(nJ~Kp(b-OQX9qPi+h}TSrnRnthUyw>suILp2iLLYNV;ge zt%ZoxIggeVMl@oZXGuqrh{cG<;^=q`zpe&mG@1KOW&~(_-_u&_(?-WeFKBLTdf7kx z(j#EuZg+bzP*P}-M5iKTtdO;waeym!@0-e=M~zK z(^~4L^3ugDqy!jOln8#V;4if{SOTT3YoWkF;|pz&`zT!3A>{?^9!_!EtX4k1ZacTF z-Nm=BIFsXAYso2PO^SjSSMV>1NzoP3fRyL}t9KCK3Wut=%bLB1`G;RWLwhpLjjvkC z!loKBz6ZiZ;3IKM+#JOb$5FzX&)D%qJT7_LFP`GbgF}c|0(1c_fQb}pDviwLQGv0H7I_bmDWEbL zQx#_mkjWZqVxa(@DrpRqjwyu2Bsdn65I3%j)p2x{t?sMrmy{-{my(3zlB}*K;kr~+ zB}l{#h!1VlI}PnrfU>gNRt8%^xs>Nwz#=0jSuWa%qtKtS&S!GMvmZET7v@4m@)_@y#$oQU>#tlu{ z3~ zqn^pULJIKla9)hAd-h2>IB4agT?b+L_fkoa4uRH8<@3CH!AzF7HSo{BeTFOVSj#8Q zTEayOx&Td}46i_iS`XsL;|T4dMS#?Ty12{NHtgZaeFIP(N8^KxBSHbA==wT;`DI7= z{*&@ZO@O1mS1fi!o4^(cGlg$l+ubsOUZWBT=tw|YGpgW2HVf%2I`5$ygCd?Fu{w_+#}gogWB<1T)s7@)J9w^?#9fzIEKV#Iqbe37=DKD-P?|t1eBato zTbE2}6LLjhK6lo9D@xr%CWwBX>NLay=rG;4=3g2TP6D?nP9~QoCnTJ*6xBBjyL%y> zL1;uKlTrH*?B9L-@)bP$%$6>#^?(o}sObMq4DmUl~QGx_iXFE!F81e3Xd^Jcf37NhSmt0{@Eil8P@VhpvyK~Wj9!}vB)T4F=Ga)%>9Iw6!LwzaotYlx7P6f6Bm#wXzP3^Fw@LGR4(Pe zvoH+-kG`29D~#|Db_Oq`)d3Jp0xQgrLfGSU)t*|7Y*a=Q6|LQrh$_}vj8md03R4_@lEc~vW33-

4d8KB^>|KoW$#oTsWzRNF#S>aPP4 z>p#N+A+J<=`Qa{Q&ruNodzLW>3Zy}cp;qmnTq-j&J4@@7mFQqE>>WY(9Dvz5BfwpE z-a%()*WR-?o%3Sf|Op*vp?oF=qX=`JaeSk`rS5IZk2WK#bA(D3IQ&)TJi z{AMB|*?UV!qlzjL#s)?6vOsO&0u$Z`<2&Jv^U=_)hsOBE-Z9?()U&W9ON<8xCUk3O z6vxM1YB~rsWu+Lhs(w1ICxIHc8KT2qy5Lkk{-Vp-H8I00KX((`j!e@LiI37G6%jHx z@!-gF6Zk?yqZRXx@9v-(Ctj5>JGUlmF`>dOCrQOoe;8aS3-k`!!ddg3;DR-j@AOw~ z*Zvd#J&UnurG)9MV0t>S13i=mdZ`W#(6M5Ou9eH_T0Thk@*#Sb579F?NZ-&9z03OP z9q6aKua}PQPHLSUR4O&1QVCs{}9Qr3xFvS2NJ9i6@`phu_bGR3rc8(-QV5FET(()y<6>3`E~ zKyV5rW9Y5a=!%5iO38Nsiz6{END!wYHZF7Q+3RHyN4}d{vc@V&oBbqngCWfsh;P!! z*7?{!F^W~km$wh|6Ki@od(A2ub4|Zk(yW6a*T8fuiA%D+$@G}h^DkKm1nNn` z6S_M2#EUND!j*me+`r$%cOD!Kl*uVMdz@)IAcDk(vNe2d&mp$#A48%Aq&|}0;ZL*% z!2iv0JqEx*B$VA`UayH}jFlLbA3{@TqQn6v?jiOO_z_fqcYgjx+QJOeJ-2-S|z zBp4&G;g8?)hySv1I-@YAH<)TY3DF8rWC%5g|wd-kZlx?7F>FMfd_XXrc>=zv& zN~8W%-c>^bU*7p=7hV_-6UC`gGZFn&%RseEZ`Fp$ci*%Jf-_*8w1Ww!S!(d8v|$DU z()6><($EjJ^=P(L`L?#vX2Q4kkMZgY*5i^m0~jjvd#H}P62OmGHHZ|N#5h&nb=CR& z%B83AnlIkQKis~XvXM~FHDof$IMl#wGvVLv+0U$tv&_Rh5t+h{BXBr>;}>mnOQ>pF zsA~xypMPcKF)uyQ#(`CM4L9IRKvaL(!0ty^Dm#u-oe))h~E%9Xd@d<%Vj zJp}+L?BunPk&#!=zcQ4_&acyDBRsm$`DzyZF9h$Y^Pd;VsD_3fpT(?1hSi-Nbd@5y zO63KVCb?Hkfk%GKD(g(lOYFKuob$uy8&jshS}Ee2dk!;LEpguR-uBFLZV(}p?>zyc zT2UntLB--!n2B4we)E}pp|Uc*@5mWE*GFV2_jFP&RiILXb2h*QXL@0!ur=L(|Bff$f8X}6_V@Sv z-|=xzU;OG~x4St!< zf37N&jL=bz=&Y5gl%g;}5R~ik3p`~C(>6fJni1hguE~ptA8%498_VanJ;?Jntf6AP zB(NCCAcPg;8<0+v%~R4|2`}@k4yId8Hm@AuL(jdOsixys{`33HCD36@UP4(Csv>;& zjt7D$O~|%L5&bU(M=3JDfmM(b;(AUcmtEFiXfU-JQCFv@7#~^&mu*5$TSbcA4-F6N zrY?*jgNffL#KS~WB*(LfWl6~Z9&@!^fa=q1o4)9w2+VJ7mfTwfxO)eB-!)R zw7(dC>50=UQxF?RPe&PxClE3!K`Bl%bl(Oc>1S@U1nN=IzTt-rMHSy!-4R9Hb$Eg! z^(N0aeF*2I4Oj*hCx-w4AOJ~3K~$8Wf|xueENaJ7I4B5eyncZT{Tt0Brmqt5cUPa! zx}IKs`rp3A-sw7>QAC$5^WFX9+`RXQC;SQB>tNb*?u8xu5P#A8a&p%$H$5Xi+{+x# zma1^83;RX@r^XmcU7b)VL#c|My8*fIOi!W&k~q~}J9jX$RsIjGdDqrSz`v=83O^H$#zQ;Vi^R&lTNJNR7%F3<^28Sk+ zkp%^C5}dywYwgP#0sY@SHE)~F_K}gz`v$p+HT=i@2e@MGa#nSgXe9{}#<8TGDruJ> zP7n~F;xMiRnuJ~m=SR?-mmdC`tIy-*8`tuhFW$cLvlHp)@T5qmEJrRq2l{(ScbgqM zcDTL!_KgT!2ypGS*Ye^QzqkMZg`H%Ugl>J4bA0+x@xg-TKaa&1=@XbAapTmp2nx(4 z%4j2Ibyp2zQ_c9Clg(1@ZHB+}gBg)9=BL?Mk^ql13^f9cIN`>6yQ`6%& z_30^9k=rl4aP#{={E>g?|IBATQviU%P6D5wB;C1RaIrEyJLmhm(v2e@@Mo!i$-4eM zBS>H%%S9Ip8vrv0o<)vI*}!0}>S=6EIsq`>kt=?#UnLX9^X#QwEFOzeK;x{5a(T(kcmH6>E{s4u~pXEj(c@T)fc}D+NS*=bd-F?yuhY zp8Wu)oVLCI0EL~{wrbU?f6cF=IF6a9&-#d5z!}L!-f8VHZSa#Unrth3&hP%$yaL(+ z(vt*7r5w>$EeDBEKOU$-p)M1-Q5Qr+a_VWB>YRC0dzKa9_K|6xvZfE!1ZOlWhn&2= zK>|RqphAqYrn^cQ5uwn=< zJI~(-IG1qGy?0kutzD=4cJJ~IGdi*K^9le^SZ15f+W3X+m)O&M#yKUpc5P8}k$V~$ z2l5c7IOi6h7)Wn>rzLmuN(Rgm%xzi6Zz@*olK=13{MaL;-4j z8P7KiRB)YLh;x|kZn)w?Sl*lMcn9|G(cbQ!I4ZakGch&UfibsGwgWij_uujd1pp}Q#IZNM=}la5#T66T z8i^Bdj`7K9tT8!9t&6Ovqa*LUBySez2R(t5$j85ycNi%fU^R*`37Ek3ol%^UCL401 zG?{eh{Bpy??g0zfPszsnV64$(MMo#1agYY~a$&S$(A4NHfV#!81L_ngpLQ7$V9Z$|qd{NIy z(w;5~0fFxg@Yk($RM1KVV*GT#d1sJQKPbKSmtM2wjcb>oHv!pVk zCVSuculqv;1nu^POg5;QIF@zP0?+|RkitEgGXN?1kvNP9!&5ExPR#_$HC;T~mm&pF z*m0f?c$i-ii^pz5fI6e*W{H|9VxGH@)di1pp}Q#IS*Z zW&R(rg2wDVJV}zoo@B>p=CtRH{c&^(-lzX{Ue93ONiWPCBrai~TJbcy3fb)LJP?uQ z?@fpzW1o zWzV4_v|<-Byy;k6p!$6X;{Evzd6K2wQ?KvG`{onIIHxS@st^T7Z}6|L3roz8NZ{w8 z0)V4S1!35Ys!h8O9HJ(aA5P*}DIKv?p&SW!4UZK~{)L^`xq%%2h?E0YK+=Te1Gvl2 z_Phb0GmY8OzkcEqUttL^hXMc;HqX|sJ;i0$^YjcejTR&0bxcO$6UG8VAAoc1$ln-~ zMfd7FW1cg)p@GzaFX$soH3OW}EOU_352xTkG|xBiC~M4mG>}lBRw`!`4}$o@;7RW3 zd@jU*D2WR9k5BnXN$roWyi{0W$J<4|Fn~#O{owQD*!-YOV_H^>MOH_Fg?rM>>LjsnZz11ujAe{ePeW_ZPRVXww;M>XJR{<*tVTa zJh5%t*2Kodwr!iIpZ8nmU;paWecyG}RaLw8-lb#S(H~{)UPqm=IoOJw-Mt?#n~|>g z={e+XQkj;qy)@^MWK$?0@$5My=n#bhsKpLyppBz3-%GXARa^{%vn`;Bwbg`2fAKgVQmgYpr&)XU=S^nDQS~2-A#i@LSBI)s zYt@^%xOD#a&g8uI@wR)hx^IX$P3%04BHF|g`38)Cz&;Oh;Yx!fxP=`b_+m_&S+in* zJW6VTnbyIKi-Td*Q3VV!nr6*&RJ*6du(pjq);oPsbApg%5NCJ*@}ww4K1f}$CHbA> zbGbYoT7zrv|E4LEpop7mM=jtP(4~Kg7zWe3daVo_3hWkuCXFK}&zQlbJQp5k5w?(& zPMZBh9=W9t^hurq@*b#x5pQ$4>b3pOU)4;Wi26OjZaFzo?`1MU8w^ovKiKRA^2_eh zg`Pa;c)R?Ct(!(|PI8SimK+w>3XCRaxhI*d>f)3nM%%ZKJ2b5&@k#ePR{jqstyqz9 zgixYjzo?Le1cDHgQ3HP9M;OyieijGaL#Ay-zU&fL2ZXrjqFB!J3xotLwsl&XwNT;g z(KlmNT_UvgZ^Ea%r|>-$OK~Z>0XmkUq_SFMpb$`^5;z zq0bcag2sYDjF3dS6{7IQo5Me|b*| zwn@5Vy~Y*ThBx159z2lGm`A$k3$Elb^sjjtumP2e!rzxEfWa1#`)>oG#7^Z z*;$=VFi=d4A4ryr{Qevu`jPRmpKi%gTc2OoFAoV%Y^d*S2-b*6o&2F? zLGEyMIy&~1R3$3#zB=9MU|?`USz1ED^?uR#zh78?UejUceZF)_bVpLxy8`}>D97}Z zIXsz6(d@OP^B4N8Y74x|I9=sp8E(D}!r`bQwb+9S?SmRUAGt`i36|#cMRFYnQp+>>>Eb)qs~B%SrR5RcKQ^CaSTlwEKY(SXCwt@48q=;i@PNv?a{l zov}&e12z@UJJ^qHn1Ri($8^_bBKlb4Rwzq<2J)wtKeJ`(_DlohFdqpqm>A)Iu}ben zWpEAbM~Y5xpY1K6@E$)Rj*bD&hWu65V|X5zgLK4en3WnXgx1&%=KQop{(#XH2v^0Z z?O9O740=ulwvoY%g>aWzlTGkbnOc{NV$$Y(GP!<KV+R+nFbtm zG?^KP8sf4!PENY9NqgT`IX9v_XW8@wb2?d6vk`7J_z-fUKMgsvONvZBL#fI*iYh5~ zK#ep+WduD;^XLqY7+q!ZX{FjJz4q^Ml)!9^HyUy)a+x9Mdf_ap`ik$tih#*k6CA`z z>~tNGtJJIhYsa=~07^UJ+2;P_m0 z{?2D#=igu3+rO{$zYg{N>PLa~=El0U-ut+Y&!PfBjC3*BDuw{xWd5h|M#npo!nQYV zBP+cMJ}do5RSQdv2SR*hyWm6RpZOqe!36NY8I0sM7uWDeHK3)MgSYkekFV33&5up@ z7RTGS!z{j)q0d6sE54uqY)DILU=Bwcs?TLFJbBgH+LtGZ)2qlV_3CY$cMhGj<6 zD6ddIS(;I;fv~HkZ_I;X^9EAT##RfyMUkbxmt<1IgZZKfNACLzb2O~4A>Xu zs_N-l)CDHqCf3n2(x|zX&@-eUM_SCR_4`xt)HU0l{=A5?4oi20zV8i`btSEVt8L(e zh6{0F?g!MXiWdgYFYx9J=fsZXqj5WfKdex~l`x{hskE7BE`T0xmq3hjEXL4|n+eug zE)2dDiD7@E&yEAp)oJUFQ2zX~WI&51UXdeYC6~_VF;`oMiW&Rg7+j7qNR}gZYToe9 z+^{T`I7v0~kEFp=P~32qM6#&q3CC}XY+E!}w^+FXBTY?O=chY62A!?xh$~nU+`BhF+v#JL}8DftSOk+@;Tgs!j0K45uvym zKbgX|gw~JV<5epASOwE=4ktg!SwcYkUpK1~IV?HBd2fZ0uq*X1kjMQFijU3bjW9MH8O3InnJX1oU97@Gxk)q0Q3*x(NWOI$vwMo0PnqPQM?k^M?I zmORUNTBTIe%`8}ksN>g$`~e79eXNp%1lgd8UC`h*WrS8_K+!Q_|E;Aq4Hw_}tC_kS zG=fZ%7ubS8YqDU%%frEq;l$;0{uw&0)9|VJ$H>#=dM(IH^t8_VS&!$fHoseE5;rXE z1(nzJcK5Mm&uwOpYnOA4Y#TV1z0pY%#>aGrFAg4e0(jQjD6{f8t0Bt1pj?`*`t|r6 zytke60KhG8Xi4TzChl<@FkN_;B*%J|%qH(_{9H|FvOz;-ltHd<+zM=K#X^^` zVoWjow4B53YoG<9JN}+0p4wePv~|FsJ+h~(a1fW{MW$6iw%Pla;$f_&9L5ZyC#@m>x-24NA-b{7D3vtATZodzgriB2;0{Ljn;HIs zGVm@HYVX+Ze{ITt7G(Z)7cBu8Hhqu%o#HF}hX{`Y=v6jmbW%r%9>s=hLsaejoDbus zz!t`S^svRi!EnC!@MZUVEJT|7j!a(M!fG#8+a_i6v@*rxnEv_x3-3BuntK6876bqb zaBuq)gxW(v`njaduQ(VGC;%!xEay^uzsCC{#atZF8XhL zDY1I4_pDXZaTTaSn|wOFp#w$ibOq^B7mD<;HGNklGi~J50y6c7Y}NM&s}PRu%QAa{ zvFWKDc9u3ols%J18I{JU9x_ATqK)it>kaN)j@0v@2;$&QD@$nK@;u+o&0||a^a+(_ z$a$l;-8qO#a%xsrO2p$mk@^|A;tF)EyVT(OIcvirsC(3iEGfuCIb zLyFb?+?8)_-iv_D6!*r0Uj-e%?oK^ZXPkTk<6R`c(*JQB`)(W(ll} zw~cq;oK@vRvsSB(u5taQG39qSN8EDVS1S|kTSo`v0RWWLfKhrSof_(4?y$^mSq|0E z%&QQ!sywHsl170?AVYAYa!Rx0Vy*9@y)tcTpJ%D_ zq%y<7ro9K^e52gVAR~|PWo`=tz^d~kHVEQERzro~>ESo1<4MEwqy^%+v2>~L6bF|` zs5#QZpnt-hZ4+nL1ONP%2}U5o=B2N4n$KaoO*5yz^1UZ=6Wy^L*rih9Lt0r@fGK zpLKjQ#OSNk(CcM_sx+Psqi8^1!T3cZiIBo#4Pu#qGK8eu+x>?CeCdxQ99HH{PXt8tl8F#R6Cwv zfF0WyXJDKz&;M^e~;;|0ITyRjrW@bOmXGgDv(zFWH)eND>%ywa`DmHxTXfZWQ zYMg$jZW-L1Y`;_CpY^X1XSP^BUQ#B;kxz@%Lz3&}m-p#!I_I+$CyNaG3+}=6&n_LG zH)J0I(-LiDO1az`^?kJSzRC=8$;jN;;kl@Q5XlNF`sM`FBK~o6VAkx}>^HQOAvm<4*$S;A94v>#=-yjwq0i=YmYlBagh`4f@*Yz98TF;I-#D zzr6lE;xjU!Y6FL*zA~^HjHSm`=RTc7`G$dwR*PMrR(hgq zGhTVm69#--G7C0yi{^Yy*b7JcV5+8N-IGR7^VmXQ)m-(J8&bq5rS1&6f4%R^E`k)+=>um~~tqgce0vmO%t%k{O*tz$|~N}Z1r z>s^{Xemt=k#2Tb-FxdVFb`GHV&9ifZ&V~!%;b(pt6CowN_PDgxAE|ELa+0mx5r)gF z3vK%Etau*}<82d&k^3pd%J)yuaoVnreBGW34wJ6(WH7EJ%7Y(p01kir8ja;^&N?bZ z!{q87It>o~vI<7{+*}!Dnzz~2$)b;U8T;X!QIsB2oQ$mh7pHWjaL*~qKZYydO$Su% z^`GnK$0O_XexraFPNfxr?}8L8M_xaySD4rlD+a{_Kexf=-Np2?-MX3&a4d7P09+An zH~v!kuO}B-d(?kpS=Mom=DVLjxSTlr62ZqOJj{G1DAG#dU^f%I%iuV!C%&w)jed7= zL9S8<_l_F!RlzWx5E1{3Oop0c)1!;vksu+*heQ*98Vr61D-BRkIuj9fmzl;_GJpoB zl%|6TcT5|ck%pIJw!u9y5mPU(j!@Gu3_j#csIrH-btzt@!8r@ekq0=!Gz)y}bAI#m znx^vA12Z#0&r>j?x8X<%y|%CBoX*Y-)da`uhkNVXLJ|`tfivr+iLS-c_%i=`_gpjg zqaQr?L#Xo;(z^#rm2woesIkCa+PEC{?c;aTf}xXUOtGCffjIhpZ#ybx;N(~?OgxVn z>dN1$%)+yRU<|bt5ox6XIL@1! zd^svTv;OHgS8ZNUKz?gjO+)GUqpAiK}byiZ5CT~>;pfgZ!cYxf^G zNJ4g^e&ta8ua+RGu%zK|Bd3%cbH?^VFqx2E14l;@n0x)OnM6`AD7yb1gIAcSi+d}C z!szm>3g;5Pw~zV1H;fTKBJHc|z9+kZ_tfY8!NH&$0G0M=27BT7<-K+@CJh>oryx=A zJ<=H`+3v`q=+XpC&m-;kN4?{pf^Ho7dB5YNXYbUVviS9pqj>qW z8RQ}As`JYt75Z2C6C=X9x_-=6MJF^u61_uZjMLMgEe1e(dingKGOukX|8H3z2Ve#B zo_{eH$%w-#6tol_L)uHgd3~@B6{8qQlFN_faOOZka1OJ_ytR0M3oe)9mbyaR(!1ru43=ClSd5$n51=K+#fa^BX6;mVw zrMG97mzVFKT6-G*7kO?Yy6!Z+XnuQ?b`v!>P>A`%4&(GdAs~+^Dv5)5$cfd4xTI?N zH54}#eg+h9K`KLiTsQ*1eZ90kV9&t>>>H#x?<#m;Y8&Gm&k%eu&# zGJpdR;9-I@_l4{&Dw04{GX)6Rw>>V613|l$gt}b6p-MA`j*q)1*DfC{vaw~m&EbG_ zo?)sA4(p6@$^JPtZXfI-ofSvi1&CuzO`h1QrIp^lXrfaj-r2dkzvV%p?C$GfIh3@-lS(5*t zdsoS%Uq-@k_QYJh%tjVu`Z08A%wo3b663kpfrt3V|K9~bMJS@o0CS7+JgEitswKSw zT;8sRUjoInQ)Jyjw2;3$8qGgGrhDEL{`*so_WC`$ejdY(HMouOpEhTcrq4{W(>ILU ztNmZ6n1_-MP4mMfLd3=>N^$)u@~8mjFlQ*gLd0$iS=IJuBxB-qK_Uf-**kol{ntcSWJ74+RZU4Ey zH41*xYGVaEYy5iGSnE7RZ}uh3OQ%xLY03IUy=Wxg8jl?T6Wb5V`qa23^ z9A)h%UC~T$)Ipl<=S7`2cpd}m1r0;EB@`1uP4ts8lBLMosfh`y-rCQ#+W*T(Umw%o z`2MUMS&lwx9|VNKtC$VeY0sPOff^W@iNiV?-;84b8Cs`XK74NC(ixYr>Fj36F;E5& zG>CtT{jXSRD@JfqQMb|lu)nGc;-LWIWWN^2wm&zw`L2k@F}Gz6V+Za2?m_|(i3r>B zd;E43aHBOTr#v%y`alpTr<|@rnyb!h^3K+A)ExWOdlUvANr>A0A!w7P9%38`8ZIrlByQf8+b;#ePA$fNW2b^c%k}F9a`(S;V;Y z_Mun|CDA6IUFmituG{x~;)y{5Q~cJ~g~B(sKW%O2ol1Wkwin_L<-~>OsJmP3D~ZKf z&_S}k*UUOWda-B^YB2^OEJ0fb><9w~aVgZpRED1z;bW`7)4Z$fcm_*rLnzC{9j6W| ztpuxg(G5k&^{L@q^WRYlyNvyMQFy%<@T1LrohW^VM?{<|xlwDq3Nf4DwA&nWM~a%q z!CBB$>?^+}evSwTcGut$vJ1l=g5xjOK$ke6b8cGcEC?M}d-A8a991-i1qVh6(y=GK z#!p! zm&UgL-$c3T0w_bK;|rwyBn}E{;bHl5C$^JcYzU~{D?dWAGTKn}aa3JaS(HQ!G zg{BO)V0U}(TX!Yau?M5}=vdT;LYxix(<8!+au|*~pGy_J_LR85MU~`f$=vgP`Fhu9 zyBq5mUxC*L;=1e2NbOODd&9!%cFfoJJED<^%$G_~X9gDf4Il<~B87f2)|rd+nC242 zgeL+o;s@Dh0_G1Vc!9b>VM2(CSQtAsjdsSImGR#QB6bbvaD=<{{dLaobjVusL2Q|D z-VK$vW$@HD;C(XeWk~@eFUJvhu9$_O)MGIUfj+f6(hgG|mqz9-M8V}DP)$$5|Bvw{ zT1qgx5MPsL3?;YYSxE2x+wSPii%7I;7eT<0!te3HS#wp@uw}6ydV<4Pujv$B&tpnU zGNW(xojUH%j~g;6X3yyuP2{2XacL~$hV9P*1v`^+7xP--+-N0AU?Z+A}UL<2g9sQyAvgfD>oLI#-z~B1sGVcFSCUqK)=FZ!usEq6m-$=k%Ddo9#9o zt|X=cW^gOecnpcWuPV0gZ$PalTmdV86NaOZOHkm8lHb^Ip7wt!Fl`M^?`AK)`)iB- z%L>ZvB2XM{vprPcE!WF}Skwq4)wR2VEcn|mi$tw*IIub{LeAa4f_`4LqONvpXTbgH z2#f!jZ|k+WB3>^-T(+OC?@S30;8r zhtmP2V;KLtYRPRCyw+G>UPiu8`^dbG;I4q!F1$-O7{-JipHLL{*)82OC ze0{aaWlp`m)xUKEN4Lz4+g}1bL;79swcO_y(ZJ@g!Id;G4CTHE&OsMLEw>}*T<=|0 z{<6Z;h&Vx!<(_@8IAbfbhdEfQY@(JRA|%7y7YuGzmIoyN^m@iFN=NZN`NkWg!Fj2s zGh`X{+sJYu8>YhI4|9l>O2L-J?Io1NYiY-`!#Y@~B#Ghu+2P0Dt2MB34HShuLKRp& z#Q-E>-&$%pYCwg1*h2jPVaI{Xi@0X5TS6Wg!|Qh9-Ck#hPnP!LoLF?g+MIEIJluEY zbmyNHD+FDrjM`xM;QLM+BTxij&BZTCQB z(1Rn=RQfBmJVQn@Ax?Ohm`qZm zNM`n-Y?w}9D{YIC8?eL4fZ(Izd5n_Po@PU#-%q9I+oOe#?$Knql!DNn@ zlzNGo;#l=HiTL(3NVDg62>Q1QS^DVixEQkd(|J>Ris-C>9OkhE?xCB1?>Q0Ivp@g_ zAiAzC73Z~p?v2d^lO)}3crM4eF_3z-9*Tx14kpJykBnb*FbB@?p$G6MA_YM2=TpVY zWWrzsLIFr3DvbIMVxT4W0*YZgbhF)yCb@pdqvA$GPO3$=sYR+)9tzmIMIS6n%5$@H zna%U~!6qm(W%B44Gjov8XwnqJQqUMy!A#%lQk;EQa~=O=WB)T4GiafR0vx7)m9gl5 zYk>MYcu!6G*;REv`g)+-ZD;r%Lj|b%-L|;jy!Skp0P7Xtj$5VvW5u%XopSD5@5V-! zyQ=~h1mC&JN!d*cr`~`JXSHDgj`6}PyNStZ%xh4zba7XHc+36^8-aAqKT9EB;`N6+ zDbT_l*|4#>bi>|og+AT|3422kP7;->9}OX^WM)PjX6y0Pc6d2EQ@hMh@@$e(4f(B! zGRyD|t7E=PkM1+d5n-y9O`xRdFqxUs$e?eAJvd0-qBap;OIqW^lGGKYb@N4w?wWB0X-iq`?h<6q$R0^Rl*io)eH7as}e`>071tGeX)^0V2p7(o(H-*04JxX z++5t;nkE2PUdM|=fp-@ETl-ux8nGVS*1cyCX_Mf|%)HjXGt0`C{_CEwM*@tJOc?nj zi*Qo_8(!%>;>!Ct@@lBXwk0p9yRgGvIUbVbVqN)LTw51NMC_+?pf=><;IfKpJ$95T z4@o3;{;G@YPzAE;?!Hx}=h}8NmQR?zg zI1GUJwjGIvUkXicLn{&p%pc)SEZ{AepOHC6lF9rGhF3)QjK@nQp2W`13aO_~%LqQD z)_;~4rupd_6PvU;0<965L~?Q>sQxq%0a8>67Wsolo#~L}Puu|)Jt}t!03c~33pz!! z(TKL{j11AW^XFdt`tN>C-+w{bze=nBRZ;49?6v*1Hnqw7X>@w+FEbU&JrXS7L-_r0 zW*%_=*iOz)k&=A8ju!&@--4=r4}S)RelB{li#JbXl_JFX;uDz(;)4Icv*-!{tg0D1 zm?}aNRbrkxy6E3mIAkkPmchG4cJ;oi8$M29&(hGaDS=L1MPz9W;od^Gyj8r=f13$K zY_#Hn3+~tNJ`?Wxt=4bIk*MW9WHA1KKSkB=d3$XTpmirSFde1luhER({$9@tf{R9V zWi3AqpamtfU~SI;;J9-2VRD{&oY_(!BW>uhU*2x!Pgmh6kXwinNvZleq^47YqL*05| zDeGjre9=Q|D|A!Jx6 zWU4+pH}{l|b3lY1df!`eog0KorD!p1ix!Bn6q|&XPZhu);7tGWHfhTv8mIpftiMx8 z^l9qKgZ7{{>b_$xzWc=#0ZQcAGpsYWN=3Ot_gR2IPJ~XZ^)8lz8tN(+=4P**OP7r;>AB# z+*^u40So#v!{3C|+yKDRs}gVEPKNV@{IcbOd73qwR z`wTKmgz(X8BqXHLuvwAp90o3D0=jF71tV*WBCSU>&@+drpq#-G7(kiuhOji|rT}cK zEyzqjfG^N+hS$vZe~>4G+j#Y}%g4i_LM0Io+unLlC5FcvIn&HQvGx1Q4PLH-jCM{6 z2bcP`;Z^_NydcQEmV5W|0mSQgSL#yR0Ym&S6&F#V>hD%1fq*rALk$CCh{``0#jRS0TLWmFhj`C*m!oWa7&37Atwv>{D5j(js+BId`K4AkCsgyg z4OJ&)v-K_i>ZVM|DcYo6S=a|f5F0s=i9!!!Q)J5Vd%QF7yRFyE{7lJ3wjfIT3(iiy zvuhGcgw+0b9~+P-3jJq*C-4y)8KW5gFCM%>RP4w8@4(YrsiTt8u6YHoUjrgxhC zo{l>YW4~@tvLAaq)_Gs98GX|6x;;hO)eb-47&P3cH{I2jYXxl2V+eTHiHp$tO6CnV zrDa)#tW}HDM25g83byh~UAP1g0eL^P3lMdpR-n7ieOH_T{*|>~<^LFcPRG0c+bR!g zQI^-7?DlydA5P;=E!e{lxoNu3|F!!l;LO}}KLJoUs0TUw&82m34F|0MM2ABfe9DvZpiflWR#X**R8v8VBLT}hzU=q1G5#0Pr3o!dHVI_9Vs%wiaOd@)^Y5c%W+x9Z9cN@Psn`iI&U! z$C_j3hU}-u=<N92Qf>wJYxpsa-C2iMbyO%-s6H z*oua+k#h3#w>7Oj^G#Zlu0WZ;E=5(mdQIScOM z#a|iWOslfk_Dw6Ciw5T>WZUbU!&uh>qY~F!10&a~fh1LDH8a{Y#?ks&Qb0S-cDL`Y zzfqx`n?WXX(jFB21sOcqb%uERnQ_c2B#{+PW&Go%*PGMY_8a|@d`Fwpongya?vP9V z80T2&_uypFqG^%It6U}NLB=xp%ozyaMOKC+mIs(5%t}$xyuVWS9c@^u6R{cD5`S|u zuO0**Gf4`Iq`!K|Maywwx2+ff&qeQ!$f{Yf)Q`w z88Z`>!fvpE*H;QjOD@^zfuyoXvB<3%k}7xG3Y8H1XeU!Xb*8QEU#tj31r^XhVLVyWjEp zb~ZH&kQIdPc1nKC*m2#>x1E!QFCYV`PTAR$Q>>hw-=4JZI?`++8P5slVV%SdMeT5@ z!O93P#Gq8ED#q0OO^Y(lTTyjIZ@h5#YWvQmXz#dsrkCS9Y{h_oR-zSQ!84+B5jH@Q z!?{+2vl-+5*{0)>c?d6Clq4rQq(PBE-`!;&#AqYX3s%^ewYA;HZeDXFWeruf7PhLk zcYd)~sMKTr9@ac*T66!FHjiF&ENQ+KW*~mmNKDL4Sh}ymMy3^YObb17p!27q5c6?X z>2x5EZ4*EGuRLu!%)W0-Lv-D+<4B(r|L+n0?#_E5eRJydn=~>gwg~v%4|xBO(WyW& zuq5O`ayH6Rix|21iHX-~z3@(|$#_d_es~FrpCZ|r%d(_PxKlsxWm{~wZ{L*Fsx3dy z&h`8TGQW4^cpFu|n*D~gx9%iHh7R3d4^y4yo|XdXPt)H60=`8`|FQTy zc)jK|ZQ9(mwFU&h;c<~U7b4qUe(KEamDX}a_Wa&-PO}^?yR|WSY=d+R>+g_8Aulv^ zTQ!Ob5+@X@?jw((52binX!+cz^Ge&YN2#Q-x0F9pnpM=)}hs7G1;?H+Of(p~M^~p!?YCT)O)A!y=#lTP-7B zTKD$2-kTHuYqia~a-x0UYcdq`yA2^Qh{;N%1eimlt-RXxlRfntcG%ci>U$;Ay z+lp^#p#Jz64yYN_nQ|{r1Tz*!QTh1EdRrD#K6lv1=fLUDZEI@h0lC1-L#cp|5aw`p zH!MeX02}VdKWo1XEWS_tj7doGYIA7#^M&F^eMeyDh~fZa)%jb)B-l>dYejNo5@YJ>daq$IFpGCVPGNFJvqq6sm_4B`Cs>@-i~*$tbtE7h2Dp;LX#`9YfgY1se>HP_$S>tUtmlb*fHCL$-5>I*PsmhWXS*t;@HIRrz~E3jqalE~`S zY;cMx#F0uAIj(7c{@hn{eU_xCu_ddFr5|UVpJ&zeInQy<1#VI)!3G=zNuljKBW1gv z1wQlL!1u0CdqMSdU2{S$e6d(B*>KosNL11IYV#-dEam;c6vLbhE)kb4;E~*Ui>3#7 z%Y2D|udYUGHp4XKS64?HV-Y#u*7|u(ZzhB0p+c!<`F*`QU3WcaNF`G6bsLYwC`a<% z=PMg-a8;0oT>Cxg;`95!msgp;@05_mTVM0R*I}jvMaUfA>cAKXi z@`>175tUFTj#$W$sEj>5FuNhHvF)M#OEwC!J9|g+z5DX+N%!uiHHv3=PJ-bA#b-ppz(6hST zzI&$oeEh`fYJ! zBW=^AjjI%bY0MyIa={sE%eml^#1J*EH~iR9*QDL%0zKX$C|~LYz6H_UcMtRO$Mqvb zmFR$EuD?ci2mfqy3Nx7r4ui+jlZw!fD^q)P{fuGNA*IshV^PhV)2<+eEy7JYgQJA#% zYsmJc^}kt^mZ$Vd3CBc{izScWPGwxrtKuY7QC0K}YzOSmp(uJjhl1JXzxZ?*af~$Ink_ZzwPT zTFUZ|O^}Mk#|`5O7#QTmJHQqwzPso%Jw}Mb&8WpSc*+}6T0jL zORNG;kBfuxvjdaW^B`C?O$Tw=brPpE*J&gWiSKRN@7h|08bEXF9(~S#`)}atWftlB z{PH|A3{VeFmjN*g?p)e*Q;1hfjOu&~$6ruIP@V@?sja8XHzTMdN##-nNA6V|)usJF z1~*&~RsTde?17DOvKxx~x~3@FQOvf);1std93r^IiGK;m4lWRq^B=@%}s_!5JSUu-ZV#jZidT`bWxrs zg9ghm@gJEYDRzVK@G_aU!YND4r0MJs5!>!#=*ee?WRof{1-T;d=B8G^HqCDx3uDx&X6Dzy-w`Dba z_x}24^`Xj3L$1t#!%U%|$MufakJy}E^!{|;b>(Lz4^)P2pV-m-OS``T8F!)t4JR%; zKkTYd;_d0Iw^?!Zvjl0_u)*jsk$(NT8PAeMT0*wo!*Ak3hmAI_z~1J{eH+w}0ii?l z!kf4SrP!m5kCJsM!IKB znib?WcK0LAZ*C4{JihB$v6az=ZrQ|tMqNW(D}#RsrpI-mo`X0Qi?EBM@yOFa5%3&Y z8f$)Jx*6T!go)<266NT|;9!Fef}i{C00khui)vfd^*l{i{bbXaYA9vDdbPPBc zuLVrLK8|+#`U?4`Sr6_C-a=;fwKbP#CFsta9y+CV@Vx8ynqe!$DE+|a*egV1`oXRI zOrJZD&mJmwNWJD-9cYGnIWl{)8l*3xUOI`LlV8uZcXX7w`6SP*mL=BsTh71Wuq`g3u_yh zdUznh+ps{$xegvSNmXYtS7(=GaQ$=1$QJh(j7Pfy4hDC_&Z`n>SDj8C&o2GosX zlHQpr>mSb<6CSZE@1Rl03^ea!ULJ`mHqBlkazojeTq)Q&J*Q zt~|qa{s2Ft-$o_>hO_Fdg5a2)hH6%;g!ILx;+t9o>>r_c;(U+EliB;gHb5O-4$KB3 z#HID{!emjs8LXBUx=YNi3ngDUJ-nIwemcH1KCd1Qy1LLaV8qcPtm9{Aap?5V?hser z_Vk&xv1f+Puu4q2Vb`;8N%(5MpV=c80v`IRO7^|PCY_+J%&B6w(OJx0(F4N^1t={D zr8C^q5t~%ho+KZ&3E!D2fHaoA!h(_naAWVTx(+Bx>0;9Ou!(e^ zQH;_Y-?Pc%Tt8n_1K@*%TIA_EtEl|DAH%EGR`ae2)Q@Fi>i*Y)NATE=2@vj`oyiBy zLz3b2zXp@EwmuJ)5Es|mB1-r^kM&b2K=m_@vL})_u3^}_eW7%I?N^WHQ1k4mC**cQ zEMU*|-7eR8Y#D+#p9^!8f#f^{@7?)ZluW&PZ8T%pnn#ALge^CjD*+#!{3>QB znu>ibmbtz|aZG#!FaX8qL8iDZi)mHFv;L8eN1TngR~d~D4|F{3HT#n3(L zeON5_VQ`8m%RkN?O3-(CoHPC+N}rw=S|NJVEU^UirhJz?e53NPJpWmSf8Jn)-+_)E zcI!y?C$i4bBdA0D66oIT&YUo%dAD2!YOu}c`|x70N*SpP@vV(0xT^J`j1SP)cGBO; z_czWn$98)Z%-b{n5YF3JMoXJs;WQnN!m(Lvq6RSmnc~`q2YO)620Aq}=s1W17o2uR zQ>wLX3H%mp(zyDZ$iLLh1dE>)|8$KQ5T`a9hn~9|EZIXaxi&ZdN-oPlu9bGNTW_)L z`OAO-o`?D_7DXlzHe__*)OK89qs87_7RU&e5HIil%kbggEi% z0--FKC=0rpDGpq%<%bKd^hwB5=Z_-BKB;YFehS$;w>mA^7d{~&q3~C~8;WlS>!gI( zKS~E5h9Qlc=$$SOOes5qj7ylKK`kzSXc19RmYxu9<3rW&Mk{Qa7MC5*(~s{KS*J>d z!{e5PyohgX06&h%%ECF7bFmdvJ3-WkKyyMEJmEAhpp4;jZY`w-xqXhf7_yi{+RwPW z<{+F_*>VsYI$?F8L>j|;$tco@p)bQPu}cXjKdGilQm{boMo|2391p8$jm3ABi_1}^ zp_8yj%?#Gj6sezjrg47_gHmLU>J&+J73MRc!F44Gr#DWi}L+!|dluuCf@V+-X#PJ_?7 zPwvYgqnY7@n9ioyGroKc2$yNhg^0f%NouFM@XBY_T%4qrE)_vP##%nU5>J!RVrv z3LyR?0=*O@;6I|AR=KCP}zs;wrxA<*yxx$X2-Vej&0j^$L!cn z$98h|{k+%tu>QcDwQ7#48a2iv5(Uu-xD>&NFi}GSuR_fWnMdF&a?uM8Ms$D)Xnu;I zC#?ow3G^mX4ZLYL2CsjFX>FdK5atV=j>Mn_o~E9_P8svT?f#W0(MET4nfp_++)+Pg z1Uf7RF1Taa+@vT44OkGCh$m?NbI{9>LhCA6fXak~cRZvu;XWOXl=eXG73e8(^ZlU; zcJlPVan9UY^x-|}K0{3nfTj1j!T)u|zvpD#rf!SX{Yr1ST3b!K%uGd1&DoJHqZ>V- z;=pJdA!5W1HQ@DJ2joX6v)c0LKVGN0%n24H5IaTH6EJl~BFW~NIA9Eih$wJ3A&I7e8kfNz+3mn>H6S`H6&=j>UZ8QM z%V1meqk1nM{a8xwj@@LgFfvL`pF>u&vOmqQFHT9YHAz2MT(9Sl=BoWB=VOR8Tm?TG z!tGDNTyhQ_3Pz{A$=_pHHNFlANKx3Nc^pI}qz38ic3ma??wm?3aw8fK^1y(U=qCoH zV(yHiKevzB`~ZTJY1^Wf)~Kxv0q_dc8w!%hR8o*9X~U=QI}0gMIYtonPA#0jT=laR z+2y{STfX%@@SGgB-ruN@8}6iXE4qtBJ5u#bzKo0tRbF0R>p*Zmj@{?`ekrbL=*x*L z^kQTdc!jBRuB~%E$q1&52*68}zHkr+nb=WM}!U-l(?Mn#lPl zxeOGwR6_0G{4jd&D3#1tOqlv<@*iBBCv zcquBx7dVM`7%_(Zq+bR3gv*a5?H0b!ZOj`JfUGW{MDS5^H1b|1pww}{xT1MwhU%KW zd7cMin6{x4iK}28s!HL@Kg5=HqEJ9|XEUN9LL#vXb(Mvl#pDu4pITC(I<$L5&X8{U zfd7rh&j~(GYbJmd33qlMMeScD58xlpOxFBNc0 z(&}Z13uhG#7PK=@uJP;D;0s)Y=0i~^Nuy6BtrgG=dDbm;4NbH4(YVj27UI6+eFvZW zEO$MxSIS1Ozj(PGACVJbw^D_joqUP2C)b+|04YQeKvqEs(dMba+D9D&i0lm*#50)O z3TXxb)PHYMwO&J^?|k8pg};AWcJ$LGNGs6ZeJM;F**X|%0HZ!E8M0sQRHb#X~EZxO4ATQij#RIWg?7l{!02AF`hWu81-PJSW^KiD!tc@};{ zz6h+va#E6kj2_7Yh5lby&C8-uZV^0T9vngQVX>bwL|Y3(MY`^ZPaNpzCuIt24EdBAE9_PsMrd;5RyA^5Ly4#RJ_-B09- z{_)tY>`(a9K;6HaV*kTiT?Ox_3r$+}fU8}fhm!DuaEQzaDr>ql#v61(EMfW==?%vK zJvQZFBz5jXQEJuC?d6q~w#r8Kk0ZyATk55U$EVn8ee4@DEFv)UF>!`b!)vJWXaPzw z4w^jBvA|e<;~c{GXo(`Hhy4+3VW9Mg`*q#_qI^FfqO_Fi?fsqCe%vunyTRw^BzZh> zp;y?E!Re2>xuWf!u+Xa;RZIJXSmvRG%X7 zsBA&kXdX)diwOgSR>&--r2_`AICcmWW2FI)Q2RJORA3_HO6!AxEf3*){BzHpK`R8)`;ni4sI;IYdoLp8Fcln71Ds*yHfA1eNM#*1r+DDR@|5CKSu^a4QWmJ>DoyU9&UM{1ZTR!)CK5_i!;G9@%L+MM zXPH9X@6)Nzkh9Q#L)^qpGIhlme(YnvAGuaEgU~sO0Ck^@fdSur^8r8Gecw2#%Wc2L z*OD-+0UoxO!onk;ry|g64ZS$l#%5;=XlS#LmrhICAHQu$n$`t_ggG){B|(yeSIl3v zppd5}s+3>)qqu=v<(i)jGT&O3T^sdgZYz8pQ>{`Cu_5W>mLS4ltjRmL2Vgtra z$Q?e3oYns@s?*GR_$j7R%grD?x-38HS~)k$Om*edbs+5eX?XuhC)}5kB@h|UOy@B> z6jCdV-Pv)8thC6Peb6*UJosyw{-2m7DvOY83L{k1)70;L>K`hw;Xx;R-~ba?toW)E zpg9Py&9Rnw>r(zE%vw-91_z`e%Q`X##IV@s)@OYQyw}^MLluE3O{DEATve+Gn?8dD z+AUA6rk3y7QQGHTMp>?q&q$P6SE+oK+0Poi-krqpr)Qp{!{lR!?e16bfP{!4QuG>& zAbeW68-HVXk?@1Ud>>*sNL_*IEvR4_1TlU6oIca>Bx3umPS-~uoO|B6ENtYUb0iso zbnu6M{&?c{xt%oRdory3UXn^J2PRmoO{L*^wXuYBwn+LJ-lXRoXNqZ84O6yIk$GmL z3TTa9PsFg-Ktl+vECZO$H;Gi#Wm)M6E-kBVk(bc{6lcsh9#da&Hp6^pn(4Ozjw;x}%S21l zW<7Jk==cnWT%!C~LiMRx%b96ta1YUZMrf#T578g8;;LPjEVV&_3j`FLi0-hsxQWl^ zfAR#d=y8)xPsiG9Y)}i_{Hv0ygXDSNbUqw-CuT_{+^vfS+NLA|zf?$gtaKn4`Mb}r zHcEPLVPe8Mx%#b}0wRt&B@efWb8!)*$sKlGkjw7CcK>I@ROnA!!38SHzQuCF`GGCAPq3enaB;bLW3YA6u?DugcAQZ&~f}2dhUg$ z@aN~OB?6vV^=Tp#xwwvBB%yBeX=E^YW~CNJ4Z)R<59Ch!xy%#72_v@AyZ!3lXk3}~ zbB(8HV!z=%2E*2mIsf(>;xPZmb3<44tEUy}6dC|B92o&SvW`wZUxTL8_arY!AqG`m z(@ydX3D65ZX)51hHlt>_M&Dh;mg;{a3LibE`I6Z!&u8X%QQ0RD^%0|Oj!o8BpBut4 zr$_!c$pD{TkU!8n>zhNme6zlt>52mBp_r=G7b@mQ|8N;XGaU(2FKv=)VGP`rHM=)mXRhg z;jBWe+@f}csq3p+CW-`ZWx{sU_H&3z?j8f!T+{AH`%t--%ThYUdP|avx#E(W*hbAS(nN; zE`nT{KWw>aO5J!_%S7r-!YjI$K;V!dV!PVeIMs#?GF?5*4)*4@1LADD|*?pCvv|DA34(W`*a2Zn%oP$uz zI7~iETU!d$Xy1dIp<@RR;9t{+c+=`U^E;f#qkiGQpYR}tea2F^)8$O<)7Q5NLByBQ z>5w!%Q>VNVX_W1eI0prA8z0C zxGW2*94Xta&H6m&S*_iYnU?qI`%!+7)-0dJR|A+_W-N(0q_F{U`a@BEhz(d$TJAy^Py= zGKqJ%5Z3y@j$?Q|qFu#y%~*dUrr}63vMt}%F>sd$)hj9M6n8sNwUXycgD@I3w%vAz z{ZHLjeXe(&f#}K`l9R5R*mnfsk-Qu0sqo$?C$Cw+^qkM2UA?LRIT{ z8~j1QZbvZ6z8qT1gJ_f-OuG_@tn}rOX&)eZpmm4ybb5~eYZ&xEw_B{ARVeNN1$Cry z+t1#|oKSoAX6@j(!BQ1*lpCYFe^}DCAYhbk3u6RK{7WRC5+!@vunmmFXl-m00$n$* z|B)~T=YwP|%x(H;GseWd-$-ds2dpsX^X*q_TJI7P93QN#$~m7vy(coU|1M@+*7{7_ zj6injKSz#Hsy)el9DNaRzj8cVTiX0o40u|`U7ab=zJ!vx`mC=9MZJ*nDwLyoCmU>G zUmr+hp_Z`CQpMA&;5}3AUSzzfC`E0QKI-IazAKn{OO?fGrko)-wQ}13FzMpHpe%*gT z-R7eAYXFki>!m=7iTgCUan1IO05`I~xM6M+!qpLrDRcUWdivlr6$Qr%lmb zbvu|@u?AY^KDIB?CBid0hh9_kPK`_=B^VWF3RA1WJ4C9@Z9Z$paiAJDTiAxc1R*0R zoO*y3J9r@gCRh1`AOuEShL{9HUbRja)W|<+nJChd+zv4uC0Qb%6(t7o%9{pB7ex}n zPT}uy&h*xpr;9SBb%5Z8EEx>-#3+5;n~kLzecR^|_kt zc;$2VvtZuW`bzH;KX4K%oaTMq)90ktE2^TeD{f68Y};7>(a_R}FCUeIX*=oM{j-}m|S zzZ`Ob>^KNZeKW;A3&LVEI;CWBx90ACvC3colTpHDh;B!pj z3G`5l3@B+S&3E!A0TwC6s>ATlG-#N}i}PX#6lH@74YGn`cj#DAt8Z)h zi;S(*^}_wx<@&21*j->y68<~{U0J9ALLraIv1VGewMIMovYyL}(RGgp;9cFlD2%%# zpjx8Y5yOQo?8J=-wh1D;v05bfS^7c~bC}lpSx? z5=lo9T%D|sn8PVsg61}f*hPz{AwylA&pS@6>G?2M!)D5KHjh17ik#-qqz;0(+QY31 zDNChfw`!oqh5weL-AnV%N>ShsDYt}4?lT|&fxqthSxxPsNQtCE9amJ?jwU|bN(aXm zeSLEKK_Fy+ng~-TH{}??8Jj7?w;)rI;NBnbq$Y44EsUiGhZH{RsKsP zBq-0AXG4yUJHTyWSTFPhd$rv=qU@*J-SB5p0A zk2&%*z2{q{xXq{7Iz-TH-={T9-ED5tT91>XkBc&4i2}y&D~kiZsIpT!Rs(^Ek2*5^f;>vC#y! za~KFLG*miC}($^pX=fmdg~r&Y`DQA=}djVOG{8It$FwBZ@aIjig=&q zB8Q8RJnK*%N(p0LK-IPfkPqE**m#4Ie)?9-#&B6e#v!eJfEXlX6S6>+Fi>3bAjRFT z@+KXGZhdZc8FSNnt4-O*+~y9IIj%1?3~K}y1pUp_Bpc}V+I_Yt_DEuOJb$`nXT-vL z=YhDBY~~Hh(>@lk+eZFohFGF!TO{1*Kd|n)kfg06ck3hl9iuuKIte({9Z+M&+g# zYKo%GKUB@%VsIlfn#_sbc0ZA;pK=zLZr-&A#o8)geTlbHhp8PcXSxHE4PF<_YKq zZC?FG>KPk`9=?NI)e9*7trgj0VSyC!cIQXW8(rF~Tw$}>K6p~`c{1Dd36H*2f;5#9 zRK)=fNyT@-Blg0XKv)z^F_#-dnOwfwO-;?x>hTG`JV!zfvUsZaNpPgBsmagAk?nJK zT7>;NEBL&bk;;E|jlH)tJC(6W?M)=tX1}$G0T(F45yoo^*W9wtqq6xALPvMm;oOVmmIp{+4F7S*FfPL`QQy`_>OOO|q$F_S&N*_5tnBN0OXbom8BNKwb zE>C5v8B%!qFbKRZBZ3Xu1x zCm`cv7)MSOPhO_q^e^N~c{_Uoi>MS$#)m^CvLUQy2k&cnc;bRpg(MdcEZ$cI>%-%E zL4P}38~rU6wB4-FiksHISno#n3L{Nzko66j2rU82FDc1*YIS_B)o%N0JIVWg%6a~H zs|_El+j5#@+;mw~NXFvJhwy+8i6-T2K&ZN>(K+u(Tr5<8L$8selG z0@33)0#$Z)D@1q!%n%@qzu^P4gaXpSeP)=Z_KZ!}pyb)W^KH(pmtrcKgc@yM7dDiH zUe$Ab?gF4d=paQXk*?ZroAUOSXMI5fko6vCBc*bEtS?#_vli};r+1p{FY)NnAVwP$ zZz(bKVdu4CfSM*_hHiLi-RJ693RaY*WHE<#mIr|BelRT9UH@QmmXycW+sc~mPMdTE z@*z_x1Z|&~pr=l{I0uKrKeq}5Ys(^Pt}*2R<=mECPPa+2!-owQtBDp^6^AIXz4Od( zsTM-ni7K-i41mMmq~F{YvHXl@5gX781T-~+|&DJZE z*L6iGx96nGf8>2OAnZK0=)Fu=X2&0qdMqWW z>=rQ=@){77LB!<|xOFHA(3tBqKcA5sOSxrgciDUSM4ibdmcr=PZA=0uauVoYEYV@m zP~(PPi+rws;7e5GuUsDhe#JT)ZLOK9L6dTeNZP5uG2)HEXzu{@m7)%)I1li}nN9%G z^*!F{n%oz=M+#Y<#=g{oIa@60q1&W5L}7cTG$!3ENS43IYj5wi=TgR#t+AQ;j=K%F zA1C)|zr*nDcY!tzK1Zc5{KKynInzDJx@bpILT`J+rLI|}*Xup!9hmf*%OsRw^z$%N zxk2*Q)L5~o3KTREq8}n>nn2(8o3Yh4NR;ZXLzov&WtBf>yP=#vyv7FS8Wt_c0er`kuQk;mvyCwM{d}h%6 zi^*8B-9i};G4q7ZJDwv-5%^Z0NU&iFp$!s+lZIBI@~8uY-wcKnXtYH4{uzJB&a;=^ zE$G0Bf%sF~1$2y`{J2_LlEBSr#<%jBa(&&F%Fk{U2sp_-t9Vm`#jUi%62dJBCtfaB z#Clf?;`7#P^ZceU`{iI<_?7@h5flaCc+HVUGdI@s4seyjjyz>Q2g^sIXf9E@qdL)rQ18{dvPH z3Pu&PC0hvqfMuu_BcQisf@M4D z->0{__zex(jT*jhf{}ML7nM1|e%%V|4eR%HdiUwtv~7FQa|6w5cP`&|rrHk+qdV@e zx}u0@^Mt>#`Q2>u&OF~D)GHW}kR|*Pid)$4x$WU)wBgG3_M4=&T zxTtV;)pxN;GC*@6x$R@Ke%jXOfs@Nd9!Lo7Vmj@_j-VYnWwb3B`~<=`mB>Dp8G%m* zBF_tB;9Dq}G`@!iGTK5?#yC2a5rE+na{y5UFcxdY0Ial?t!t$Y4gNM)Oy3-AIKa=) z(fq+sNb@4(xihvnA^QPE9w>=B48heMC4#0kf$$*vjcDgmZSrdzIL$`1hbRgT5>fy4 z)$mkGhH+9bRLnRrfdp^XI%@y zM1qYl)eD00Mpv4V(E73HQ^vt3^zt@0D{Ne`Q%Ha{UhlNaI*7nK_arK^?ZrPgI+n1k7X4AUw6c8A z&eYq0ht8)}Hj2|F00ARF-K+&5juo}hl}^S(*d!%qVF}W1Ws-=CK|>vj)zhXq^xu~> z@d(}2wO9I&gI+#th@zpvS-dC%yt!&kBL9oMP$4b;`5#SttKtPM+nFID7O!)7D>(ga zWw9dQ{a%sY2@$LvtOKwInObwpQy0IzM*m8n-bO|RW3dpu1lm-vLSe4&KmnYoq-Q#( z(nP@G0$QpOj~t3Ug4(X!J6#HqiHu`JQ?xKhHXUOfI-o$$lv8C$s@Q74(FY-6a1=+$wgS8OW-ODr@^LP`MpCs4ywXSc?hrEOEC$%%AmJajXB~lSRF0F3 zZ6DJ>mmy96kngXjwh4HAMZU9PR$%!#wF^{JeYrSL66m$`ux!7047qPYQq_#kScbZs zHo~Z_vaGfdkx)Tl>5Y%r#ScbW&Lt)TsLHZxRSs?=|e~jSnC-9=F0v!pY z@bGo*FE6*8)j04dzwsvG|LY{D@_-a|md2?s*mGbTxRCbszB8jcSXo-y;}cwXLm5Ls z0jXwjIq|$ElKnl%RM0J=641VOq4T3yAfjTD#uhQYLBd2dq*&3cy-cH1rPk(4D=Y;K zQIU@t99>8)4K$pbj(TIFG9W9^!fNm9_Fkj;zOgi+%R#JuGD}mXvIIZo?KLG(SZPX> zGxLuEK7E6WYa4XVa!-zjE<$Hq7;FcKao`nnbYu(^6zm+| zcO;G{m+?^NcNh_}ys|2Ax9 zM!&PB$4<;f?%WP2H}>%S{M|A96&3(jaB0TUe{NmU9o^$=RM(pwlbmcp$^C=NH;|Goe&N802-#5afhime9 z90%Kg8^i>bRw?g-aHV`m3N0+Pn3?}jF$XXs#!S>TH4dO7u)uV5gYt+mut>oIR#o(B zC}~VN4Vc1ZN@_~#+Ux0+U+yojf!n8)ky;M)}u_UD!Y20%QqN=2w^Q zvfK?kM{;)F;=e!oZpzGbEoQRg((Iy;V{F%WcviVVhf!1p_dV-9keazj3`ppsw3q^l zNKS@+L5&{=-IDECCu&mW7mUiLz8TbC(|V(EK^#*+QJ0o4E4MWyzwM!Bk|9l_>sS(R z^shci>WpzL%xOv4DPZ1~iwpcyR>K^#jIY#+DL;p}46aYB!<9Y}!52_U9>@A~=o{wD z+c;sS$rWtK@=(%r$boQpZwj9|5F<7Ee3|DH*j*-b0*B!vZh-H^$8&3=@5NYPSBJua zj#xWOU?G@ZjLDNbTD{_*kAg;Cq7(0RxA zc}x3h)MK17?HACN?`vy$X@l7-{Nw3r2g4?neOBOo^d$H5^Fy7hX0)}X*Ehd!XWHD^ zU%L<+5_ODilhEv&#%v{qE;*LyQBbsMY>|ug4G*sObK@Rmb^}`Zg?w}pM1l+z4-Zed z-dM?DHcCRkI!@^7<&bm5=Wh9ame*m!aBjY^RqL@7OsmS zF;@bdMHm2nK>?A;)1wqY+CK@*hV;~^0F;dSWaZY z2W5ee^|h1Sq2Om>kp5=e#kEE&cC}J@E+8YB*>2OhY%sCOcr;|Us~V8kjzpC@a&|gI zjME@PNRMe7L{y9+Kyg)A78|?_)g_vR<|Sgp??48(d=+BXwL9`RVfG**+7Uq(Hjd^O zrlLl+r5dBXD`w;<9|anzP8LaKgbrg+1STt699h;(LCXO9@<#u&58M#0Jb>|Q>K3I+ zvTfOj?>RtIM2gI8{j@S>p7|#gEz1ThJ{Z*nvUGVyesCsHK@5iv&8;88_LBFP2Cg0~HiB<~O}ZVmx(Bbly2r#QPtvkGD6u4w5T$f*EgH&%!5$c!5emw+x;mPoz0Gz6G&0y9 ziPg2Smku_;w=IlwaJfL!1YU}qkz%KWS+S@17W@f0h|mK#$t=`gaOhOAMJ2t71?oxJ znk0EM`LU$Q@@gmwLRl?<%0hypO1{}=$|VCF4G>ye2me7WOM8jJT7Au0Wx~1wK0I=u z3=$)w4Y6JGpe7V-?ks#XC_0*o9Ap5DNAG|fHR~F~Xv1lmb_*__8@3_9Mh?EoeCDle zNBB9MSRtDy5lG@|`x4TUflTF*9!i-;!>1%;H=oJxXnFjcG}M0TA4$_!1+FpqFMm~Oq{JC1m4iTDEBHuJh!upa68Nv3 zQbWN?^mr;HgB^8jkr)>Xys})#QX;&2OhqgTO(mVN%NRgS zkvzAC=>0Y+g^5T~d$4P@rD>>{#{1c<*1G*!<*m56gEiA}k~{tREF8fqN$7c)2>8ux zc*UgMSbPwQolA}VkRWwk6T|~|Kvzr`R#DY(p3i5zMN?EOxCKw*MkW>x6HujG8|@ZE z2BM2m9ssV&00s8xRfI^FCIxnjKNc{KeWBCD(nYC(xAT>RCtqN+h3L$SGd{Q*L0B<$ zWS2Dx5hC}6*VHu+C@67U0wHuJEH1@b+(wv2EYF09I7%NTQ?W+V7$%$V2jjPNTyt8$ z0zr|VrTHjiMhArs$fv1ykIyx_jBkPIWAb45?OuUD9Wa`E39t&NkbC3o%NqOTC`+__i6W+nOs^=TW9N=Zbjl! z$o?gpCxi92%fr+yR^@|lmndCeAV&3Nz*0mD;ufc}7|2AM7-jmc9ZLYMoa$qMKG|_3%=GeMg~i|Aex^+l=~(=DN+-ZGz@*2ug>CdiE|Txy+X!Z z9o8#4(G3Hc-`o3JtNYj;RmwHnXFY@a`*6(N7Lw=WqUkUYns}Sp_UC^&3aC>G*^g_H z?e^G-h(BgM+t<+4M9LjEaeLuJ^=cJyCrV?Wi+$9> zn_0)J{+3q=NC`QVV>MsGXBypwN{<1Qsi+KCX>&we2Xdtc#gBVi?ufrb3d~A*6Roe{ zC>>ZdCQRxmj!Li7?VB|w&~}#+-jyq>ibWHc83J6vtSjvd`)cvpN;4x4cIm<+4$$Hy zBl+wTr!2hR{Su4+W#q$*X#MmTf#VF6E5?>D@)*q@9#|m?^}%A!XaKGep5lk3W|8Ey z?9h>orW<|$iSuuFUE7cGa?IT~WPYFLUC5cA^}ynEpOF|Ii-@$2N&lxj+0N(Jvw7cl zrN05bSpCvyfrDut1fN%~o&;43;8;FzEjjVGj)<;#FDid>UoE`X`(6iUg6!9;VKp5n zytxPfoPZ6~s+xXn3rj$21=gl*urd~;)YmpE+x0l3>?LBm-OqRHcdV}bvj{f{l?rA& zgMi6^S#DXKG^JW`lNHq48!isPW*dkyTm~yFy8|8p8xgKB5mhX*&eKn1{VowrY?rIX zEYA)i(cL9LtXhhoFRe&;Yo(}YJ{T;Qrl=IMz$abxnrinbS)6l&!?{}WRj=v@A1)Ny(GWA`c z`F%z6PbWsl-IXe2f86u?yFRD#x7zcUyac@AE$xf5i1W&y5G`GS%2SbhgXRuCIHs?u z8O^Ax`*N;(P-^Oiw!kY;CDwGYn2q-p)aKrA`w0Q#W}p-i|8)e&0L-6d>!ZwRU;@Id8%`B|xsA{Dsj-)&%GoPMSL*h^>_oigR{gViU-ka* za(lpyfPgeZkV?1D%HzXler%dPZ!eV(N0eV}Ao7bL!H%EB`-vnmLPNHQW5-bbZVy&W zd#|A1AG^?z#x!~aY8>HWHP-fw4oltncqX~U=BFG00Qifksh837w61iD9xoIYZ|IG< z^D?3NoOLMd`{u&suszic8LqVbcdg^H1l#Zdw5+VFY*;IvC!IBxr2+BZxd?WDte8G0 z$BMWsCKVAQDf2p(k_nJCK_#Ri`%g0dsy>Cwu|r!LG`mBk8im;zcXC7FZaF9NS6ibTLQFAhP`r;inn? znYhZ2?`wAF^QUcHt{$)ou(J>>7=0_UkU0r;ksl@KsF)>{G={HaFHM1DS|VpXRHUQ{ z2Hb1YSLW~AJ)biIeZn)FU0o>WY1YU0UX70qaN_;F43a;7-^4aqkL&VgDhspkd7gHs;t}dd&fx1|Q=YQ@$KVSIR zBXHkz-1Ptc#K6EXouMU)zJHxH9G<=Ia)|hw9-PUJ%WKrE2qsRF9l)u(yM~Fzx;^7++}OsxpaHJ^NB4W|kCTOt#8djXE+i5klKArV6p;fTDv zIDa)F&P0Jcz&1nOt5()_IW3to;?4!EycL&nNIR5JG z;r1n{i1B(5ZSb%%5$+Tb>knhTsnjs>FH^o-7xEl~YZ#3oVlXXT(WI6vHCZWaNs8sjsH$XGJvaKcG`%35f@}*ia=;~v79BOQ zNHaDGUM%oc$*#|a?diE$R!$R^4f$Q?a}?EO-*I%DWj>WY5QRzqv>~|g2-5yiHv%kQ zqat?ip{#L|L@d^x^6zZ$yozY(fBaqUe@U#bg6wjwQ$&lBP~kk1_6$@kZen1;m7J{- zNox(w9;SsXHD+_%muR(LlQq+z92psb00aF16@LEuI7#{a`z~15{;&O1AgJjl(o%b( z^zWv#tkSq1Di?caKfl1r@=BKFo*utE0Ai>Z1{NmK%Hr1jSgJ#<3(rfo9Va~uVrsb~ zdBP}LF-cl;pSpY~8_-8!V7ptve^U0$Q}nDM>|kyg@e?&-q$ObjPQ)0gvJ&DpgM_M; zqQ&Rom2jUN|GMpH{{M3UI^SJN{ne_PCO0a3dv9-lz$3HUfA0|zSDhbCrWwo-w(U#+ zYqud_dxgp0`ERD@SHL%q)C)L{2ZFjIs;UOUkJnXgzZ|WMJjBorK8Soz%SYi2qd9qQ zoS1VtsuVWMq)DMr|FBTj&zI|r_ij1nRjIl#j-g;YMetn-I}TTSDo#VhhUQBbIh!15 zoEy*ayCXIA1mR)&#Gkgq6&$!u{;O=&f-NNv4jCr=8Sh>OrqZ?fA4Os^oIZMy9x;{_ zL8&q4?;N!CzTCE3mn_afR$dwg_D_|$+uLVtn@;Q}+0IPQTkh9>JyM-;0ny*q^1Q$9 zQb{l~202P9+@P;P)ST}r(06aiAVbq%JBpox6IKeE?o&_MIOok2aAi01iEllcqXmA? zVH9#%0>)Ii{lDKgfdmy*J-zCvsHk)nM>fD%jLAgtxX$rJ)ZGCz zi<_Z(_+}a?W8e@?uWW1w7u)76S@H)>oY9o8ce$P!(1Bj|=%7lkDW@YMrb;_VXo{!& zwl?sKm(s+-fs#P4??H5HDZyPG)pLe0f=0Q&;mb z{*SXN{_OnHtbAYE7g9ZqbO7W7=qlf5PvHH-E;5aLHd1P=7%QkOT3kj0nr1#rJQ|=rA{y z+rsX>J0)gkLdX`17oJc?e(bo16&a*!k?}1vcWQ72vlkDkShu%{Z$E0%hNjB0p%9Uv z#-7c-fAY;c3?ZG4A3m;z8RJA_F?i&gIh=b6dg(uV?_JY@Fn!rLUbd_>`n)=AYj@Sk zO1SW;TA>o~pz%TFw?VJJH`{CijQDHBQ*#EN-kM9gtgvmjYalE3L|?ljW~1+Dh9Afl zM^D?`CuAbzw2>g0EA#7rO#_EgS%%)Pe*qgC8=xLQRVKnG!5<_jBsefgnTE9ZRyJeh zLVDDmcB`fAHSAQ0%}Yxw&(}89eV>oPdN;54v)(speRda!h&0_qrh_mv6C*UV!}jGN zn*=1Od!N{K6>`0;ZDd=%eBxb&FbweI>A}VO(%%8K*2;z4OTTLeUR=D(N-uNxklZeQ z$VTT^;;A~OjFrLqb8!`kv8vmowUPw>`tHxm^VpBv@z1VJjb`dh2ew0*kOXe>*+*ln zUo-?zsfmlhBv8c;tx zq8>lZsjG>fweumlhg=ePm!s{5BDprVmS4(SR}BvTf@rm~%xfn_ zN~Vm{-8w6$jv|!}b&4o4tuHG22t|Pa&Xic69S8Fkf%txrn zEzbTG>Vzksfm0k{X&Mk12r4LLfIbAawiaQaH(ZO1J0G9UlJ`5pva_GK+>t`P=hZB zZg5r$P%bV53GM3L%CNE#uuLNhj7A~U`{P$-U`)vk@{+rY+wQloa%Zq}{f);rJDk5C zjzZgyd_g0#RA)3G=}^O}mzW2>#kW~h5zKM@uD9lGsmyrtH5 zS8lD)i`r4%|0o&b6Geo(n&1UAx*UIP`z;;o|H=Is(_?%w9-AO7)*q~nL9VY~-=^zO zo8>Nk@6EOyI%7|{;TBv*wBE^rKSoj-B#q;(iy!iqNLVA?XJ7U2*5l&5@3W?>@4wxk z!MgYeS6U~%YeHdu6cOepKeXVEQSz2^Ur}Mcr#yI*aDIK zaNOfKcIgH|m6ee6Y(AWO(QsaDwLW_WfmY7jq`FwKUQU}tveXzo?pX%0<>PO@jbXNv zh`0y>xGrrHl1<1Nt7}xC@jpF~MHe(MSD|Q}iCeAHb*~%@OCGT;Dt+s`f<&x&KKU>% zFJ)4d>&At(u>KW@dG>11@8gKs;^^>@VC(PSlCAZT*Mz)S zQ;Wcf`NqGkq!}S!EUJ2i=y6_M1ts8_8|;Jrt5{|>CKxJI(qK_eDr=(pZ>Bg#+BD)B zCh)+@Z_v>q*YkLV*zaX8nLP0iLbhKI*)`qFB%GxpNZl2cB?S0tX@(=n($ezG+n|{t zQ{Vo=9!KM5w{H&t4eYb;R@5fm$vKlsOsId7MKm z5kF8#ib@USNy*0tGux%k&Q41ysj(zw4b1R8A3FG@8&WD2{6DE1R8 zNYL@&zl*i61sb4d6NpEqf9W~aa&v@)jiq~|1hp0_nnkz}z!zCqWYShbUVOFo`Fj#Jb>!ehI=shfcU$ILl&+;NqAhNmIi95R*7i zsfqRY>~vhJ#UeCsTMzdH!e{EJ&$6ZBU@pYh_c!b9mndsqbp zbp)H>`oiGCl*ezxF22NUJ%qB~>9zLi7BFX%Dfcp>#syJQMG^p3ySs;w=Kcro0uo}{ z3GhBmZ)k?#!Jr`6G@q~i;57gDQBD8HDnsAv=0&CVGx0wEQ>AfJCnh!tJ&a=!M^Fsx zfj@Y|MOmM#pu|bZC6ni%c{{?c_nonS`-LzALgBH5K5mGKU&+Kcf7gV{3B+AK7Qn$3 z)DerR_%>g98*RCnYGx5-r!K*X_(NFBsu1mv+{UxHEM(kY940Gf?%sNB{AX9z2Wt&B zPT}Gr>WCB~R^IJ%VXDggwYHq}(`jh{nwY@%@vmkbh>+8su+1`qf&ZuL@l3}33p{hL z$BhU_64ya$C4=PX5_vDk;Y&fSI=o-}S#w&`;#Z)t zI$(0%?GGiX=g8N z=bMpfYTQw&DvmGeMXr!t&Dp2U6!pSFpyN`3^iL*Lo$6Fj>SrO` z=u}{jIlK(C4h*<&*LMkitf8*a+I(qMGj-@Ig;pL}BJC(-y-AakZb3zk0D+PIa zeR*H!dtYd%;V2Khp0|JDQV(pN)nZk6>e9eOsh*R(E2<$gJn5Sa0+EaZKr?9 zf+B_1$(!gQ5ck8Zh=Cli0aRwZQ~+^paV^lF?rKK4zzeKHqU9 z|M#^xYtETD9YFs+MvI~{P83z0AKbHrG6~o^p3^zAO1T(PQ5JobRf6io`^_zr0gHK1 zowFxt(k_GDUp#^+I}{qD9D}p-bW{Arb~L7MQ&(7xR#Bpbsl!pj^&W%nZbeB&3_h)A zDBU>nE<9uo^e>M?#KeTUP?!+E0AYCO5NaV}(WjC~gajbpsH>=yoI|X5qys2N6xD*E zB=Ho(1N*`Pdu5lpx(@HrzCaESkC38V@C9Dh{w-t}Y{JFhGyLTwL&^50)yZ7J(?XrO%uaS8+ldA0L-a7%6)+&>f{4()q|`$2lP)WK(Q^qi>rtGJP`Vjf18OK*1ITgG5t zu0kl4sE$Tisv7cmg}iFCaVm~Cgj6^yg>L(MyJ(ZuTgZoU%%BKu(hQ!t59~a;usN;c zO#>Rigz351`N`A>QrZziprM4QW=^~ml15EqChCre-HjyG`$II(MXDK@)O|>tXuPr< z(TH-av_U?Gb0tx3dPG<49kRD_&*t50^$uM6Pi~YLMI_65;})yDgaYO7PTiICnwWt-20pr{=I{ zUPD6Aw@)}d;B54)x`@ZlMIV(0v2awdSn#6*vT7~mj?`adrs@0uw2XL3=zS9pW`)9? za)*4>yX}Q-yYCWxyW~4|FE8%Q(gEe=#9ZC@Z{CcAvkAD#UnFHcHd6dw}RtdHA zq}#CX+hCTX_EJumfjvXXzt<_b-`T;8ab$J}V{CLma?Enj{CXtgJJ9=h-!byO@3CG` z9)WQ8gX&TvI}W20OAeV88Y$cd{B9~X|dyd z^z6?WBRIN*dUYODgFPR8Nnkv9em!91rlFO9nvSv4^(@uyQQ*37a|LWgb9K*mSV^t! zp`u2do_psbMc3=O+?KPv%m1DycF1r=Bg2V!M@e4e%QBcUwG=NFm4LwH;wSO|kNMb9 z*T6lVBYrCtq*bQv7LEiicOGxN?}Sc%+2pcANMFV5xNa`Zb{I?jO~kQ>CieJzf0!FDpO)Y6Pa7U~=c2$?!g0;C3fr%l_v1N(9W9ye#-z zEV{qH4_1x~i(GDDX1xqZ4c0dbESfy*J-m&Jq^dU=#SupQg7yWvj+T~|5;~yUtVFq% z79Xi>V}lU2X=e?&}72`Aw5<3df}>*>aPT*76<*_I2zLMpGQrHQ%UMbs<;L zpoJm6+=X1b^FjIx+1J$#KfwI4o^lprR}cx}fDTq9Peh5aKo()cqDX3dLKIOgIWreO zKmSo4$wKQVD5#>M!pH3L@CV`Iwf|jacOXg$kHb1qK;Q-2<<>{TtqNI?P+jGM_5&?u%)P0aLbiLydGDIvjKWH)+XS*Dw|E?M(!kkBv~?@u3Uv zw3;fi4~GM-wGDD4!s(D-NF!bIB*XbadLoS@0~@#q>21^Aj^#TDd^>Gcq9nSCLd^Jn zE=iH#AF9Zc9tY%wJtrvczl~dwq8<|$UJ17@w(&F_xRXobeK`VFctt%{2O)U>wR;cd zX^@X5k@5I5VM{2Z`bX+`#ngnAP^=-HlKE@siOj;BjG1E|aJ%!iZ1WA;H@wz<<)QI3 zFVGMr>~!qj??|t9Z4fNFa91+_JC))up#g6qZ3x5$4Yc``T-pf7puqjPj-TA0-Os0X z8>{O<=I6p_G<{QH-p(e-Y?t$2!o!pcz41 z!w4DBk|w7BM$41Eic|D@rQ!ZN!8v?SFx1aB(RWhZPKRGzNPzl$0Y+P2577ASP7DSI z2Nqqfus(jDqv0^G0eg8G{2d}z3b9?|9GCSs4&ASE)4y-wRnEHh)BQPRRUPSgHf;)P z+LI~(t-pZm;=idzr2%TZl=1b6;hNmd-w4H>?nnt_ojq*S1dxMJV_*u{irfaSPyT)r zcx;}$jsOK0?C3GM>acyiH$bShR#YnMGu1 zGi)`RWDz7vj?{bd>srvJDZ4dup}_~;f3!AfExqSkElSoxi!Cz zRkYmAFxtJIyL_PhMNdSLp>4bnTj7aa(P$4F1XYWT&bt2m!M6+?5>%rq4$4D%)f4vN zH%3-mx_}@PkIA*NX~nV*OHAm)8azU_=*E=s%s&ODq=@_Y_-IH;(Ha-bGGgwE2^uya zrO1_w!`CWYN2;H=Mpzb22mBUg<9?~h&|nglw5$@J9MAfmsf-)`Wu-wX_~v|xU1eT6 zo$WZSlkfTowMI12Wuam>)9DoO_vXaLel}`TzkejDT&)?+*T&~{_47J)lHbJ)7WVwK zJ%X_#we_Oqlx?d%r^@H}r*3+q_inI&)k=L%Tb>nTjVpLTqMuT2_&1a$5<*Pq-0*1Y zY)KFJn_7i^3JE*E2aMDal7w1R%iL?~aRSu04?vLH^WIB9C`mpVobWc&`!)&zl)ZgzL1W{DT8%-FMztPTik2fY0HkuvYu$c_VOpcHz1|F0 z$Qw|L)>J9NMdpN)o`$5w2uejqZ}^t)#8}D^sLv%O%oJM_uA!j;_)lXeNRCDW3mvc$ ziZr-Y&=hN;+gn`bo6Bn?YFsF6zK>VN`OI1*O+foLD?yHiv9~|7NThg=NXCuWo5!)1 z8sxrX?0RFYY!)ZG0&dCE-xr2Hxw)uj)2WU3kw7VZHku!Oe%`mSmTy?>J*cRJyMl|9 zbx%Vnlge3~co#xKDAK<}-PEc%8R7-SlU$qd>fnJyd6AeUuU`NsO(Sy(?hVVA?hvdQKQlfm9koz6>& zn8~`9V(QHY_x4_hr!Wl12NKYO6rpS@X};PT!O=0t04btCq=6uY%GAQf@Nnao#-sDp z+=i@+PiW#1gMT0C(8KS&p!sTdRu+^A&Jz2Enb(n8w zB^V-3uYtJ~0-FE{dN3QSUTcehVD3Q+^J=fx=o25#gJ%T(1ZTe44JMC~-MMcG) zVud{ZxdFpg=kxrQ!W>Tghzii{0)`S~mQBentb%LwtS?Lup9$eC1xh7|5}6fGN6^*q z&>MF)vH>zwSe(ve?r$uY_7X;KO^%MMG&D5Gss2*-et+G3?w;P3-_BZaGo}T#JDlpv=n_`ce+FJV~ zcXMn7ADr|Ry?N-pD5t9fv89zS?GVRLFp{gJmK2UTdMrreR>e) z{YjMJMJnSEaY-@4#4OF-$-ULo)U2#5DOo*qoz!;b7id2fms3&xMM6xQB-(f;)_5UU z8?g1L|MZ?Vd1<*K36flIfxVCxyW$H&xEnGh{z}D1_C3`8J!ZN)ISJ8wwRhR6A%ex@_su8=~CH(U0v_` z(Zaen`1wNU7D=kgLBXW*ttE7O0)t+85t zIEIntt6pOpN2E^HD8aDU^!At)SC={gA#W{DVfkMQ3~A#fjFD&O)BC>BiQ`7(n%^zW z{0e`qj}=m{FC&VIBJn?MeFGq1F&Gq}m$e`ITsD6bXwq{@H_U8m>H;xGGK4V3{Vk8a z8w-)_77O^qq#dVKx*u5%p2z)%_v5Bd9*dx9ZTwsOmj&m`iN`Ej?d#4->@m#x-14-W zoQ(Fj@$uFNt_6?JM-zav>fnYO=U63MQ_sn_;zU7N0MFp%oo5gz_Q~Gf{>l~KMx4{X zFF}I3G+~uIK|d=iM89)!VZnK#)dhWdwxky<(bxbETe zc*1VM0l-_dS-M(vI$fk0t(`;UShKxKlvKhfPSwY8F1%J?fyybaZdczVYt>+GaVH_f zrni$oN95VMr8=C*a!_UasuIKhu-NOD397@kye)oSs;a6dv&(Y5!%ELO?kAT4{@Pwo z+KpUObza;*Ieqn_M{0dExD!JGQ8MfVGd^u)Fb&>KmD-GqKQQ-=&Q=$7J?4Etp=G76 z4{1e!rycChA-BPvdGrRr{M&E!pt;72|4d*~IJO)ncK8{jqOW_PqIFndmy9)w^DI z(`57QfTI}%d~`HlCp4hYv|1dOA3@}4*3GM@%^voiVZNc}#G%!fT7R%4UHPe`49%;# z+Pahtw4Z(NjBR&2*neK9uROdCt(F__U*k;4*VojfeoBE@s`%ELX4~x@qTN1pS?I3Q z+jH{u#rhm6H5R#40hzh#;IoO&T+i*k=bpt0j00IrPeQQ1)BEAjVAM?rkcGDG7lZ7~ zpl+?vHARDylRpyi>29PIN^}O@oN7Ug6*d;e&|Co0*Zawd)=JsdCy;-^$3GMYP?Y67 z(8+6!daaVE%IhzT0juu4y%*FIAb=vPOtV_J+gp-#Hy5>U(< zjfI4h`D|%uxXXmyb$6^}#dh8{rS^@UN0xI}LSL(0@2GivWMZZM?2m)EH_qw0ylT~9 zRfo0s@Af)~p0<))*;Fd6R_UjQpdQ3SxJ_=|Pi^n4>Nih?O@7@uOdw|R7-n=j8T}uc zM655Z-=)HT?x0geeqKy%wmqZ~CAYY&*#6mD!(RD0m%whb@#f%nip`rbY1{VPlP>ML#9R5@6h0LlIYy|FO%rT`3+R4dvYSiIX;HppW7zEX`dXMK?l8r6Z}+Hck+?s06O*pSYvGdZU_6gm1Aq!q5@KM zUJ9D|fmNCa&J=UW@T!@NYqow&#^qbn;ZZD!kagg>Gw^~!mBmU}VK2+8C$kVnFeJF&AQ;wI#;0H9wXtq9zVCEYUdPV0 zEB+5@ICSwa?h};lo7q4-Mht6C-KPb&o*UyH#EH%f2DFY3_3c!y9_HKnofLH20V`O& zL(IKKMt%c3=avk^0gKzSm^HGYab?J`FWxS77L0hl`$|2p?l~ZUR8(aYCdDXQdFQb+o+p3*k0!*|IPaOID3~ zER!--?BLz)_JIGbp~^E#&gYGVvysxaq80hji(!pYLd6Ho%l4DI}wTKEYVs==Pm)Qbq7FLoKV-5;ikV$uq^ zifx~G6Y_fkQG|EqpfQ)Q(Pn6h#*a+Y`(9X^+)=E*J|1-R|Yagq1dZu{P??p`(oQp=kBih($d z{s825pj*%U;TMhf(G<8*#wi~gUb(;4CAKrd+o9?`Z^y#cOb#F3ow^5OS*>7tYfoV# z?GYQgW8AKkfX%j-(t(wh6{W-u!f#OigJh*O8oElxLH@#tiXc|0^K@eE6@~+Ds^5q2 z0G~SrTgUw)v}FbQTWdK++d5?ba|s12;(Bb26jn+~(mOd7m3Svmg2FS?%Yo><7ZjB0INgJ6JO;wp z7``I>PFFuB++b_S+ghO0S95agsh1U?4OWXkm`Ys)Q@|)$<~?#Fg>YSW;HcinXG``h`r?5Gh_q9Uuwm{$8yac?0Q$Sgfk!Q%tGekrrDoiUNcxg8?< zxKbXyIM@thU}c7V(pMzgpfSA8i8Td>wypet*W%*Ud5*Tivze3%OQ-3n4?tC%%xonfwZn+#p7$Y97Zf}Vvs33VA z!hNtCvzQZhcD7a!9H-xcdgBmChKyAhJzsfK|Eha<9Z^by&hJxe`!d}#)cwrmJ#6<4 z7g^*zbTRYkuk$n^k0$jP`S`M|0ZE<76-)OZ1v*7;R^h{kVE_=k|OiS>zfK@iW+c zTh!PDuC7R8K{6u$Vs*B*`G_I(Bjjw-g$vhAh zn*sg&PR_= zPy^QxKA)!?0Z;N>S#rlth`2e9ME$kjUxSfg0-?8_8*m7fk`j|H(|Bw)>IzF7%Np~e z)~6!~qI##S?cj;JOeT2^C4c=|;6%A{b4vMJG0wTKVSbky$1}n6SibkOs^iTs`den? zU)zm00Sdz}kqU-N)VQg%C33?UMEr;OS zhq|9JH&vXyhGFZt`hiMgjF)i&AKO%XVWz_IH0!`_rW*0&-83iSAa?e>{X;(%2@1$C zO4jjWw6H!wGc&VCkm__>w(vicTea)+ap+@eYHD=Uf=I78B2Q63VY8T+3=CJJ z;(yA3>9DwT-9hnYXjc z|6t>FstH(X^lDx_Y-OTDnUnHO!jLmT{%HH-HpzcGCcKKZPE1nj(RW)}>|&Lq;EXQN4>0VHri1fR;1A1r_Wu6ip?dZ<~z`r509{cnXb#`t9e>ydc z>AabtV`ThEp`@XIo6b}cSI$gEU0NX)WkIeJE5ag>VMLl6R`BOx{TW!M1?!bs!@ke~RKe?~n%yrCj^^Q7BFy%Cp~=`;9^T_2 z?2RqKFN~`OG2jJP9&saR%FbBIm_kylxaK!H6_BygBs{BKmwtTb5~@V7u3kC^lfb6? zil)WK7MGFNkO+nkUeh4;+S*!B0%$AMz^)xwH!QUN0QrqY*)WlSUuExaRMS&(4Q+o^ zIRkw`@^}SNx>33{IH&)Z3J1?yze~H>P47sn)y&gHo3BqEKo3x_7M2(RhlAsHIlk+? zJE#aG&2%7eGof%$hCF^Oi_hc!()*D|mg~7M=6wl04015jmew0Gclfim);154 z#;)Ps9!@&h#6RAquhyj@FtlvZcTQ5pN%Yb1p#D%GVL1fAo6}xTq)ME|u@0@bp(jb9 zl~8x%$;3&J6UU9;vpIC3O|J zuAhwUdz$VO>P2rKIUxe50iUyEKKKuw#Xygfxe_{-TlDB-7uI$F21sChSgMr#C+Yd^ zl(A#zDGXiheqe-07$PTFnRXtw+H5u%*%M#)c|;Y5&wQ`G=gt4;Y;SBS3#@w%xf}Hca5jQfI@1JuI>WwMU%_Xr&Blt7&Fj2+F0$V1pgGi!g*3*B~ z#+&%xV;g~kk-QFKRl@rqpV!v1U*%(WQkNI!Ts|vvCE}RaDZJp&prDbn003w=JfUmn zwY?Qyeu@A4_;|`-{mZ<#H2e1ik-!-b-a^IUNm)mjq8Lz-)_Was(VP0v9b^fXSJCFF z%&SvENX|x9Q2=iif_=(d>STZy#K^_C3noby{9#bt&XtFfjFIvOvARk&is6G#>w^6E z19IT-9dV<)_=}D36zL-JKvZ$EyEgVcdyDk3;i`% zQ|j6E&%UqZZ>R;mfKz7@Fa5cJ%+Oze{L(_PeM~Hj)oanmgYk^@h}TbFP{3C5KXn!F z;~XnlG`I6LdX1Vvq7I}2WUV|*6lrT)Xxoce%Yig0A*?~ZVq)hT7T35{J%Kw)PR;#Z z)w=XUxYOBk1K#}!4`≫N)Lm2guLuK(+d>2=oNJ|7K;qxZLk>F*_0gds)|w< zsqQOkts;$#3nn(xrFdhEns(cwp0^Hr-E2ybG6*MiB zKktJWHGBgKzZQF5r9mZ7be+!vh6WNB%IM{fv~WS2K>vG9L0m@}+@N!IW<@O8WMXSg zl!)JzZ36>w7e*ji90E3xZrjt_PvFzaHHcsSmOz}t?H=n2AEPg?rYve^_B<%o?PhVG zerc>6UrTy!#xV3FO=>ZUZtz9C8q-|~1?|6OcB5y-F{S}uGhf85+h`$0DBDSxOCObJ@du4G?D zv93!5(Cb<7CXauR(Q`Xug{!8i7a9XP)_PVmbvK_jJ;2UTME{2YiliW~-(84;@8YT9 zhCTxCR%7zJ9JASo5kuS64)gAy9PFS$&8-rRCc>v4AdM?}tJpmp5AR5aGr_OcAkoUu zFyJ`Hbsrj>PhZhHU}y*)BfY9yf|7X$E`FF?6dE0{snvYq=rXYB^OqSDn?dUgeR1>Z zTV>}(dd#|;*YnJ1hwb5c)4RN2Tn3`j;PFH>OyrCe-i)zNZkI*Z!}q0ic&qlS%(K z0iTzThC1wr(g_Yajik^&Lcz4#%~FceoAkQ5E~Gy^Qu&>}qH4a)7Rh|pB}KmTmxm>O zk%pjT+XC{Yhqq{uhR7CJSZ3eH8$Cf+W>K6)_!vkdcz3pz>=;(#}Qeg?Crxv=0HMN>aI}112k_On8M>!wpV>2Q9n~GCpT=*AXrl#rPga1E~&#NMPkPBDGSED4RtcxD9!5k`&3dgqS)A|LF>N z_du>{LxE&&+dci>;dnML-(x^0dXoCGIt6@}q3>qMjXP=#SYuRZ<6BZiJvuR(h&0r? z7j8tYzGyp7+9&18Lp>H|O43lv{i$V;BDjQ(AhQM9bKY0#G^S)e1pXiO)Yz}lyp{^=W`DmevINw8an8=vRUBOAOBS{}8TJCi_K}Df; ze!%}`4Hx<2!$lm%vpX&q&WV*^-~dp`v1TtmKl~zpaCyH4F0QA&9X`z! z{RS|-PH~w)Xtq2!=XL@7N?9V+6KJf8DQu@8AI8$9XG{zzEg`Fu5OpBno~}j75<8mV zl;{D9{6y=!c-@VFAd=kYbj$A0z8W-1*kcr5#qj8M512&z+j#+4S5WB~G+0znJkA&N zG6nIJ{(7nKRWP19;#)jA1{4zMK@9oWt3#Z@X*?Tx}9r%uN% zNM=`TXB70SW?*64s=T1IE&fAJCcmjgIDt+btMT|p8@$cTz~XvDQAtwUg7sSsq=73_ zIXT2WRA0m`b2)~8SntnH;*5Y67;0WR(?p2 zr%b-8HijB|WkNr?up~5MrH{+)yVztFDs(TU5`6qKWm*ezI=o8n1XRh>@-#p>IUcN~H+fXlIP;LPMH^<3 z&$iS|iT|;CTp1jnk?~VqJ&h;swd*Yi0l@jN)KAu?bJ+s=c>yax@I9j(q_jXEOGKz$ z@!3W_%D5TfwrS4p4JN45My0#H(I@Xu@^`sT>BAGmFLw{SqvQRTw-#11Lhwv4!cQKr z%!$krt9sOti9x7QhT<$3T^Lwcl!Y=G-?u8GPybu@AC-VW5l%v1=>j0m#4d^G7DcRPudaG8yzd(pC!{G8mh*?bXr-8_zALIJ zMWu75Zw%1B<$&ER*z~Tf`pqx@tS?G2GC_8p1UTLc=_7F|i7DwQ2kQGS(Im3q!VVG> zQcP`#=eK+*Cx>qFsKbpQyXJJ}EN$ly^zeACy6pV?;8?@7|M$kwIy;mP7Fu~_L|Try zajoz2amh*z{S90!%o$T4U9FZfQtw=ch{yl)rFR6B8#@@jOHpL0bY|@a_$H)D6(eXn_28946{lHwcu)j#l*>nI$fDrG*uT_9?PNFp>tJV!&rgU~Q za(mHCEea=fk>V;xbl0EViooqo+!0gzmW%HhBAee*4&Do`Nz=!~ zB!3qu97skoxA5z%4RAff0-pI!?od~g#Gi~CjTS@23ZF4}n$wY^(|-HFb726gdi}c; zT=p?zU@)LY7Rr4a5wBgv9x{T%jGO{C@ws; z9K+Tm>_h_*#>r)sdB>rg(SL^g5L*y+5h?Mz9E}X7-fHX&Az=23c*J)7Q)H^X>{v+y#T5fxJi9PDILmvl z!DVZ|p<17(-nolE(1&uLQ~>+4TvB;X8I=kDG9uKuafzly1VU{a%+(^}!;@N?KC5eW zJ_I+ye^8V{2`3JA*cDBY#uDS&we5KW_(U6^(6aE3^=$QH{$?-XL0w*O6sVuATn890fAmg!a z<}#}7`RZMSNon%w<@HjvB!$ck*-9xEHL#HFJwS;_?)amt@dP(r1@(6AFfBQG) z?{Q&9aHpPn%di|h(y-A0C1wH5@9U@PQTXf{w1O{?bB*V#=NlIr>3pYj^B-G%R{3?N%P?iBmc$@5S%0Y`}d z_x6o3RgIQatY(-0jjcd`lBy1zprl<`nj15IfGJw8o$`wcdml)p5&l&bX4iZc-v4@G z)#kcL;N$wZlmFVWcU_=80)dg&r!#AjHHK#!vG*6=EUT)bR{4n3PoJ~L*A#;0rz52b zW%FS&A6M%8vpPBKfCLNNyIr0qL0U2PEmq9$#3RrJj)uBFO)oDf=VxIwor_Y8r#z;X zW%{JHkI$e`-@Hh6lA+?Hi%d>Von{MJy&Z5n`F0;hC!WTQFJ!j;6~}R~bV?w8|pvk&-T8%C%0bjW-dDoR{0cjrZM`R!|s|H%|(P zr0F6M_%ORIlH;-50=W4pp<;D^Tw-+7;Yyl=P7lrx z9zrO3zXa_m<%byjZ7JAq5c*5NLY6FA4QKf#SlC|dh_pE3(edC#jN#+`wxmX?mwr4A z0^0Q*mC;zL9lx(G&>K(Wv*mxwB!qK6QOWhH8zyDz3Q#%)pw05%upMxsmxTgQD~|-P z(VsE1PszhI?BmFecSUFNAho>~J@QsN9?!so9?D$qooRz+0^EeYpboFe2m(H+kDD%= zUZ8M&1&}%#@qDSK?zvjr8<6giSW*i6~p80hWwGHRQ#0-JcgzE+qWev`b4GM z&DBjgYE+SmO*p>y{B~%Ns=2MTI3GnYw5XcQORZhMEr%(~57wC;I?kv?LP;i##jM$* z-=~^s{eST2bg>GCSU})0*p-)IDR&4#kO?o`A+xbdPa+)~fPzOx^)te&3OkH~7~_|3 zeM7@MPVjYq5W+#n%@h&gGPBiyqsHUevklf;M``~qRz=HR%<4>4g+?>Wt+$B@HW!z= zM!I`(77XII5;Mg5IW#e0aERm|UGX)6 zec^DF12wo-Mx$5*Bzl2N$*BfB-YC83-O`iHNYL^9d%l5|{*iEEc~DO6|J!nU?TI<$Z z^dsmQ@*T&oGwWl*CQ&2)KUGwGsi`*Ly; zw82)&;}m(uh{gsljO_%5!v{O^Gj3XDilsi4@vq?_!$P^%v*~E@f!z7}`?VED{qK$0 zW%fCZ-W@1nUB*!i>XKUutRcgchBM+CfRWvnWQw_ZDNf9~fc3g_9$ zpI!2ber}Unt_0n9q9~h54rgrYwjFUZ&2&slm=dFfr815g4HYU)E&u4?fJ(DuR;Vs4 z9FVm?1%SqOlqZdAx9*v_g6aTa)YbV+9NIqi3-@5DaG4;KYyTSngUK1Ev>rq3JIOZ@ zK{|}|iwnZ#rcSRP)cCk*BVRZHhvR?VYw$bgZ?kAO_|3HN0Ov3*w1qy-FPRYUX@j8N z-1pwwD8?qz`49QbPaQF6LNq~S{G?w|gM^Qcjwv(Gg6}o6eE?u#qNJYI6K6>X9Ui?C zms%F)Pm|oIXCEyu+_(K%A>>MX4qP`K$b2Qa5)PW08JT;Z5KH)gh<^JuX0sXcg(}@o zIS?13nRSV99GP4ARSVmESLpLuFbc^@6azNM9#au7B+ENA#jlKHIbb(pWZ%By^7$6% zbD?{Gmgd0ieLX6^qA3rr{4nT_43bz*8)Ax}7UgveD@Deuw9owSxR_32Ap%>Wo8S zd-5x3YBmwdKfybn1sEaY%aY3Gq|&P?y?AdyraFT4keCv{8>8M`kucRn|2Ag>0MK3} zMTL|x8L<#2!bndSD%$OiZweS?GM!~-HCG#L&z&}(m!h^obssSo7Y-p4WR&n!gf@InBxivaWQ#z4F$lf&l?In(b!!6992vN&X1VSFA5H4g ze4Gdt)gC4wOX;9mkwh3`W@M*uVErHbC%i)(tXc9}y5^={OZ-MD;jK&f1< z&c7<2n)X|(I=5TY1>ROW4M%8-JS_*Tdjh{-bbbnT+!aI+Sqsc{d{2{3Ry567QWIYv ztE0x#3K)3_g*DB)yrgrObz*xiAIuR68Lrxd&x8XA(NKhEAmgumy7UGknY_P{MR|f4 zN=a9%+5k1f*R~04K`1Pxi zKT|eFIXk}wdZ0;A2D2WKRo&N{-xRx?ns&xC+7Ve)9?w~bG%D02eWBjPUfD;V{TiK$ zNCOn4Ex)xpBgMq#Y-wS>J0PPE&LN2(#A-m@;NwhdT%$-7B zgQIp!dB%f-bE(_iid<5h~&%nRfiKea=W*5jXv5}f&85YAO1DQEv=6rvEEetHcm z_8mr#tr;JR{hA=cWXBe16)b^s+Z@h*y6|0DyGto)`Z$^gAF{{#WGE9Yh9g@e);q72>HWO`bVQfW>N6Zxo0xQ zS5`p@MUo;-Oi;uG;348<4*2z(8wbmx0UU;A)-+?50cK$?%Y522~@hK6EAX zb$g&rjW{(#+Te9QoT`pz+U=|8o~H_2YOXmwZu;~^e#+2)bSTX7>5Gn%wLV_7Py-(w ztDE$(J}buiD5LXA3*l8g6Kx0=gcg8i=VYN+eYeX^E{qVLAKZ@4*y!{Y78XSAJ1H^a zna&SD#5KoVVXXDqr+32KV{SDx5d;1FIy}Il)8XFjbJ2NuBa&~wK}{QD?)1!pmbYFW zw#0DhiuqnX7Im1A1-f#gUkb*)9X85VDjFC^;K;uIs!l!`SWYM^?n*U;q~q=r zzaL}=e29qW#afzxTFcopkoRLLFT?~CMA;RI%c=(ILG}6K`URK8Xz6OZS8l!DuGcUu ze|U=H_om+o%iL3(@*gJu+HlT2J`8^}WSAhdsL&X(fM8Gl(GTs`;r13(wDo?F(N^s& zOeFfqQ_LEZ1BLDvvZ7j7hI6td)ygZF0 zmHmF{!13VtONi?NE{bnj8Y0A=orDUF7Wu17p&1Y=oP#pRAx9uZ+R9Cw!8+07hcvs% zzwB{G`wO(l6;-sK^?v>wUC?Fxye9~vI`lrLO@8ZbCpx+8*l*NqHtUXh>JER~>3rKU z$?|+DsR7+%A;U&27_MAj1^Y*13!&HIdP9**L7C~Kq^6rs&{Cd%h(Vrd_zKLDGeBlW zQ=E1ku43922VFrd5rQYo)&8N-T3Mg4!VSQR=)W0E zdyOhnv!86&au{b<`RBH;1oez*FL(7WtMqNeDy9w^;f%Bll!r~aMWGnLwN;iss*LQb z2%Y|``gI*RxVZ@T$|Elo>xqR#p|FZfeC#+42Pm#ACy6`rG@D5r4k3D9Cfme!+c^pV zDf!%KK&f?8FfSR{-!%GUIM$WhK&e)DFe%?Ozt@ry+MG%jl=cbGwxC7{-pVT*vR`a* z)0URm;UjizL3>B;qTk8i*-dA&4PTIF;x!Ui*@ReP$?yD)Rz%vIK;FBAR0BmDMPM^F zCQSX`r*-z;9nY#aTH*qFLy-Sn9+KHGrVkIA;@Kf{+u~$Qzp0fI0}j)mYKya#r;ur( zplk)72ijVZ?(+3l`6ccHoTX*EE&{5p7-=&Q$BMD8R8W+zGQ=Zo`B}YQ_&{Rh&9)vp z9gr`4&FwIgXvjvV)=2Um0-1NJ*?hjVO>qP@u7_*=&G|fABbc}sZ<<{taZwpHJaF0o zdH@v}H7E~b1iK#8b4=jWuDUG1&k5Aiu5!oQXUNG6hxZ7^!{xGhVuJJkP?>l*C}z3A za1aTX!}%;{T(fb`O-Bdw#{tY@t{9Stl);oTf{3~QuST5ijGbg(25x95RQ&Unrw*8q zgyQu~30;8^yI4=8hlbt`By`eA5AjSLnV!sy*W~uA9_@kxyQZ3&xa8#D zPB+8oNSk(p$SX;TgGL<@p&f@*0%4yINvhCR8*N;kwwL^7muGro#mv1wrG5f8s;`}( zp=(nizLB%Tnj+Rvvnl6^e;2Z%sBwkLiDx1yh|>aT)p;Q|2Niw;1@@j@-C`UIfqUHn zLqv_;-O)SHlDvc_eZ_H|YMt)m{Q)6J`kxzK&b8|Q0cd{rP>H9$g@w__i**M%?j(kK zXvIDd>?1R`g;3P=`>Jg04guIJD8|l40p;1J=YmILCH|6F;7GeVmpmFz&F5k?ky=?n z7sG1eFf2ug=Faco;=n*s`lTV}q=Fe|>gq7K9qnTw;OWXCE>-sqiop_^S7Fb~jLnKW zl8QY!r$`uXJHLhBffl5XETseNC^A*$;p{JWx@ok-}mh7*aLS{TrgB@=*8?1 z_AQtjj^A{Gek?&grB4&YOghDcQ}EEWQ_Bb;t;Br36R%GsO3qa;yhj&eEiE}bP-%YI zwOgIO&cs;3H;Tp7BJ(OF>`C%Ua0L`7%m?ekpq>n)F%iPA2VDdO(^7ti2|pj=FOK>q z4HiD8GbP1GHwB>Tk)@3RGZwp=b&Udy%@tAA?y3U){ z+%LwP7(Vb+xn^h5*!(0_MSGZP;Z90r8oH)5l%2Q&g@ux`ADt~MXQ1+9nQ*qaDPgh& z5W*6f%hUL0qvXw$R4@0hVeG{$vTXpkLqg7g^8nyDZV~C3f8IF7SLW?^Q^>IXNCM}4g0&iP4-zzOX-k#T- zQqIRL{)7Hp-g$s|mx;EV)1$%CGQ8X(AoKM`!6f6S6hjK#MGaj=4mrF`K&-ygfpZ(= z*V4%J?1k9da52p=7I$zceG-A#uMbfl(TZQM#~h^mTy<*7qb>Q5ns#wbvL$SJ@?{GA zSTs?kX!;Nu3B$R3(dM|ndg)H5%Qq4UEC-}WlN2ff@CQXPkQ{Rx&xPFG$7`S!Vo_y8 zmYYp3uQaj0U8vj6_82)hu<|&cRVNJocZ1l!ISdQvctjB+bNrg8{BT~l{}I9CbfTB3=h_oFSBO2d9 zjG|#CW8{gGX%kHdIp+P@oT)&uq;)^c=aORn3%w4&1)sV`H$_0no4;}mF zPzY5~YIFmtt05kP(inupP#T5Oh}kl5T?lEjG|vYsct0@k!jUb2f{Rh;O;Csms3T`+ z6@(2Wu->ZQL$dwQ*9V#YBNYWoAml(^K~E2~cfjEuQ*|Imyp32aMko||taZ$ZD}TT8 zwI2bTKYI>OKK+!P9M%D_SS*(RKlsF5vsgF(+2Z|4lP0lx^=hO)uZ9dCGI-oclOFx| zS5};vN~MmC2q=wmHBwdrjWtkjA_K||BX|%FnW#ZDVy-M; z(n4Rr_tC!KXS2{Z0Db-DIy(^LAYk_OwFW$NrXT-60(GzxNo7o;;Sqd5k3Mk>TQqo|$sWDZI97m7NII0kBvs7E6IS=U>26Pd)*_g%@5p`?=?ye=3#Ec;fp` z5UM|F=UxsWhr1fgDOevZuJaP&_sTD3u-GIxc+blqvQ1KlI??apT+A@cJ9}54Knbz+$mj z{um1uEa28#Zw27XmtT6zV~_mPM9=do!{O*B)9K!~IRe3nH4;YRF(@sAvY5HJuIW1H zn0$d^GJty9X*jrF>`0g^I0JbT1?cUAbRTs0qWT7Sw*vk0@^aFd{uT9gH9g<`?stDQ zfByWJ>_2I-SS%LHpTMm1=M-=Mer|qlL7-cU%+*S_$E>P#O~| z%Z0j1p`ltBTq_J~6q*{%_3%bvXoJvDBh*$4)p4PsR49oGj()e#_Y1cp(Xfmh*&@J2 zW%duWSS%Kc<-fyicieu={TVZ6G=)N;!Lw)2o-uLa#J*Upq>!io zPDkK-IT;5Y1_X0cc-7R!gh z{Q2{bxi2E2OE10jfk~4lb-Ava01`mbb={ony5cyFXstylB}yw%${2m6RPmy<7RPbK zbzNU6)eCe1iBY3Qb$|XZE?Bz$4}U0ow_~~F!E2nUKmI}`z~>+M`XB7SV|g!Z4uHjC zv3vkby5l@nU;oS>ea%&0{o0K?ckZ0n(befE5()bI`#~!@+Ygh^<|(g?Q(9hz7DYv6 z1=ZEn)YaAX&YL&y#%a^0?R&4!ef6z%&Mhz8J?pK#J4>gxo$=Dz{hNQ@)z|&yHx@j< z=Yj{np`N(x9;@YVu~;k?%ZJ6ux6fSinZN(i(?5La{-zK5v**s8`;N!Xf8c9BKlzT& z{U3l?_g-;P>y77JY5xVw`^B|GV6j*%9~cV(=h{zSaj5O~&)!-Rihi{^6wfxr8-8^5 z#53-`=%n*=f9eM>S+eBa9{x5#P2#gx-Tx@S*oB{A Date: Wed, 24 Mar 2021 03:52:36 +0100 Subject: [PATCH 045/223] Add the desktop launcher file --- xhydra.desktop | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 xhydra.desktop diff --git a/xhydra.desktop b/xhydra.desktop new file mode 100644 index 0000000..69debb5 --- /dev/null +++ b/xhydra.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=XHydra +GenericName=Hydra very fast network log-on cracker +Comment=GUI frontend for Hydra network log-on cracker +Version=1.0 +Exec=xhydra +Icon=xhydra +Terminal=false +Type=Application +Categories=System;Security;GTK; From 5c9184061f0c4baca1b3b4123b1ace6ba5d3a3a7 Mon Sep 17 00:00:00 2001 From: xambroz <723625+xambroz@users.noreply.github.com> Date: Wed, 24 Mar 2021 04:20:43 +0100 Subject: [PATCH 046/223] Install the desktop launcher for xhydra --- Makefile.am | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile.am b/Makefile.am index 49e8476..ea7ade7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -11,6 +11,8 @@ DESTDIR ?= BINDIR = /bin MANDIR = /man/man1/ DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ @@ -78,6 +80,10 @@ install: strip -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile From 0749b9be9f121b092a0ec803f8cd1ff191bd34ea Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 11:35:18 +0200 Subject: [PATCH 047/223] malloc checks for restore --- hydra.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 1a00976..c996b44 100644 --- a/hydra.c +++ b/hydra.c @@ -226,7 +226,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.2" +#define VERSION "v9.3-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" @@ -807,7 +807,7 @@ void hydra_restore_read() { fprintf(stderr, "[WARNING] restore file was created by version %c.%c, this is " "version %s\n", - buf[0], buf[2], VERSION); + buf[0], buf[1], VERSION); if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head *) % 256) { fprintf(stderr, "[ERROR] restore file was created on a different, " "incompatible processor platform!\n"); @@ -883,11 +883,19 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 8 complete\n"); login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + if (!login_ptr) { + fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8); + exit(-1); + } fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + if (!pass_ptr) { + fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8); + exit(-1); + } fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); } else { // colonfile mode hydra_options.colonfile = empty_login; // dummy @@ -897,8 +905,16 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 10 complete\n"); hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); + if (!hydra_targets) { + fprintf(stderr, "Error: malloc(%u) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *)); + exit(-1); + } for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); + if (!hydra_targets[j]) { + fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_target)); + exit(-1); + } fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -950,8 +966,16 @@ void hydra_restore_read() { if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); + if (!hydra_heads) { + fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head *) * hydra_options.max_use); + exit(-1); + } for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); + if (!hydra_heads[j]) { + fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head)); + exit(-1); + } fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); hydra_heads[j]->sp[0] = -1; hydra_heads[j]->sp[1] = -1; From 593c5b151a58d089058ea7f21a6478753841f4cc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 09:50:14 +0200 Subject: [PATCH 048/223] fix macos + freerdp --- hydra-mod.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hydra-mod.h b/hydra-mod.h index cb9c342..636efb5 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -67,7 +67,16 @@ char proxy_string_type[MAX_PROXY_COUNT][10]; char *proxy_authentication[MAX_PROXY_COUNT]; char *cmdlinetarget; +#ifndef __APPLE__ typedef int32_t BOOL; +#else /* __APPLE__ */ +/* ensure compatibility with objc libraries */ +#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH +typedef bool BOOL; +#else +typedef signed char BOOL; +#endif +#endif /* __APPLE__ */ #define hydra_report fprintf From e7b3d09d00e42811b91b210ac8da50945d8f6219 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Apr 2021 16:07:50 +0200 Subject: [PATCH 049/223] removed bad entries in dpl --- dpl4hydra_full.csv | 5 ----- dpl4hydra_local.csv | 5 ----- 2 files changed, 10 deletions(-) diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv index 032c4c6..281d7b4 100644 --- a/dpl4hydra_full.csv +++ b/dpl4hydra_full.csv @@ -2417,8 +2417,6 @@ draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, -ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, -ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, @@ -3611,7 +3609,6 @@ iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, -jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, janitza,UMG 508,,,Homepage Password,0th,,, @@ -5207,8 +5204,6 @@ oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), -oki,B930n,,,root,(last 4 digits of MAC address),root,, -oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv index 032c4c6..281d7b4 100644 --- a/dpl4hydra_local.csv +++ b/dpl4hydra_local.csv @@ -2417,8 +2417,6 @@ draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, -ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, -ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, @@ -3611,7 +3609,6 @@ iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, -jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, janitza,UMG 508,,,Homepage Password,0th,,, @@ -5207,8 +5204,6 @@ oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), -oki,B930n,,,root,(last 4 digits of MAC address),root,, -oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, From bd2f949b34c14165f281aa3eee784398fd667b31 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Apr 2021 17:05:58 +0200 Subject: [PATCH 050/223] removed bad entries in dpl --- dpl4hydra_local.csv | 53 --------------------------------------------- 1 file changed, 53 deletions(-) diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv index 281d7b4..2f3df58 100644 --- a/dpl4hydra_local.csv +++ b/dpl4hydra_local.csv @@ -3059,7 +3059,6 @@ hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, -hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, @@ -3783,7 +3782,6 @@ kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KM-4850W,,,admin,,,, -kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, @@ -5185,20 +5183,12 @@ oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, -oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, -oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, -oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, -oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6300,,,root,last six charachter of mac address,root,, oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6500,,,root,(last 6 digits of MAC address),root,, oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, @@ -5206,59 +5196,29 @@ oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, -oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, -oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, -oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, -oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, -oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, -oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), -oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, -oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5650dn,,,,000000,menu,, oki,C5650n,,,,000000,menu,, -oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, -oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, -oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C6050dn,,,,000000,menu,, oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, -oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., -oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol oki,C6150dn,,,,000000,menu,, oki,C6150dtn,,,,000000,menu,, oki,C6150hdn,,,,000000,menu,, oki,C6150n,,,,000000,menu,, oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C711,,Web,admin,aaaaaa,Admin access,, -oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, -oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., -oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, -oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, -oki,C830,all,web,root,last 6 digits of the MAC address,,, -oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,C9650,,,,0000,Print statistics,, oki,C9650,,,,aaaaaa,Administration,, -oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, oki,C9655,,printer menu,,aaaaaa,printer menubutton,, -oki,C9800,,,root,(last 6 digits of MAC address),,, -oki,C9850,,,root,(last 6 digits of MAC address),,, oki,CX1145,,,,123456,,, oki,CX2032 MFP,,http,,*blank*,Admin,, oki,CX2033,,Printer Menu,,,,When asked for password just press OK, oki,CX2633,,Web interface,admin,aaaaaa,admin,, oki,CX2731,,Web interface,admin,aaaaaa,admin,, -oki,CX3641,,,root,(last 6 digits of MAC address),,, oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), -oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, @@ -5270,7 +5230,6 @@ oki,MC160,,Op Panel,,000000,Admin,, oki,MC160,,Web,,sysAdmin,Admin,, oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, -oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC361,,Web interface,admin,aaaaaa,admin,, oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, @@ -5280,19 +5239,10 @@ oki,MC860,,Web interface,admin,aaaaaa,admin,, oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) -oki,ML8810,,,root,(last 6 digits of MAC address),,, oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. -oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5750,n1.02,http://192.168.0.200,,,,, oki,c810,1.0,192.100.185.78,admin,admin,admin,, olegkhabarov,Comfy CMS,,,username,password,,, @@ -10095,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus12,User,Initial password telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, tenda,W150M,,192.168.1.1,admin,admin,Admin,, -teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, @@ -10398,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, -universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, -universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, From dd8348bcf065c17a7e7339172f28ae2ee673b7ee Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Apr 2021 17:06:18 +0200 Subject: [PATCH 051/223] removed bad entries in dpl --- dpl4hydra_full.csv | 53 ---------------------------------------------- 1 file changed, 53 deletions(-) diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv index 281d7b4..2f3df58 100644 --- a/dpl4hydra_full.csv +++ b/dpl4hydra_full.csv @@ -3059,7 +3059,6 @@ hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, -hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, @@ -3783,7 +3782,6 @@ kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, kyocera,KM-4850W,,,admin,,,, -kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, @@ -5185,20 +5183,12 @@ oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, -oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, -oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, -oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, -oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, -oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6300,,,root,last six charachter of mac address,root,, oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), -oki,B6500,,,root,(last 6 digits of MAC address),root,, oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, @@ -5206,59 +5196,29 @@ oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, -oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, -oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, -oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, -oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, -oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, -oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), -oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, -oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, oki,C5650dn,,,,000000,menu,, oki,C5650n,,,,000000,menu,, -oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, -oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, -oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, oki,C6050dn,,,,000000,menu,, oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, -oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., -oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol oki,C6150dn,,,,000000,menu,, oki,C6150dtn,,,,000000,menu,, oki,C6150hdn,,,,000000,menu,, oki,C6150n,,,,000000,menu,, oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, oki,C711,,Web,admin,aaaaaa,Admin access,, -oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, -oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., -oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, -oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, -oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, -oki,C830,all,web,root,last 6 digits of the MAC address,,, -oki,C8800,,Web or Console,root,Last six characters of MAC address,,, oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), -oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), -oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,C9650,,,,0000,Print statistics,, oki,C9650,,,,aaaaaa,Administration,, -oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, oki,C9655,,printer menu,,aaaaaa,printer menubutton,, -oki,C9800,,,root,(last 6 digits of MAC address),,, -oki,C9850,,,root,(last 6 digits of MAC address),,, oki,CX1145,,,,123456,,, oki,CX2032 MFP,,http,,*blank*,Admin,, oki,CX2033,,Printer Menu,,,,When asked for password just press OK, oki,CX2633,,Web interface,admin,aaaaaa,admin,, oki,CX2731,,Web interface,admin,aaaaaa,admin,, -oki,CX3641,,,root,(last 6 digits of MAC address),,, oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), -oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, @@ -5270,7 +5230,6 @@ oki,MC160,,Op Panel,,000000,Admin,, oki,MC160,,Web,,sysAdmin,Admin,, oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, -oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, oki,MC361,,Web interface,admin,aaaaaa,admin,, oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, @@ -5280,19 +5239,10 @@ oki,MC860,,Web interface,admin,aaaaaa,admin,, oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) -oki,ML8810,,,root,(last 6 digits of MAC address),,, oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, -oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. -oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, -oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, -oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, -oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, oki,c5750,n1.02,http://192.168.0.200,,,,, oki,c810,1.0,192.100.185.78,admin,admin,admin,, olegkhabarov,Comfy CMS,,,username,password,,, @@ -10095,7 +10045,6 @@ telus,Telephony and internet services,,,(username),telus12,User,Initial password telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, tenda,W150M,,192.168.1.1,admin,admin,Admin,, -teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, @@ -10398,8 +10347,6 @@ unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, -universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, -universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, From a2d715b870c358ff035af44612eff318b7ea82de Mon Sep 17 00:00:00 2001 From: Christian Inci Date: Mon, 26 Apr 2021 20:56:22 +0200 Subject: [PATCH 052/223] Fix logic bug I can provide another patch version, which swaps the operands instead. Signed-off-by: Christian Inci --- hydra-smb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-smb.c b/hydra-smb.c index 20fd1cf..6fc5bbd 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1494,7 +1494,7 @@ int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *misc ctime = time(NULL); do { usleepn(300); - } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL)); + } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 >= time(NULL)); if (ready <= 0) { fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); From c81f0b97e7083552ae2be43dde2ac0efc615773f Mon Sep 17 00:00:00 2001 From: sanmacorz Date: Wed, 12 May 2021 12:22:48 -0500 Subject: [PATCH 053/223] Changed index() to strchr() --- hydra-http-form.c | 20 +++++++++--------- hydra-http-proxy-urlenum.c | 12 +++++------ hydra-http-proxy.c | 8 ++++---- hydra-http.c | 4 ++-- hydra-mod.c | 4 ++-- hydra-telnet.c | 4 ++-- hydra.c | 42 +++++++++++++++++++------------------- 7 files changed, 47 insertions(+), 47 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 3979e74..f675beb 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -572,17 +572,17 @@ char *html_encode(char *string) { if (ret == NULL) return NULL; - if (index(ret, '%') != NULL) + if (strchr(ret, '%') != NULL) ret = hydra_strrep(ret, "%", "%25"); - if (index(ret, ' ') != NULL) + if (strchr(ret, ' ') != NULL) ret = hydra_strrep(ret, " ", "%20"); - if (index(ret, '&') != NULL) + if (strchr(ret, '&') != NULL) ret = hydra_strrep(ret, "&", "%26"); - if (index(ret, '#') != NULL) + if (strchr(ret, '#') != NULL) ret = hydra_strrep(ret, "#", "%23"); - if (index(ret, '=') != NULL) + if (strchr(ret, '=') != NULL) ret = hydra_strrep(ret, "=", "%3D"); - if (index(ret, '+') != NULL) + if (strchr(ret, '+') != NULL) ret = hydra_strrep(ret, "+", "%2B"); return ret; @@ -646,10 +646,10 @@ int32_t analyze_server_response(int32_t s) { } else if (endcookie2 != NULL) *endcookie2 = 0; // is the cookie already there? if yes, remove it! - if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { + if (strchr(startcookie, '=') != NULL && (ptr = strchr(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { strncpy(tmpname, startcookie, sizeof(tmpname) - 2); tmpname[sizeof(tmpname) - 2] = 0; - ptr = index(tmpname, '='); + ptr = strchr(tmpname, '='); *(++ptr) = 0; // is the cookie already in the cookiejar? (so, does it have to be // replaced?) @@ -675,7 +675,7 @@ int32_t analyze_server_response(int32_t s) { strcpy(cookie, tmpcookie); } } - ptr = index(str, '='); + ptr = strchr(str, '='); // only copy the cookie if it has a value (otherwise the server wants to // delete the cookie) if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { @@ -1286,7 +1286,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { cond = ptr; - if ((ptr2 = index(ptr, ':')) != NULL) { + if ((ptr2 = strchr(ptr, ':')) != NULL) { *ptr2++ = 0; if (*ptr2) optional1 = ptr2; diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 434b4e4..306d755 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -28,17 +28,17 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha ptr++; strncpy(mhost, ptr, sizeof(mhost) - 1); mhost[sizeof(mhost) - 1] = 0; - if ((ptr = index(mhost, '/')) != NULL) + if ((ptr = strchr(mhost, '/')) != NULL) *ptr = 0; - if ((ptr = index(mhost, ']')) != NULL) + if ((ptr = strchr(mhost, ']')) != NULL) *ptr = 0; - else if ((ptr = index(mhost, ':')) != NULL) + else if ((ptr = strchr(mhost, ':')) != NULL) *ptr = 0; - if (miscptr != NULL && index(miscptr, ':') != NULL) { + if (miscptr != NULL && strchr(miscptr, ':') != NULL) { strncpy(mlogin, miscptr, sizeof(mlogin) - 1); mlogin[sizeof(mlogin) - 1] = 0; - ptr = index(mlogin, ':'); + ptr = strchr(mlogin, ':'); *ptr++ = 0; strncpy(mpass, ptr, sizeof(mpass) - 1); mpass[sizeof(mpass) - 1] = 0; @@ -215,7 +215,7 @@ int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned cha } } // result analysis - ptr = ((char *)index(buf, ' ')) + 1; + ptr = ((char *)strchr(buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 9eace98..3aeeb41 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -24,9 +24,9 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option sprintf(url, "%.500s", miscptr); ptr = strstr(miscptr, "://"); // :// check is in hydra.c sprintf(host, "Host: %.50s", ptr + 3); - if ((ptr = index(host, '/')) != NULL) + if ((ptr = strchr(host, '/')) != NULL) *ptr = 0; - if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') + if ((ptr = strchr(host + 6, ':')) != NULL && host[0] != '[') *ptr = 0; strcat(host, "\r\n"); } @@ -232,7 +232,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option } } - ptr = ((char *)index(http_proxy_buf, ' ')) + 1; + ptr = ((char *)strchr(http_proxy_buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); @@ -240,7 +240,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option http_proxy_buf = NULL; } else { if (*ptr != '4') - hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass); + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(strchr(http_proxy_buf, ' ') + 1), login, pass); else if (verbose && *(ptr + 2) == '3') hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_completed_pair(); diff --git a/hydra-http.c b/hydra-http.c index 7f1d56d..a0769b9 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -208,7 +208,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha complete_line = 0; tmpreplybuf[0] = 0; - while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { + while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (strchr(http_buf, '\n') == NULL && complete_line == 0))) { if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { @@ -245,7 +245,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha if (debug) hydra_report(stderr, "S:%s\n", http_buf); - ptr = ((char *)index(http_buf, ' ')); + ptr = ((char *)strchr(http_buf, ' ')); if (ptr != NULL) ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { diff --git a/hydra-mod.c b/hydra-mod.c index 65f7725..befa365 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -295,13 +295,13 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t send(s, buf, strlen(buf), 0); if (debug) { - char *ptr = index(buf, '\r'); + char *ptr = strchr(buf, '\r'); if (ptr != NULL) *ptr = 0; printf("DEBUG_CONNECT_PROXY_SENT: %s\n", buf); } recv(s, buf, 4096, 0); - if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { + if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = strchr(buf, ' ')) != NULL && *++tmpptr == '2') { if (debug) printf("DEBUG_CONNECT_PROXY_OK\n"); } else { diff --git a/hydra-telnet.c b/hydra-telnet.c index 762ade1..39908f9 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -36,7 +36,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c if ((buf = hydra_receive_line(s)) == NULL) return 1; - if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) { + if (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '%') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -76,7 +76,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); diff --git a/hydra.c b/hydra.c index c996b44..06edf87 100644 --- a/hydra.c +++ b/hydra.c @@ -1131,7 +1131,7 @@ void fill_mem(char *ptr, FILE *fd, int32_t colonmode) { tmp[len] = 0; } if (colonmode) { - if ((ptr2 = index(tmp, ':')) == NULL) { + if ((ptr2 = strchr(tmp, ':')) == NULL) { fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon " "in line: %s\n", @@ -1494,7 +1494,7 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { fprintf(stderr, "[ERROR] Too many connect errors to target, disabling " "%s://%s%s%s:%d\n", - hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); } if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); @@ -2047,11 +2047,11 @@ void process_proxy_line(int32_t type, char *string) { } *sep = 0; target_string = sep + 3; - if ((sep = index(target_string, '@')) != NULL) { + if ((sep = strchr(target_string, '@')) != NULL) { auth_string = target_string; *sep = 0; target_string = sep + 1; - if (index(auth_string, ':') == NULL) { + if (strchr(auth_string, ':') == NULL) { fprintf(stderr, "[WARNING] %s has an invalid authentication definition %s, must " "be in the format login:pass, entry ignored\n", @@ -2059,14 +2059,14 @@ void process_proxy_line(int32_t type, char *string) { return; } } - if ((sep = index(target_string, ':')) != NULL) { + if ((sep = strchr(target_string, ':')) != NULL) { *sep = 0; port_string = sep + 1; - if ((sep = index(port_string, '%')) != NULL) { + if ((sep = strchr(port_string, '%')) != NULL) { *sep = 0; device_string = sep + 1; } - if ((sep = index(port_string, '/')) != NULL) + if ((sep = strchr(port_string, '/')) != NULL) *sep = 0; port = atoi(port_string); if (port < 1 || port > 65535) { @@ -2595,23 +2595,23 @@ int main(int argc, char *argv[]) { if (*target_pos == '[') { target_pos++; - if ((param_pos = index(target_pos, ']')) == NULL) + if ((param_pos = strchr(target_pos, ']')) == NULL) bail("no closing ']' found in target definition"); *param_pos++ = 0; if (*param_pos == ':') port_pos = ++param_pos; - if ((param_pos = index(param_pos, '/')) != NULL) + if ((param_pos = strchr(param_pos, '/')) != NULL) *param_pos++ = 0; } else { - port_pos = index(target_pos, ':'); - param_pos = index(target_pos, '/'); + port_pos = strchr(target_pos, ':'); + param_pos = strchr(target_pos, '/'); if (port_pos != NULL && param_pos != NULL && port_pos > param_pos) port_pos = NULL; if (port_pos != NULL) *port_pos++ = 0; if (param_pos != NULL) *param_pos++ = 0; - if (port_pos != NULL && index(port_pos, ':') != NULL) { + if (port_pos != NULL && strchr(port_pos, ':') != NULL) { if (prefer_ipv6) bail("Illegal IPv6 target definition must be written within '[' " "']'"); @@ -2894,7 +2894,7 @@ int main(int argc, char *argv[]) { "like parallel connections)\n"); hydra_options.tasks = 1; } - if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL)) fprintf(stderr, "[WARNING] potential windows domain specification found in " "login. You must use the -m option to pass a domain.\n"); i = 1; @@ -2918,7 +2918,7 @@ int main(int argc, char *argv[]) { #if !defined(LIBSMBCLIENT) bail("Compiled without LIBSMBCLIENT support, module not available!"); #else - if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + if (hydra_options.login != NULL && (strchr(hydra_options.login, '\\') != NULL || strchr(hydra_options.login, '/') != NULL)) fprintf(stderr, "[WARNING] potential windows domain specification found in " "login. You must use the -m option to pass a domain.\n"); if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { @@ -3571,13 +3571,13 @@ int main(int argc, char *argv[]) { if (*tmpptr == '[') { tmpptr++; hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(tmpptr, ']')) != NULL) { + if ((tmpptr2 = strchr(tmpptr, ']')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; } } else hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = index(hydra_targets[i]->target, ':')) != NULL) { + if ((tmpptr2 = strchr(hydra_targets[i]->target, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; hydra_targets[i]->port = atoi(tmpptr2); @@ -3593,13 +3593,13 @@ int main(int argc, char *argv[]) { } else if (hydra_options.server == NULL) { fprintf(stderr, "Error: no target server given, nor -M option used\n"); exit(-1); - } else if (index(hydra_options.server, '/') != NULL) { + } else if (strchr(hydra_options.server, '/') != NULL) { if (cmdlinetarget == NULL) bail("You seem to mix up \"service://target:port/options\" syntax with " "\"target service options\" syntax. Read the README on how to use " "hydra correctly!"); if (strstr(cmdlinetarget, "://") != NULL) { - tmpptr = index(hydra_options.server, '/'); + tmpptr = strchr(hydra_options.server, '/'); if (tmpptr != NULL) *tmpptr = 0; countservers = hydra_brains.targets = 1; @@ -3622,7 +3622,7 @@ int main(int argc, char *argv[]) { exit(-1); } strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); + tmpptr2 = strchr(tmpptr, '/'); *tmpptr2++ = 0; if ((k = atoi(tmpptr2)) < 16 || k > 31) { fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); @@ -3788,7 +3788,7 @@ int main(int argc, char *argv[]) { printf(" per task\n"); if (hydra_brains.targets == 1) { - if (index(hydra_targets[0]->target, ':') == NULL) { + if (strchr(hydra_targets[0]->target, ':') == NULL) { printf("[DATA] attacking %s%s://%s:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); } else { @@ -3864,7 +3864,7 @@ int main(int argc, char *argv[]) { #ifdef AF_INET6 ipv6 = NULL; #endif - if ((device = index(hydra_targets[i]->target, '%')) != NULL) + if ((device = strchr(hydra_targets[i]->target, '%')) != NULL) *device++ = 0; if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { if (use_proxy == 0) { From 221876598b2f05da8a7fc17076d231b00d1993b0 Mon Sep 17 00:00:00 2001 From: wj0seph Date: Wed, 19 May 2021 17:59:18 +0800 Subject: [PATCH 054/223] fix: skip user bug username can potentially be identical to the beginning of login_ptr --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 06edf87..9ddcebb 100644 --- a/hydra.c +++ b/hydra.c @@ -1957,7 +1957,7 @@ void hydra_skip_user(int32_t target_no, char *username) { hydra_targets[target_no]->skipcnt++; } if (hydra_options.loop_mode == 0 && !check_flag(hydra_options.mode, MODE_COLON_FILE)) { - if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { + if (strcmp(username, hydra_targets[target_no]->login_ptr) == 0) { if (debug) printf("[DEBUG] skipping username %s\n", username); // increase count From 19432a217360dc6430e8186208d0b228da5f7070 Mon Sep 17 00:00:00 2001 From: ABHacker Official <63346676+abhackerofficial@users.noreply.github.com> Date: Sat, 12 Jun 2021 11:34:57 +0530 Subject: [PATCH 055/223] Fixed data types. --- hydra.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hydra.c b/hydra.c index 9ddcebb..0c889f8 100644 --- a/hydra.c +++ b/hydra.c @@ -884,7 +884,7 @@ void hydra_restore_read() { login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); if (!login_ptr) { - fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizelogin + hydra_brains.countlogin + 8); exit(-1); } fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); @@ -893,7 +893,7 @@ void hydra_restore_read() { if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); if (!pass_ptr) { - fprintf(stderr, "Error: malloc(%u) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8); + fprintf(stderr, "Error: malloc(%lu) failed\n", hydra_brains.sizepass + hydra_brains.countpass + 8); exit(-1); } fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); @@ -906,13 +906,13 @@ void hydra_restore_read() { hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); if (!hydra_targets) { - fprintf(stderr, "Error: malloc(%u) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *)); + fprintf(stderr, "Error: malloc(%lu) failed\n", (hydra_brains.targets + 3) * sizeof(hydra_target *)); exit(-1); } for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); if (!hydra_targets[j]) { - fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_target)); + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_target)); exit(-1); } fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); @@ -967,13 +967,13 @@ void hydra_restore_read() { printf("[DEBUG] reading restore file: Step 11 complete\n"); hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); if (!hydra_heads) { - fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head *) * hydra_options.max_use); + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head *) * hydra_options.max_use); exit(-1); } for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); if (!hydra_heads[j]) { - fprintf(stderr, "Error: malloc(%u) failed\n", sizeof(hydra_head)); + fprintf(stderr, "Error: malloc(%lu) failed\n", sizeof(hydra_head)); exit(-1); } fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); From ef3c334671d94b60bc58d8220d723579f6229e7e Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 02:30:45 -0500 Subject: [PATCH 056/223] Add termux setup file (android) --- setup-termux.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 setup-termux.sh diff --git a/setup-termux.sh b/setup-termux.sh new file mode 100644 index 0000000..38d4db2 --- /dev/null +++ b/setup-termux.sh @@ -0,0 +1,17 @@ +#!/bin/bash +#this script will configure hydra in termux + +TERMUX_PREFIX="/data/data/com.termux/files/usr" + +#required dependencies + +pkg update && pkg upgrade +pkg install -y x11-repo +pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 + +#compile hydra + +./configure --prefix=$TERMUX_PREFIX +make +make install + From f12dc459c1e89aef0538b24f11724bb74752104b Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Wed, 16 Jun 2021 03:01:07 -0500 Subject: [PATCH 057/223] Specify in the INSTALL file the steps for Android (termux) --- INSTALL | 18 ++++++++++++++++++ setup-termux.sh | 17 ----------------- 2 files changed, 18 insertions(+), 17 deletions(-) delete mode 100644 setup-termux.sh diff --git a/INSTALL b/INSTALL index 2258405..6bf3de7 100644 --- a/INSTALL +++ b/INSTALL @@ -6,6 +6,24 @@ you run "./configure": Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel + +### Note: + +Due to the Android file system, the installation on it is different, please follow these steps: + +``` +# Necessary dependencies +pkg install -y x11-repo +pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 +# Compiling hydra +./configure --prefix=$PREFIX +make +make install +``` + +To use xhydra, you will need to install a graphical output in termux, you can be guided from [this article](https://wiki.termux.com/wiki/Graphical_Environment) + + For the Oracle login module, install the basic and SDK packages: http://www.oracle.com/technetwork/database/features/instant-client/index.html diff --git a/setup-termux.sh b/setup-termux.sh deleted file mode 100644 index 38d4db2..0000000 --- a/setup-termux.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -#this script will configure hydra in termux - -TERMUX_PREFIX="/data/data/com.termux/files/usr" - -#required dependencies - -pkg update && pkg upgrade -pkg install -y x11-repo -pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 - -#compile hydra - -./configure --prefix=$TERMUX_PREFIX -make -make install - From b7e77d767277453370d39235275d428cfad02c3c Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Wed, 16 Jun 2021 03:03:31 -0500 Subject: [PATCH 058/223] Specify in the INSTALL file the steps for Android (termux) --- INSTALL | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 6bf3de7..c679c4f 100644 --- a/INSTALL +++ b/INSTALL @@ -7,11 +7,10 @@ you run "./configure": OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel -### Note: +Note: Due to the Android file system, the installation on it is different, please follow these steps: -``` # Necessary dependencies pkg install -y x11-repo pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 From f1cc9e6cfb290cdb4b7cf50e3bb4951aa05c8c2f Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Wed, 16 Jun 2021 03:06:40 -0500 Subject: [PATCH 059/223] Specify in the INSTALL file the steps for Android (termux) --- INSTALL | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index c679c4f..b501691 100644 --- a/INSTALL +++ b/INSTALL @@ -18,9 +18,10 @@ pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 ./configure --prefix=$PREFIX make make install -``` -To use xhydra, you will need to install a graphical output in termux, you can be guided from [this article](https://wiki.termux.com/wiki/Graphical_Environment) +To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: + +https://wiki.termux.com/wiki/Graphical_Environment For the Oracle login module, install the basic and SDK packages: From bc9190d3ddbf03a93042839ecc4b844a297eeb6c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Jun 2021 11:18:12 +0200 Subject: [PATCH 060/223] fix --- INSTALL | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/INSTALL b/INSTALL index b501691..752aa63 100644 --- a/INSTALL +++ b/INSTALL @@ -7,17 +7,16 @@ you run "./configure": OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel -Note: +For Termux/Android you need the following setup: -Due to the Android file system, the installation on it is different, please follow these steps: +Install the necessary dependencies + # pkg install -y x11-repo + # pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 +And then compiling hydra + # ./configure --prefix=$PREFIX + # make + # make install -# Necessary dependencies -pkg install -y x11-repo -pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 -# Compiling hydra -./configure --prefix=$PREFIX -make -make install To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: From acd4bcf1a79bf90042a062b91fe78d2f9fab5a54 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:43:58 -0500 Subject: [PATCH 061/223] Set theme jekyll-theme-hacker --- _config.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 _config.yml diff --git a/_config.yml b/_config.yml new file mode 100644 index 0000000..fc24e7a --- /dev/null +++ b/_config.yml @@ -0,0 +1 @@ +theme: jekyll-theme-hacker \ No newline at end of file From 3450d874200fa4ca6e187fe36b67f38003afe0de Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:46:23 -0500 Subject: [PATCH 062/223] Update _config.yml --- _config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index fc24e7a..8dd6c5f 100644 --- a/_config.yml +++ b/_config.yml @@ -1 +1,2 @@ -theme: jekyll-theme-hacker \ No newline at end of file +title: "thc-hydra" +theme: jekyll-theme-hacker From 760149340058e91fea0579caea434de3030a80ad Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:50:01 -0500 Subject: [PATCH 063/223] Create index.md --- docs/hydra/index.md | 534 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 534 insertions(+) create mode 100644 docs/hydra/index.md diff --git a/docs/hydra/index.md b/docs/hydra/index.md new file mode 100644 index 0000000..322da43 --- /dev/null +++ b/docs/hydra/index.md @@ -0,0 +1,534 @@ + + H Y D R A + + (c) 2001-2021 by van Hauser / THC + https://github.com/vanhauser-thc/thc-hydra + many modules were written by David (dot) Maciejak @ gmail (dot) com + BFG code by Jan Dlabal + + Licensed under AGPLv3 (see LICENSE file) + + Please do not use in military or secret service organizations, + or for illegal purposes. + (This is the wish of the author and non-binding. Many people working + in these organizations do not care for laws and ethics anyways. + You are not one of the "good" ones if you ignore this.) + + + +INTRODUCTION +------------ +Number one of the biggest security holes are passwords, as every password +security study shows. +This tool is a proof of concept code, to give researchers and security +consultants the possibility to show how easy it would be to gain unauthorized +access from remote to a system. + +THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +There are already several login hacker tools available, however, none does +either support more than one protocol to attack or support parallelized +connects. + +It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. + +Currently this tool supports the following protocols: + Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, + HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, + HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, + Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, + SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, + VNC and XMPP. + +However the module engine for new services is very easy so it won't take a +long time until even more services are supported. +Your help in writing, enhancing or fixing modules is highly appreciated!! :-) + + + +WHERE TO GET +------------ +You can always find the newest release/production version of hydra at its +project page at https://github.com/vanhauser-thc/thc-hydra/releases +If you are interested in the current development state, the public development +repository is at Github: + svn co https://github.com/vanhauser-thc/thc-hydra + or + git clone https://github.com/vanhauser-thc/thc-hydra +Use the development version at your own risk. It contains new features and +new bugs. Things might not work! + + + +HOW TO COMPILE +-------------- +To configure, compile and install hydra, just type: + +``` +./configure +make +make install +``` + +If you want the ssh module, you have to setup libssh (not libssh2!) on your +system, get it from http://www.libssh.org, for ssh v1 support you also need +to add "-DWITH_SSH1=On" option in the cmake command line. +IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! + +If you use Ubuntu/Debian, this will install supplementary libraries needed +for a few optional modules (note that some might not be available on your distribution): + +``` +apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ + libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev +``` + +This enables all optional modules and features with the exception of Oracle, +SAP R/3, NCP and the apple filing protocol - which you will need to download and +install from the vendor's web sites. + +For all other Linux derivates and BSD based systems, use the system +software installer and look for similarly named libraries like in the +command above. In all other cases, you have to download all source libraries +and compile them manually. + + + +SUPPORTED PLATFORMS +------------------- +- All UNIX platforms (Linux, *BSD, Solaris, etc.) +- MacOS (basically a BSD clone) +- Windows with Cygwin (both IPv4 and IPv6) +- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) + + + +HOW TO USE +---------- +If you just enter `hydra`, you will see a short summary of the important +options available. +Type `./hydra -h` to see all available command line options. + +Note that NO login/password file is included. Generate them yourself. +A default password list is however present, use "dpl4hydra.sh" to generate +a list. + +For Linux users, a GTK GUI is available, try `./xhydra` + +For the command line usage, the syntax is as follows: + For attacking one target or a network, you can use the new "://" style: + hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS + The old mode can be used for these too, and additionally if you want to + specify your targets from a text file, you *must* use this one: + +``` +hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] +``` + +Via the command line options you specify which logins to try, which passwords, +if SSL should be used, how many parallel tasks to use for attacking, etc. + +PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, +http-get or many others are available +TARGET is the target you want to attack +MODULE-OPTIONS are optional values which are special per PROTOCOL module + +FIRST - select your target + you have three options on how to specify the target you want to attack: + 1. a single target on the command line: just put the IP or DNS address in + 2. a network range on the command line: CIDR specification like "192.168.0.0/24" + 3. a list of hosts in a text file: one line per entry (see below) + +SECOND - select your protocol + Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. + Use a port scanner to see which protocols are enabled on the target. + +THIRD - check if the module has optional parameters + hydra -U PROTOCOL + e.g. hydra -U smtp + +FOURTH - the destination port + this is optional, if no port is supplied the default common port for the + PROTOCOL is used. + If you specify SSL to use ("-S" option), the SSL common port is used by default. + + +If you use "://" notation, you must use "[" "]" brackets if you want to supply +IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: + hydra [some command line options] ftp://[192.168.0.0/24]/ + hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM + +Note that everything hydra does is IPv4 only! +If you want to attack IPv6 addresses, you must add the "-6" command line option. +All attacks are then IPv6 only! + +If you want to supply your targets via a text file, you can not use the :// +notation but use the old style and just supply the protocol (and module options): + hydra [some command line options] -M targets.txt ftp +You can also supply the port for each target entry by adding ":" after a +target entry in the file, e.g.: + +``` +foo.bar.com +target.com:21 +unusual.port.com:2121 +default.used.here.com +127.0.0.1 +127.0.0.1:2121 +``` + +Note that if you want to attach IPv6 targets, you must supply the -6 option +and *must* put IPv6 addresses in brackets in the file(!) like this: + +``` +foo.bar.com +target.com:21 +[fe80::1%eth0] +[2001::1] +[2002::2]:8080 +[2a01:24a:133:0:00:123:ff:1a] +``` + +LOGINS AND PASSWORDS +-------------------- +You have many options on how to attack with logins and passwords +With -l for login and -p for password you tell hydra that this is the only +login and/or password to try. +With -L for logins and -P for passwords you supply text files with entries. +e.g.: + +``` +hydra -l admin -p password ftp://localhost/ +hydra -L default_logins.txt -p test ftp://localhost/ +hydra -l admin -P common_passwords.txt ftp://localhost/ +hydra -L logins.txt -P passwords.txt ftp://localhost/ +``` + +Additionally, you can try passwords based on the login via the "-e" option. +The "-e" option has three parameters: + +``` +s - try the login as password +n - try an empty password +r - reverse the login and try it as password +``` + +If you want to, e.g. try "try login as password and "empty password", you +specify "-e sn" on the command line. + +But there are two more modes for trying passwords than -p/-P: +You can use text file which where a login and password pair is separated by a colon, +e.g.: + +``` +admin:password +test:test +foo:bar +``` + +This is a common default account style listing, that is also generated by the +dpl4hydra.sh default account file generator supplied with hydra. +You use such a text file with the -C option - note that in this mode you +can not use -l/-L/-p/-P options (-e nsr however you can). +Example: + +``` +hydra -C default_accounts.txt ftp://localhost/ +``` + +And finally, there is a bruteforce mode with the -x option (which you can not +use with -p/-P/-C): + +``` +-x minimum_length:maximum_length:charset +``` + +the charset definition is `a` for lowercase letters, `A` for uppercase letters, +`1` for numbers and for anything else you supply it is their real representation. +Examples: + +``` +-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters +-x 2:5:/ generate passwords from length 2 to 5 containing only slashes +-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +``` + +Example: + +``` +hydra -l ftp -x 3:3:a ftp://localhost/ +``` + +SPECIAL OPTIONS FOR MODULES +--------------------------- +Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m +command line option, you can pass one option to a module. +Many modules use this, a few require it! + +To see the special option of a module, type: + + hydra -U + +e.g. + + ./hydra -U http-post-form + +The special options can be passed via the -m parameter, as 3rd command line +option or in the service://target/option format. + +Examples (they are all equal): + +``` +./hydra -l test -p test -m PLAIN 127.0.0.1 imap +./hydra -l test -p test 127.0.0.1 imap PLAIN +./hydra -l test -p test imap://127.0.0.1/PLAIN +``` + +RESTORING AN ABORTED/CRASHED SESSION +------------------------------------ +When hydra is aborted with Control-C, killed or crashes, it leaves a +"hydra.restore" file behind which contains all necessary information to +restore the session. This session file is written every 5 minutes. +NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. +from little endian to big endian, or from Solaris to AIX) + +HOW TO SCAN/CRACK OVER A PROXY +------------------------------ +The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works +just for the http services!). +The following syntax is valid: + +``` +HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" +HYDRA_PROXY_HTTP="proxylist.txt" +``` + +The last example is a text file containing up to 64 proxies (in the same +format definition as the other examples). + +For all other services, use the HYDRA_PROXY variable to scan/crack. +It uses the same syntax. eg: + +``` +HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port +``` + +for example: + +``` +HYDRA_PROXY=connect://proxy.anonymizer.com:8000 +HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 +HYDRA_PROXY=socksproxylist.txt +``` + +ADDITIONAL HINTS +---------------- +* sort your password files by likelihood and use the -u option to find + passwords much faster! +* uniq your dictionary files! this can save you a lot of time :-) + cat words.txt | sort | uniq > dictionary.txt +* if you know that the target is using a password policy (allowing users + only to choose a password with a minimum length of 6, containing a least one + letter and one number, etc. use the tool pw-inspector which comes along + with the hydra package to reduce the password list: + cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt + + +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: + +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +JSON Schema +----------- +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2021-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + + +SPEED +----- +through the parallelizing feature, this password cracker tool can be very +fast, however it depends on the protocol. The fastest are generally POP3 +and FTP. +Experiment with the task option (-t) to speed things up! The higher - the +faster ;-) (but too high - and it disables the service) + + + +STATISTICS +---------- +Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing +295 entries (294 tries invalid logins, 1 valid). Every test was run three +times (only for "1 task" just once), and the average noted down. + +``` + P A R A L L E L T A S K S +SERVICE 1 4 8 16 32 50 64 100 128 +------- -------------------------------------------------------------------- +telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* +ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 +pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 +imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 +``` + +(*) +Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with +128 tasks, running four times resulted in timings between 28 and 97 seconds! +The reason for this is unknown... + +guesses per task (rounded up): + + 295 74 38 19 10 6 5 3 3 + +guesses possible per connect (depends on the server software and config): + + telnet 4 + ftp 6 + pop3 1 + imap 3 + + + +BUGS & FEATURES +--------------- +Hydra: +Email me or David if you find bugs or if you have written a new module. +vh@thc.org (and put "antispam" in the subject line) + + +You should use PGP to encrypt emails to vh@thc.org : + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v3.3.3 (vh@thc.org) + +mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT +KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ +FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c +vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k +Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p +lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI +zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI +DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf +lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN +DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 +n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB +tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC +F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ +xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH +Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 +qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz +dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp +QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga +V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 +slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl +Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM +0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP +JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs +IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL +CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS +AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ +HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR +2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C +nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc +XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 +Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL +ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V +l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F +n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl +7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb +/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii +tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 +Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR +gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt +x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 +0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS ++C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw +G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA +oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr +rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC +v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 +02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv +s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ +Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK +d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP +gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y +ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP +8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd +X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD +aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN +cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC +Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR +zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni +1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT +zB3yrr+vYBT0uDWmxwPjiJs= +=ytEf +-----END PGP PUBLIC KEY BLOCK----- +``` From 55682bf69aee76a6684cf9d08c1dc957540929eb Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:51:29 -0500 Subject: [PATCH 064/223] Set theme jekyll-theme-modernist --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 8dd6c5f..0400ff8 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-hacker +theme: jekyll-theme-modernist From 24395ab478c863ca0660aefd3f5004186ade11e0 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:53:17 -0500 Subject: [PATCH 065/223] Set theme jekyll-theme-midnight --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 0400ff8..225f091 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-modernist +theme: jekyll-theme-midnight From 27cab133fa1119ad1c15c7dd575cf7474c9bbbae Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:56:27 -0500 Subject: [PATCH 066/223] Delete index.md --- docs/hydra/index.md | 534 -------------------------------------------- 1 file changed, 534 deletions(-) delete mode 100644 docs/hydra/index.md diff --git a/docs/hydra/index.md b/docs/hydra/index.md deleted file mode 100644 index 322da43..0000000 --- a/docs/hydra/index.md +++ /dev/null @@ -1,534 +0,0 @@ - - H Y D R A - - (c) 2001-2021 by van Hauser / THC - https://github.com/vanhauser-thc/thc-hydra - many modules were written by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - (This is the wish of the author and non-binding. Many people working - in these organizations do not care for laws and ethics anyways. - You are not one of the "good" ones if you ignore this.) - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possibility to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallelized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, - HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, - HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, - Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, - SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, - VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -``` -./configure -make -make install -``` - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. -IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules (note that some might not be available on your distribution): - -``` -apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev -``` - -This enables all optional modules and features with the exception of Oracle, -SAP R/3, NCP and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similarly named libraries like in the -command above. In all other cases, you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -- All UNIX platforms (Linux, *BSD, Solaris, etc.) -- MacOS (basically a BSD clone) -- Windows with Cygwin (both IPv4 and IPv6) -- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter `hydra`, you will see a short summary of the important -options available. -Type `./hydra -h` to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is however present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK GUI is available, try `./xhydra` - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - -``` -hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] -``` - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are available -TARGET is the target you want to attack -MODULE-OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional, if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can also supply the port for each target entry by adding ":" after a -target entry in the file, e.g.: - -``` -foo.bar.com -target.com:21 -unusual.port.com:2121 -default.used.here.com -127.0.0.1 -127.0.0.1:2121 -``` - -Note that if you want to attach IPv6 targets, you must supply the -6 option -and *must* put IPv6 addresses in brackets in the file(!) like this: - -``` -foo.bar.com -target.com:21 -[fe80::1%eth0] -[2001::1] -[2002::2]:8080 -[2a01:24a:133:0:00:123:ff:1a] -``` - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - -``` -hydra -l admin -p password ftp://localhost/ -hydra -L default_logins.txt -p test ftp://localhost/ -hydra -l admin -P common_passwords.txt ftp://localhost/ -hydra -L logins.txt -P passwords.txt ftp://localhost/ -``` - -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - -``` -s - try the login as password -n - try an empty password -r - reverse the login and try it as password -``` - -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is separated by a colon, -e.g.: - -``` -admin:password -test:test -foo:bar -``` - -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - -``` -hydra -C default_accounts.txt ftp://localhost/ -``` - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -``` --x minimum_length:maximum_length:charset -``` - -the charset definition is `a` for lowercase letters, `A` for uppercase letters, -`1` for numbers and for anything else you supply it is their real representation. -Examples: - -``` --x 1:3:a generate passwords from length 1 to 3 with all lowercase letters --x 2:5:/ generate passwords from length 2 to 5 containing only slashes --x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -``` - -Example: - -``` -hydra -l ftp -x 3:3:a ftp://localhost/ -``` - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -command line option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - - hydra -U - -e.g. - - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - -``` -./hydra -l test -p test -m PLAIN 127.0.0.1 imap -./hydra -l test -p test 127.0.0.1 imap PLAIN -./hydra -l test -p test imap://127.0.0.1/PLAIN -``` - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashes, it leaves a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little endian to big endian, or from Solaris to AIX) - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http services!). -The following syntax is valid: - -``` -HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" -HYDRA_PROXY_HTTP="proxylist.txt" -``` - -The last example is a text file containing up to 64 proxies (in the same -format definition as the other examples). - -For all other services, use the HYDRA_PROXY variable to scan/crack. -It uses the same syntax. eg: - -``` -HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port -``` - -for example: - -``` -HYDRA_PROXY=connect://proxy.anonymizer.com:8000 -HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 -HYDRA_PROXY=socksproxylist.txt -``` - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose a password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - -RESULTS OUTPUT --------------- - -The results are output to stdio along with the other information. Via the -o -command line option, the results can also be written to a file. Using -b, -the format of the output can be specified. Currently, these are supported: - -* `text` - plain text format -* `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. - -If using JSON output, the results file may not be valid JSON if there are -serious errors in booting Hydra. - - -JSON Schema ------------ -Here is an example of the JSON output. Notes on some of the fields: - -* `errormessages` - an array of zero or more strings that are normally printed - to stderr at the end of the Hydra's run. The text is very free form. -* `success` - indication if Hydra ran correctly without error (**NOT** if - passwords were detected). This parameter is either the JSON value `true` - or `false` depending on completion. -* `quantityfound` - How many username+password combinations discovered. -* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, - 2.03, etc. Hydra will make second tuple of the version to always be two - digits to make it easier for downstream processors (as opposed to v1.1 vs - v1.10). The minor-level versions are additive, so 1.02 will contain more - fields than version 1.00 and will be backward compatible. Version 2.x will - break something from version 1.x output. - -Version 1.00 example: -``` -{ - "errormessages": [ - "[ERROR] Error Message of Something", - "[ERROR] Another Message", - "These are very free form" - ], - "generator": { - "built": "2021-03-01 14:44:22", - "commandline": "hydra -b jsonv1 -o results.json ... ...", - "jsonoutputversion": "1.00", - "server": "127.0.0.1", - "service": "http-post-form", - "software": "Hydra", - "version": "v8.5" - }, - "quantityfound": 2, - "results": [ - { - "host": "127.0.0.1", - "login": "bill@example.com", - "password": "bill", - "port": 9999, - "service": "http-post-form" - }, - { - "host": "127.0.0.1", - "login": "joe@example.com", - "password": "joe", - "port": 9999, - "service": "http-post-form" - } - ], - "success": false -} -``` - - -SPEED ------ -through the parallelizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - -``` - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 -``` - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) - - -You should use PGP to encrypt emails to vh@thc.org : - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- -``` From 0483351e6a8af1d2520e160bab87705d5c96a541 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:44:42 -0500 Subject: [PATCH 067/223] Create index.md --- docs/index.md | 534 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 534 insertions(+) create mode 100644 docs/index.md diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..322da43 --- /dev/null +++ b/docs/index.md @@ -0,0 +1,534 @@ + + H Y D R A + + (c) 2001-2021 by van Hauser / THC + https://github.com/vanhauser-thc/thc-hydra + many modules were written by David (dot) Maciejak @ gmail (dot) com + BFG code by Jan Dlabal + + Licensed under AGPLv3 (see LICENSE file) + + Please do not use in military or secret service organizations, + or for illegal purposes. + (This is the wish of the author and non-binding. Many people working + in these organizations do not care for laws and ethics anyways. + You are not one of the "good" ones if you ignore this.) + + + +INTRODUCTION +------------ +Number one of the biggest security holes are passwords, as every password +security study shows. +This tool is a proof of concept code, to give researchers and security +consultants the possibility to show how easy it would be to gain unauthorized +access from remote to a system. + +THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +There are already several login hacker tools available, however, none does +either support more than one protocol to attack or support parallelized +connects. + +It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. + +Currently this tool supports the following protocols: + Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, + HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, + HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, + Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, + SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, + VNC and XMPP. + +However the module engine for new services is very easy so it won't take a +long time until even more services are supported. +Your help in writing, enhancing or fixing modules is highly appreciated!! :-) + + + +WHERE TO GET +------------ +You can always find the newest release/production version of hydra at its +project page at https://github.com/vanhauser-thc/thc-hydra/releases +If you are interested in the current development state, the public development +repository is at Github: + svn co https://github.com/vanhauser-thc/thc-hydra + or + git clone https://github.com/vanhauser-thc/thc-hydra +Use the development version at your own risk. It contains new features and +new bugs. Things might not work! + + + +HOW TO COMPILE +-------------- +To configure, compile and install hydra, just type: + +``` +./configure +make +make install +``` + +If you want the ssh module, you have to setup libssh (not libssh2!) on your +system, get it from http://www.libssh.org, for ssh v1 support you also need +to add "-DWITH_SSH1=On" option in the cmake command line. +IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! + +If you use Ubuntu/Debian, this will install supplementary libraries needed +for a few optional modules (note that some might not be available on your distribution): + +``` +apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ + libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev +``` + +This enables all optional modules and features with the exception of Oracle, +SAP R/3, NCP and the apple filing protocol - which you will need to download and +install from the vendor's web sites. + +For all other Linux derivates and BSD based systems, use the system +software installer and look for similarly named libraries like in the +command above. In all other cases, you have to download all source libraries +and compile them manually. + + + +SUPPORTED PLATFORMS +------------------- +- All UNIX platforms (Linux, *BSD, Solaris, etc.) +- MacOS (basically a BSD clone) +- Windows with Cygwin (both IPv4 and IPv6) +- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) + + + +HOW TO USE +---------- +If you just enter `hydra`, you will see a short summary of the important +options available. +Type `./hydra -h` to see all available command line options. + +Note that NO login/password file is included. Generate them yourself. +A default password list is however present, use "dpl4hydra.sh" to generate +a list. + +For Linux users, a GTK GUI is available, try `./xhydra` + +For the command line usage, the syntax is as follows: + For attacking one target or a network, you can use the new "://" style: + hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS + The old mode can be used for these too, and additionally if you want to + specify your targets from a text file, you *must* use this one: + +``` +hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] +``` + +Via the command line options you specify which logins to try, which passwords, +if SSL should be used, how many parallel tasks to use for attacking, etc. + +PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, +http-get or many others are available +TARGET is the target you want to attack +MODULE-OPTIONS are optional values which are special per PROTOCOL module + +FIRST - select your target + you have three options on how to specify the target you want to attack: + 1. a single target on the command line: just put the IP or DNS address in + 2. a network range on the command line: CIDR specification like "192.168.0.0/24" + 3. a list of hosts in a text file: one line per entry (see below) + +SECOND - select your protocol + Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. + Use a port scanner to see which protocols are enabled on the target. + +THIRD - check if the module has optional parameters + hydra -U PROTOCOL + e.g. hydra -U smtp + +FOURTH - the destination port + this is optional, if no port is supplied the default common port for the + PROTOCOL is used. + If you specify SSL to use ("-S" option), the SSL common port is used by default. + + +If you use "://" notation, you must use "[" "]" brackets if you want to supply +IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: + hydra [some command line options] ftp://[192.168.0.0/24]/ + hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM + +Note that everything hydra does is IPv4 only! +If you want to attack IPv6 addresses, you must add the "-6" command line option. +All attacks are then IPv6 only! + +If you want to supply your targets via a text file, you can not use the :// +notation but use the old style and just supply the protocol (and module options): + hydra [some command line options] -M targets.txt ftp +You can also supply the port for each target entry by adding ":" after a +target entry in the file, e.g.: + +``` +foo.bar.com +target.com:21 +unusual.port.com:2121 +default.used.here.com +127.0.0.1 +127.0.0.1:2121 +``` + +Note that if you want to attach IPv6 targets, you must supply the -6 option +and *must* put IPv6 addresses in brackets in the file(!) like this: + +``` +foo.bar.com +target.com:21 +[fe80::1%eth0] +[2001::1] +[2002::2]:8080 +[2a01:24a:133:0:00:123:ff:1a] +``` + +LOGINS AND PASSWORDS +-------------------- +You have many options on how to attack with logins and passwords +With -l for login and -p for password you tell hydra that this is the only +login and/or password to try. +With -L for logins and -P for passwords you supply text files with entries. +e.g.: + +``` +hydra -l admin -p password ftp://localhost/ +hydra -L default_logins.txt -p test ftp://localhost/ +hydra -l admin -P common_passwords.txt ftp://localhost/ +hydra -L logins.txt -P passwords.txt ftp://localhost/ +``` + +Additionally, you can try passwords based on the login via the "-e" option. +The "-e" option has three parameters: + +``` +s - try the login as password +n - try an empty password +r - reverse the login and try it as password +``` + +If you want to, e.g. try "try login as password and "empty password", you +specify "-e sn" on the command line. + +But there are two more modes for trying passwords than -p/-P: +You can use text file which where a login and password pair is separated by a colon, +e.g.: + +``` +admin:password +test:test +foo:bar +``` + +This is a common default account style listing, that is also generated by the +dpl4hydra.sh default account file generator supplied with hydra. +You use such a text file with the -C option - note that in this mode you +can not use -l/-L/-p/-P options (-e nsr however you can). +Example: + +``` +hydra -C default_accounts.txt ftp://localhost/ +``` + +And finally, there is a bruteforce mode with the -x option (which you can not +use with -p/-P/-C): + +``` +-x minimum_length:maximum_length:charset +``` + +the charset definition is `a` for lowercase letters, `A` for uppercase letters, +`1` for numbers and for anything else you supply it is their real representation. +Examples: + +``` +-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters +-x 2:5:/ generate passwords from length 2 to 5 containing only slashes +-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +``` + +Example: + +``` +hydra -l ftp -x 3:3:a ftp://localhost/ +``` + +SPECIAL OPTIONS FOR MODULES +--------------------------- +Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m +command line option, you can pass one option to a module. +Many modules use this, a few require it! + +To see the special option of a module, type: + + hydra -U + +e.g. + + ./hydra -U http-post-form + +The special options can be passed via the -m parameter, as 3rd command line +option or in the service://target/option format. + +Examples (they are all equal): + +``` +./hydra -l test -p test -m PLAIN 127.0.0.1 imap +./hydra -l test -p test 127.0.0.1 imap PLAIN +./hydra -l test -p test imap://127.0.0.1/PLAIN +``` + +RESTORING AN ABORTED/CRASHED SESSION +------------------------------------ +When hydra is aborted with Control-C, killed or crashes, it leaves a +"hydra.restore" file behind which contains all necessary information to +restore the session. This session file is written every 5 minutes. +NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. +from little endian to big endian, or from Solaris to AIX) + +HOW TO SCAN/CRACK OVER A PROXY +------------------------------ +The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works +just for the http services!). +The following syntax is valid: + +``` +HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" +HYDRA_PROXY_HTTP="proxylist.txt" +``` + +The last example is a text file containing up to 64 proxies (in the same +format definition as the other examples). + +For all other services, use the HYDRA_PROXY variable to scan/crack. +It uses the same syntax. eg: + +``` +HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port +``` + +for example: + +``` +HYDRA_PROXY=connect://proxy.anonymizer.com:8000 +HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 +HYDRA_PROXY=socksproxylist.txt +``` + +ADDITIONAL HINTS +---------------- +* sort your password files by likelihood and use the -u option to find + passwords much faster! +* uniq your dictionary files! this can save you a lot of time :-) + cat words.txt | sort | uniq > dictionary.txt +* if you know that the target is using a password policy (allowing users + only to choose a password with a minimum length of 6, containing a least one + letter and one number, etc. use the tool pw-inspector which comes along + with the hydra package to reduce the password list: + cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt + + +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: + +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +JSON Schema +----------- +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2021-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + + +SPEED +----- +through the parallelizing feature, this password cracker tool can be very +fast, however it depends on the protocol. The fastest are generally POP3 +and FTP. +Experiment with the task option (-t) to speed things up! The higher - the +faster ;-) (but too high - and it disables the service) + + + +STATISTICS +---------- +Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing +295 entries (294 tries invalid logins, 1 valid). Every test was run three +times (only for "1 task" just once), and the average noted down. + +``` + P A R A L L E L T A S K S +SERVICE 1 4 8 16 32 50 64 100 128 +------- -------------------------------------------------------------------- +telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* +ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 +pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 +imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 +``` + +(*) +Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with +128 tasks, running four times resulted in timings between 28 and 97 seconds! +The reason for this is unknown... + +guesses per task (rounded up): + + 295 74 38 19 10 6 5 3 3 + +guesses possible per connect (depends on the server software and config): + + telnet 4 + ftp 6 + pop3 1 + imap 3 + + + +BUGS & FEATURES +--------------- +Hydra: +Email me or David if you find bugs or if you have written a new module. +vh@thc.org (and put "antispam" in the subject line) + + +You should use PGP to encrypt emails to vh@thc.org : + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v3.3.3 (vh@thc.org) + +mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT +KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ +FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c +vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k +Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p +lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI +zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI +DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf +lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN +DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 +n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB +tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC +F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ +xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH +Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 +qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz +dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp +QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga +V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 +slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl +Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM +0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP +JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs +IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL +CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS +AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ +HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR +2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C +nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc +XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 +Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL +ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V +l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F +n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl +7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb +/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii +tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 +Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR +gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt +x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 +0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS ++C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw +G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA +oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr +rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC +v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 +02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv +s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ +Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK +d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP +gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y +ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP +8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd +X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD +aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN +cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC +Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR +zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni +1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT +zB3yrr+vYBT0uDWmxwPjiJs= +=ytEf +-----END PGP PUBLIC KEY BLOCK----- +``` From be95247c690608535a37f416223add86e0ec1690 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:48:43 -0500 Subject: [PATCH 068/223] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 322da43..14c64cd 100644 --- a/README.md +++ b/README.md @@ -52,12 +52,12 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-) WHERE TO GET ------------ You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases +project page at [https://github.com/vanhauser-thc/thc-hydra/releases](https://github.com/vanhauser-thc/thc-hydra/releases) If you are interested in the current development state, the public development repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra + svn co [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) or - git clone https://github.com/vanhauser-thc/thc-hydra + git clone [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) Use the development version at your own risk. It contains new features and new bugs. Things might not work! From caf39e154265ae78b092c9210db6354b775e1a73 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:51:52 -0500 Subject: [PATCH 069/223] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 14c64cd..0657f26 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ make install ``` If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need +system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! From bfdbeee1b281f319e171a2ea3976d8869d3f3400 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 15:54:06 -0500 Subject: [PATCH 070/223] Delete index.md --- docs/index.md | 534 -------------------------------------------------- 1 file changed, 534 deletions(-) delete mode 100644 docs/index.md diff --git a/docs/index.md b/docs/index.md deleted file mode 100644 index 322da43..0000000 --- a/docs/index.md +++ /dev/null @@ -1,534 +0,0 @@ - - H Y D R A - - (c) 2001-2021 by van Hauser / THC - https://github.com/vanhauser-thc/thc-hydra - many modules were written by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - (This is the wish of the author and non-binding. Many people working - in these organizations do not care for laws and ethics anyways. - You are not one of the "good" ones if you ignore this.) - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possibility to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however, none does -either support more than one protocol to attack or support parallelized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, - HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, - HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, - Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, - Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, - SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, - VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://github.com/vanhauser-thc/thc-hydra/releases -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -``` -./configure -make -make install -``` - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. -IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules (note that some might not be available on your distribution): - -``` -apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev -``` - -This enables all optional modules and features with the exception of Oracle, -SAP R/3, NCP and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similarly named libraries like in the -command above. In all other cases, you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -- All UNIX platforms (Linux, *BSD, Solaris, etc.) -- MacOS (basically a BSD clone) -- Windows with Cygwin (both IPv4 and IPv6) -- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter `hydra`, you will see a short summary of the important -options available. -Type `./hydra -h` to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is however present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK GUI is available, try `./xhydra` - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - -``` -hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] -``` - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are available -TARGET is the target you want to attack -MODULE-OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional, if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can also supply the port for each target entry by adding ":" after a -target entry in the file, e.g.: - -``` -foo.bar.com -target.com:21 -unusual.port.com:2121 -default.used.here.com -127.0.0.1 -127.0.0.1:2121 -``` - -Note that if you want to attach IPv6 targets, you must supply the -6 option -and *must* put IPv6 addresses in brackets in the file(!) like this: - -``` -foo.bar.com -target.com:21 -[fe80::1%eth0] -[2001::1] -[2002::2]:8080 -[2a01:24a:133:0:00:123:ff:1a] -``` - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - -``` -hydra -l admin -p password ftp://localhost/ -hydra -L default_logins.txt -p test ftp://localhost/ -hydra -l admin -P common_passwords.txt ftp://localhost/ -hydra -L logins.txt -P passwords.txt ftp://localhost/ -``` - -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - -``` -s - try the login as password -n - try an empty password -r - reverse the login and try it as password -``` - -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is separated by a colon, -e.g.: - -``` -admin:password -test:test -foo:bar -``` - -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - -``` -hydra -C default_accounts.txt ftp://localhost/ -``` - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -``` --x minimum_length:maximum_length:charset -``` - -the charset definition is `a` for lowercase letters, `A` for uppercase letters, -`1` for numbers and for anything else you supply it is their real representation. -Examples: - -``` --x 1:3:a generate passwords from length 1 to 3 with all lowercase letters --x 2:5:/ generate passwords from length 2 to 5 containing only slashes --x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -``` - -Example: - -``` -hydra -l ftp -x 3:3:a ftp://localhost/ -``` - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -command line option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - - hydra -U - -e.g. - - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - -``` -./hydra -l test -p test -m PLAIN 127.0.0.1 imap -./hydra -l test -p test 127.0.0.1 imap PLAIN -./hydra -l test -p test imap://127.0.0.1/PLAIN -``` - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashes, it leaves a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little endian to big endian, or from Solaris to AIX) - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http services!). -The following syntax is valid: - -``` -HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" -HYDRA_PROXY_HTTP="proxylist.txt" -``` - -The last example is a text file containing up to 64 proxies (in the same -format definition as the other examples). - -For all other services, use the HYDRA_PROXY variable to scan/crack. -It uses the same syntax. eg: - -``` -HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port -``` - -for example: - -``` -HYDRA_PROXY=connect://proxy.anonymizer.com:8000 -HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 -HYDRA_PROXY=socksproxylist.txt -``` - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose a password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - -RESULTS OUTPUT --------------- - -The results are output to stdio along with the other information. Via the -o -command line option, the results can also be written to a file. Using -b, -the format of the output can be specified. Currently, these are supported: - -* `text` - plain text format -* `jsonv1` - JSON data using version 1.x of the schema (defined below). -* `json` - JSON data using the latest version of the schema, currently there - is only version 1. - -If using JSON output, the results file may not be valid JSON if there are -serious errors in booting Hydra. - - -JSON Schema ------------ -Here is an example of the JSON output. Notes on some of the fields: - -* `errormessages` - an array of zero or more strings that are normally printed - to stderr at the end of the Hydra's run. The text is very free form. -* `success` - indication if Hydra ran correctly without error (**NOT** if - passwords were detected). This parameter is either the JSON value `true` - or `false` depending on completion. -* `quantityfound` - How many username+password combinations discovered. -* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, - 2.03, etc. Hydra will make second tuple of the version to always be two - digits to make it easier for downstream processors (as opposed to v1.1 vs - v1.10). The minor-level versions are additive, so 1.02 will contain more - fields than version 1.00 and will be backward compatible. Version 2.x will - break something from version 1.x output. - -Version 1.00 example: -``` -{ - "errormessages": [ - "[ERROR] Error Message of Something", - "[ERROR] Another Message", - "These are very free form" - ], - "generator": { - "built": "2021-03-01 14:44:22", - "commandline": "hydra -b jsonv1 -o results.json ... ...", - "jsonoutputversion": "1.00", - "server": "127.0.0.1", - "service": "http-post-form", - "software": "Hydra", - "version": "v8.5" - }, - "quantityfound": 2, - "results": [ - { - "host": "127.0.0.1", - "login": "bill@example.com", - "password": "bill", - "port": 9999, - "service": "http-post-form" - }, - { - "host": "127.0.0.1", - "login": "joe@example.com", - "password": "joe", - "port": 9999, - "service": "http-post-form" - } - ], - "success": false -} -``` - - -SPEED ------ -through the parallelizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - -``` - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 -``` - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) - - -You should use PGP to encrypt emails to vh@thc.org : - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- -``` From 2d12a0df6a2a441673d71316abd8c3ee30ee4ab0 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:06:21 -0500 Subject: [PATCH 071/223] Create index.md --- docs/android/index.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 docs/android/index.md diff --git a/docs/android/index.md b/docs/android/index.md new file mode 100644 index 0000000..4480b3c --- /dev/null +++ b/docs/android/index.md @@ -0,0 +1,27 @@ +## thc-hydra +### How to compile hydra on Android + +Hydra is layers running on Android without rodent permission, +this is thanks to [Termux](https://termux.com/), A powerful emulator +of terminal with an ecosystem of packages. + +To compile hydra on Android, you will need to download +[Termux](https://termux.com/). + +I note that termux no longer provides support +for Android devices less than or equal to Android 6, +therefore your cell phone must be Android 7 or higher. + +After installing termux, enter the following commands +at your terminal: + +``` +# Update package list +pkg update && pkg upgrade +# Installing dependencies +pkg install -y x11-repo +pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 +# Compiling hydra +./configure --prefix=$PREFIX +make && make install +``` From d260804d19fcb2d547fc88ac01f083cbdab6f6b5 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:12:12 -0500 Subject: [PATCH 072/223] Update index.md --- docs/android/index.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/android/index.md b/docs/android/index.md index 4480b3c..43eaaa0 100644 --- a/docs/android/index.md +++ b/docs/android/index.md @@ -25,3 +25,16 @@ pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 ./configure --prefix=$PREFIX make && make install ``` + +To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: + +[https://wiki.termux.com/wiki/Graphical_Environment](https://wiki.termux.com/wiki/Graphical_Environment) + +If you have never used a GUI on Android or are not able to configure it, +you can use these projects from the termux community: + +- [openbox by adi1090x](https://github.com/adi1090x/termux-desktop) + +- [lxqt by yisus](https://github.com/Yisus7u7/termux-desktop-lxqt) + +- [xfce4 by yisus](https://github.com/Yisus7u7/termux-desktop-xfce) From 54c2e85d797f5b1b29f759a418c863ce9ebcbf08 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:13:24 -0500 Subject: [PATCH 073/223] Update index.md --- docs/android/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/android/index.md b/docs/android/index.md index 43eaaa0..9a87fa5 100644 --- a/docs/android/index.md +++ b/docs/android/index.md @@ -1,7 +1,7 @@ ## thc-hydra ### How to compile hydra on Android -Hydra is layers running on Android without rodent permission, +Hydra can run on Android without root permissions, this is thanks to [Termux](https://termux.com/), A powerful emulator of terminal with an ecosystem of packages. From 9fc4aabd6b71e5b2e6549b2be3398ff22c5b6676 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:15:08 -0500 Subject: [PATCH 074/223] Update index.md --- docs/android/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/android/index.md b/docs/android/index.md index 9a87fa5..4b70ab9 100644 --- a/docs/android/index.md +++ b/docs/android/index.md @@ -26,7 +26,9 @@ pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 make && make install ``` -To use xhydra, you will need to install a graphical output in termux, you can be guided from this article: +then you can use hydra in the termux terminal + +To use xhydra (GUI), you will need to install a graphical output in termux, you can be guided from this article: [https://wiki.termux.com/wiki/Graphical_Environment](https://wiki.termux.com/wiki/Graphical_Environment) From cf325b000898fe4699e07d82267d753ba05f5ba8 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:18:57 -0500 Subject: [PATCH 075/223] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0657f26..0c4e3b6 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ make make install ``` +`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. From 3b9280da3ace333c268bb530a493d9a8a16e764f Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:19:51 -0500 Subject: [PATCH 076/223] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c4e3b6..1e059ad 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,9 @@ make make install ``` -`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) +`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) + + If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. From e02b0d41e5013fc4b516cd57285f54e05a58cfa6 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:30:45 -0500 Subject: [PATCH 077/223] Show repo info in image --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1e059ad..dd0f8e0 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +![image](https://opengraph.githubassets.com/91871daab983cd69e18846c4f5c40a547e91638b3fe6064d81d9bb4574d95e73/vanhauser-thc/thc-hydra) + + H Y D R A From 12dc488f3f3d4c8ff98dfb2994633ea2bfc70ff5 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Wed, 16 Jun 2021 22:55:27 -0500 Subject: [PATCH 078/223] Set theme jekyll-theme-slate --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index 225f091..427c783 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-midnight +theme: jekyll-theme-slate From 92ef7d7455d8aca7ed6f3295d0dc21bcd28741ed Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Jun 2021 16:16:43 +0200 Subject: [PATCH 079/223] Revert "Merge pull request #666 from Yisus7u7/master" This reverts commit 5b98a23140d50b40389b284d64d0f2396f386efc, reversing changes made to a6784e40213b3709990f307f0e892832680625cc. --- README.md | 14 ++++---------- _config.yml | 2 +- docs/android/index.md | 42 ------------------------------------------ 3 files changed, 5 insertions(+), 53 deletions(-) delete mode 100644 docs/android/index.md diff --git a/README.md b/README.md index dd0f8e0..322da43 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,3 @@ -![image](https://opengraph.githubassets.com/91871daab983cd69e18846c4f5c40a547e91638b3fe6064d81d9bb4574d95e73/vanhauser-thc/thc-hydra) - - H Y D R A @@ -55,12 +52,12 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-) WHERE TO GET ------------ You can always find the newest release/production version of hydra at its -project page at [https://github.com/vanhauser-thc/thc-hydra/releases](https://github.com/vanhauser-thc/thc-hydra/releases) +project page at https://github.com/vanhauser-thc/thc-hydra/releases If you are interested in the current development state, the public development repository is at Github: - svn co [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) + svn co https://github.com/vanhauser-thc/thc-hydra or - git clone [https://github.com/vanhauser-thc/thc-hydra](https://github.com/vanhauser-thc/thc-hydra) + git clone https://github.com/vanhauser-thc/thc-hydra Use the development version at your own risk. It contains new features and new bugs. Things might not work! @@ -76,11 +73,8 @@ make make install ``` -`Note`: To compile hydra on Android (termux) [follow this articule](https://vanhauser-thc.github.io/thc-hydra/docs/android) - - If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from [http://www.libssh.org](http://www.libssh.org), for ssh v1 support you also need +system, get it from http://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! diff --git a/_config.yml b/_config.yml index 427c783..225f091 100644 --- a/_config.yml +++ b/_config.yml @@ -1,2 +1,2 @@ title: "thc-hydra" -theme: jekyll-theme-slate +theme: jekyll-theme-midnight diff --git a/docs/android/index.md b/docs/android/index.md deleted file mode 100644 index 4b70ab9..0000000 --- a/docs/android/index.md +++ /dev/null @@ -1,42 +0,0 @@ -## thc-hydra -### How to compile hydra on Android - -Hydra can run on Android without root permissions, -this is thanks to [Termux](https://termux.com/), A powerful emulator -of terminal with an ecosystem of packages. - -To compile hydra on Android, you will need to download -[Termux](https://termux.com/). - -I note that termux no longer provides support -for Android devices less than or equal to Android 6, -therefore your cell phone must be Android 7 or higher. - -After installing termux, enter the following commands -at your terminal: - -``` -# Update package list -pkg update && pkg upgrade -# Installing dependencies -pkg install -y x11-repo -pkg install -y clang make openssl openssl-tool wget openssh coreutils gtk2 gtk3 -# Compiling hydra -./configure --prefix=$PREFIX -make && make install -``` - -then you can use hydra in the termux terminal - -To use xhydra (GUI), you will need to install a graphical output in termux, you can be guided from this article: - -[https://wiki.termux.com/wiki/Graphical_Environment](https://wiki.termux.com/wiki/Graphical_Environment) - -If you have never used a GUI on Android or are not able to configure it, -you can use these projects from the termux community: - -- [openbox by adi1090x](https://github.com/adi1090x/termux-desktop) - -- [lxqt by yisus](https://github.com/Yisus7u7/termux-desktop-lxqt) - -- [xfce4 by yisus](https://github.com/Yisus7u7/termux-desktop-xfce) From d3f784ab64b9f44ab31c38d980c63b1a3140300b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Jun 2021 16:17:44 +0200 Subject: [PATCH 080/223] fix --- README.md => README | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename README.md => README (100%) diff --git a/README.md b/README similarity index 100% rename from README.md rename to README From 93283091d03ee509fd6968bf07959df2119f5503 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 24 Jun 2021 09:22:53 +0200 Subject: [PATCH 081/223] sscanf change --- hydra-sip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-sip.c b/hydra-sip.c index 6be4d93..9c5ad78 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -42,7 +42,7 @@ int32_t get_sip_code(char *buf) { int32_t code; char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; - if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) + if (sscanf(buf, "%256s %i %256s", tmpbuf, &code, word) != 3) return -1; return code; } From 0b1f3c5037b042f19bc5a74b4d6c72df3c96b2de Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 29 Jun 2021 12:04:36 +0200 Subject: [PATCH 082/223] fix ssh for -M and ip/range --- CHANGES | 3 +++ hydra-ssh.c | 6 ++++-- hydra-sshkey.c | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index e895e03..b481211 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ Changelog for hydra ------------------- +Release 9.3-dev +* fix for ssh to support -M or ip/range + Release 9.2 * fix for http-post-form optional parameters diff --git a/hydra-ssh.c b/hydra-ssh.c index ef4a691..eb021ce 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -34,11 +34,12 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char if (new_session) { if (session) { ssh_disconnect(session); - ssh_finalize(); + //ssh_finalize(); ssh_free(session); + } else { + ssh_init(); } - ssh_init(); session = ssh_new(); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); @@ -173,6 +174,7 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc // 3 skip target because its unreachable #ifdef LIBSSH int32_t rc, method; + ssh_init(); ssh_session session = ssh_new(); if (verbose || debug) diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 113d6de..092d655 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -33,8 +33,9 @@ int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, c if (new_session) { if (session) { ssh_disconnect(session); - ssh_finalize(); ssh_free(session); + } else { + ssh_init(); } session = ssh_new(); From b375bbc33264f3cedd0b75096a663c36c88b3770 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 29 Jun 2021 12:15:03 +0200 Subject: [PATCH 083/223] skip host when password is found on password-only checks --- CHANGES | 2 ++ hydra.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index b481211..1afb314 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,8 @@ Changelog for hydra Release 9.3-dev * fix for ssh to support -M or ip/range +* for vnc/cisco/... protocols that only check for a password, skip host + after the password is found Release 9.2 diff --git a/hydra.c b/hydra.c index 0c889f8..6c5b82f 100644 --- a/hydra.c +++ b/hydra.c @@ -3310,6 +3310,9 @@ int main(int argc, char *argv[]) { hydra_options.port = port; } + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + hydra_options.exit_found = 1; + if (hydra_options.ssl == 0 && hydra_options.port == 443) fprintf(stderr, "[WARNING] you specified port 443 for attacking a http " "service, however did not specify the -S ssl switch nor " From cf2015365553a933e8d6d19e4aacae3697559fcf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 1 Aug 2021 11:06:15 +0200 Subject: [PATCH 084/223] smtp-enum: skip host on unsupported command --- hydra-mod.c | 6 ++++-- hydra-smtp-enum.c | 10 ++++++++-- hydra.c | 15 +++++++++++++++ 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index befa365..4d34b2a 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -637,9 +637,11 @@ void hydra_child_exit(int32_t code) { __fck = write(intern_socket, "C", 1); else if (code == 2) /* application protocol error or service shutdown */ __fck = write(intern_socket, "E", 1); - // code 3 means exit without telling mommy about it - a bad idea. mommy should + else if (code == 3) /* application protocol error or service shutdown */ + __fck = write(intern_socket, "D", 1); + // code 4 means exit without telling mommy about it - a bad idea. mommy should // know - else if (code == -1 || code > 3) { + else if (code == -1 || code > 4) { fprintf(stderr, "[TOTAL FUCKUP] a module should not use " "hydra_child_exit(-1) ! Fix it in the source please ...\n"); __fck = write(intern_socket, "E", 1); diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index ddc0355..d887307 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -128,13 +128,13 @@ int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options //#endif // hydra_report(stderr, "Server %s", err); // } - if (strncmp(buf, "500 ", 4) == 0) { + if (strncmp(buf, "500 ", 4) == 0 || strncmp(buf, "502 ", 4) == 0) { hydra_report(stderr, "[ERROR] command is disabled on the server (choose " "different method): %s", buf); free(buf); - return 3; + return 4; } memset(buffer, 0, sizeof(buffer)); // 503 5.5.1 Error: nested MAIL command @@ -245,6 +245,12 @@ void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscpt } hydra_child_exit(0); return; + case 4: /* unsupported exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(3); + return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); diff --git a/hydra.c b/hydra.c index 6c5b82f..24dde22 100644 --- a/hydra.c +++ b/hydra.c @@ -4156,6 +4156,21 @@ int main(int argc, char *argv[]) { fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack break; + case 'D': // disable target, unknown protocol or feature + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == TARGET_ACTIVE) { + hydra_targets[j]->done = TARGET_FINISHED; + hydra_brains.finished++; + } + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && hydra_heads[j]->target_no == target_no) { + if (hydra_brains.targets > hydra_brains.finished) + hydra_kill_head(j, 1, 0); // kill all heads working on the target + else + hydra_kill_head(j, 1, 2); // kill all heads working on the target + } + break; + // we do not make a difference between 'C' and 'E' results - yet case 'E': // head reports protocol error case 'C': // head reports connect error From edc910628f9e883cf3bc4755f984f9a8b9b18318 Mon Sep 17 00:00:00 2001 From: horner Date: Thu, 5 Aug 2021 13:52:18 -0400 Subject: [PATCH 085/223] telnet detects password retries with same user --- hydra-telnet.c | 45 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/hydra-telnet.c b/hydra-telnet.c index 39908f9..63fcb23 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -75,16 +75,53 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c } /*win7 answering with do terminal type = 0xfd 0x18 */ - while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "password:") == NULL || strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) + || (miscptr == NULL + && strstr(buf, "invalid") == NULL + && strstr(buf, "incorrect") == NULL + && strstr(buf, "bad ") == NULL + && (strchr(buf, '/') != NULL + || strchr(buf, '>') != NULL + || strchr(buf, '$') != NULL + || strchr(buf, '#') != NULL + || strchr(buf, '%') != NULL + || ((buf[1] == '\xfd') + && (buf[2] == '\x18'))) + )) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } - free(buf); + } else if (buf && strstr(buf, "assword:") ) { + hydra_completed_pair(); + //printf("password prompt\n"); + free(buf); + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer, "%s\r", pass); + if (no_line_mode) { + for (i = 0; i < strlen(buffer); i++) { + if (strcmp(&buffer[i], "\r") == 0) { + send(s, "\r\0", 2, 0); + } else { + send(s, &buffer[i], 1, 0); + } + usleepn(20); + } + } else { + if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { + return 1; + } + } + } else if (buf && strstr(buf, "login:") ) { + free(buf); + hydra_completed_pair(); + return 2; + } else + free(buf); } hydra_completed_pair(); From 93cee75419eb67b6ae34bf75bc2a57c50e0ea03e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 17 Aug 2021 18:21:35 +0200 Subject: [PATCH 086/223] added make uninstall --- CHANGES | 1 + Makefile | 3 +++ Makefile.am | 6 ++++++ Makefile.orig | 3 +++ 4 files changed, 13 insertions(+) diff --git a/CHANGES b/CHANGES index 1afb314..50d56fd 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,7 @@ Release 9.3-dev * fix for ssh to support -M or ip/range * for vnc/cisco/... protocols that only check for a password, skip host after the password is found +* added "make uninstall" Release 9.2 diff --git a/Makefile b/Makefile index 372e67e..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -3,3 +3,6 @@ all: clean: cp -f Makefile.orig Makefile + +uninstall: + @echo Error: you must run "./configure" first diff --git a/Makefile.am b/Makefile.am index 1cd9156..a85c99d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -89,3 +89,9 @@ clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile +uninstall: + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/Makefile.orig b/Makefile.orig index 372e67e..0fc0d2e 100644 --- a/Makefile.orig +++ b/Makefile.orig @@ -3,3 +3,6 @@ all: clean: cp -f Makefile.orig Makefile + +uninstall: + @echo Error: you must run "./configure" first From 84c7b116db1b054cb3effa840c87fb098d1ae03a Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Fri, 20 Aug 2021 23:09:51 +0000 Subject: [PATCH 087/223] New CobaltStrike module --- Makefile | 108 +++++++++++++++++++++++++++++++++++-- hydra-cobaltstrike.c | 126 +++++++++++++++++++++++++++++++++++++++++++ hydra.c | 8 ++- hydra.h | 2 + 4 files changed, 240 insertions(+), 4 deletions(-) create mode 100644 hydra-cobaltstrike.c diff --git a/Makefile b/Makefile index 0fc0d2e..fe872d7 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,110 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DHAVE_GCRYPT -DLIBMCACHED -DHAVE_MATH_H +XLIBS= -lgcrypt -lz -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/usr/lib/x86_64-linux-gnu -L/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 +PREFIX=/usr/local +XHYDRA_SUPPORT=xhydra +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro + +# +# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC +# +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -g +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition +# -Wall -g -pedantic +LIBS=-lm +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - @echo Error: you must run "./configure" first + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/hydra-cobaltstrike.c b/hydra-cobaltstrike.c new file mode 100644 index 0000000..64092cf --- /dev/null +++ b/hydra-cobaltstrike.c @@ -0,0 +1,126 @@ +#include "hydra-mod.h" + +#define MSLEN 256 + +extern char *HYDRA_EXIT; +char *buf; + +int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *pass, buffer[4 + 1 + 256]; + char ms_pass[MSLEN + 1]; + unsigned char len_pass; + unsigned char reply_byte_0; + unsigned char reply_byte_1; + unsigned char reply_byte_2; + unsigned char reply_byte_3; + int32_t ret = -1; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + if (strlen(pass) > MSLEN) + pass[MSLEN - 1] = 0; + len_pass = strlen(pass); + memset(ms_pass, 0, MSLEN + 1); + strcpy(ms_pass, pass); + + memset(buffer, 0x41, sizeof(buffer)); + buffer[0] = 0x00; + buffer[1] = 0x00; + buffer[2] = 0xBE; + buffer[3] = 0xEF; + memcpy(buffer + 4, &len_pass, 1); + memcpy(buffer + 5, ms_pass, len_pass); + + if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) + return 1; + + reply_byte_0 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_0, 1); + if (ret <= 0) + return 3; + + reply_byte_1 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_1, 1); + if (ret <= 0) + return 3; + + reply_byte_2 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_2, 1); + if (ret <= 0) + return 3; + + reply_byte_3 = 0x00; + ret = hydra_recv_nb(s, &reply_byte_3, 1); + if (ret <= 0) + return 3; + + if (reply_byte_0 == 0x00 && reply_byte_1 == 0x00 && reply_byte_2 == 0xCA && reply_byte_3 == 0xFE) { + hydra_report_found_host(port, ip, "cobaltstrike", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = start_cobaltstrike(sock, ip, port, options, miscptr, fp); + hydra_disconnect(sock); + break; + case 2: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra.c b/hydra.c index 24dde22..9047336 100644 --- a/hydra.c +++ b/hydra.c @@ -78,6 +78,7 @@ extern void service_http_post_form(char *ip, int32_t sp, unsigned char options, extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); @@ -178,6 +179,7 @@ extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, ch extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cobaltstrike_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); @@ -208,7 +210,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " "pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap " "rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh " - "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; + "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp cobaltstrike"; #define MAXBUF 520 #define MAXLINESIZE ((MAXBUF / 2) - 4) @@ -402,6 +404,7 @@ static const struct { {"memcached", service_mcached_init, service_mcached, NULL}, #endif SERVICE(mssql), + SERVICE(cobaltstrike), #ifdef LIBMONGODB SERVICE3("mongodb", mongodb), #endif @@ -1344,6 +1347,7 @@ int32_t hydra_lookup_port(char *service) { {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, {"mongodb", PORT_MONGODB, PORT_MONGODB}, {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"cobaltstrike", PORT_COBALTSTRIKE, PORT_COBALTSTRIKE_SSL}, {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, @@ -2800,6 +2804,8 @@ int main(int argc, char *argv[]) { } if (strcmp(hydra_options.service, "mssql") == 0) i = 1; + if (strcmp(hydra_options.service, "cobaltstrike") == 0) + i = 2; if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { i = 2; hydra_options.service = malloc(strlen("oracle-listener") + 1); diff --git a/hydra.h b/hydra.h index 6698eaf..353b318 100644 --- a/hydra.h +++ b/hydra.h @@ -101,6 +101,8 @@ #define PORT_MYSQL_SSL 3306 #define PORT_MSSQL 1433 #define PORT_MSSQL_SSL 1433 +#define PORT_COBALTSTRIKE 50050 +#define PORT_COBALTSTRIKE_SSL 50050 #define PORT_POSTGRES 5432 #define PORT_POSTGRES_SSL 5432 #define PORT_ORACLE 1521 From 63badb59afbf6d0f6937bc34f524b7e1d6ad1ba5 Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Fri, 20 Aug 2021 23:18:46 +0000 Subject: [PATCH 088/223] Makefile fix --- Makefile | 108 ++-------------------------------------------------- Makefile.am | 4 +- 2 files changed, 5 insertions(+), 107 deletions(-) diff --git a/Makefile b/Makefile index fe872d7..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -1,110 +1,8 @@ -STRIP=strip -XDEFINES= -DHAVE_MYSQL_MYSQL_H -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBMYSQLCLIENT -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DHAVE_GCRYPT -DLIBMCACHED -DHAVE_MATH_H -XLIBS= -lgcrypt -lz -lssl -lfbclient -lidn -lpcre -lmysqlclient -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/usr/lib/x86_64-linux-gnu -L/lib/x86_64-linux-gnu -L/usr/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include/mysql -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached-1.0 -PREFIX=/usr/local -XHYDRA_SUPPORT=xhydra -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro - -# -# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC -# -WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations -WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition -# -Wall -g -pedantic -LIBS=-lm -DESTDIR ?= -BINDIR = /bin -MANDIR = /man/man1/ -DATADIR = /etc -PIXDIR = /share/pixmaps -APPDIR = /share/applications - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) - -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ - -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) - -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv - -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 - -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png - -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop + @echo Error: you must run "./configure" first diff --git a/Makefile.am b/Makefile.am index a85c99d..3768fe3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ APPDIR = /share/applications SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ @@ -31,7 +31,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ From cb8fccda71b3b91d04cfa6a26a96e87bae529e39 Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Sat, 21 Aug 2021 17:07:40 +0000 Subject: [PATCH 089/223] Rename MS to CS --- hydra-cobaltstrike.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hydra-cobaltstrike.c b/hydra-cobaltstrike.c index 64092cf..5997bf7 100644 --- a/hydra-cobaltstrike.c +++ b/hydra-cobaltstrike.c @@ -1,6 +1,6 @@ #include "hydra-mod.h" -#define MSLEN 256 +#define CSLEN 256 extern char *HYDRA_EXIT; char *buf; @@ -8,7 +8,7 @@ char *buf; int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[4 + 1 + 256]; - char ms_pass[MSLEN + 1]; + char cs_pass[CSLEN + 1]; unsigned char len_pass; unsigned char reply_byte_0; unsigned char reply_byte_1; @@ -18,11 +18,11 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - if (strlen(pass) > MSLEN) - pass[MSLEN - 1] = 0; + if (strlen(pass) > CSLEN) + pass[CSLEN - 1] = 0; len_pass = strlen(pass); - memset(ms_pass, 0, MSLEN + 1); - strcpy(ms_pass, pass); + memset(cs_pass, 0, CSLEN + 1); + strcpy(cs_pass, pass); memset(buffer, 0x41, sizeof(buffer)); buffer[0] = 0x00; @@ -30,7 +30,7 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti buffer[2] = 0xBE; buffer[3] = 0xEF; memcpy(buffer + 4, &len_pass, 1); - memcpy(buffer + 5, ms_pass, len_pass); + memcpy(buffer + 5, cs_pass, len_pass); if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) return 1; @@ -74,7 +74,7 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti void service_cobaltstrike(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + int32_t mysslport = PORT_COBALTSTRIKE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) From c9da8671419a9da9eaa0363999663d1bfbd973b8 Mon Sep 17 00:00:00 2001 From: ultimaiiii <89281437+ultimaiiii@users.noreply.github.com> Date: Sat, 21 Aug 2021 17:12:40 +0000 Subject: [PATCH 090/223] Move CS service to keep service list sorted --- hydra.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index 9047336..5db647b 100644 --- a/hydra.c +++ b/hydra.c @@ -204,13 +204,13 @@ extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, ch extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE -char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " +char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs firebird ftp[s] " "http[s]-{head|get|post} http[s]-{get|post}-form http-proxy " "http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] " "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " "pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap " "rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh " - "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp cobaltstrike"; + "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; #define MAXBUF 520 #define MAXLINESIZE ((MAXBUF / 2) - 4) From 67ef4c733ff047a1d1b1bc622bb587db9db4c983 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 23 Aug 2021 11:31:58 +0200 Subject: [PATCH 091/223] code format --- CHANGES | 1 + Makefile.am | 4 ++-- hydra-cobaltstrike.c | 8 ++++---- hydra-mod.h | 2 +- hydra-sip.c | 12 ++++-------- hydra-ssh.c | 2 +- hydra-telnet.c | 20 ++++---------------- hydra.c | 7 +++++-- 8 files changed, 22 insertions(+), 34 deletions(-) diff --git a/CHANGES b/CHANGES index 50d56fd..398cd19 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Changelog for hydra ------------------- Release 9.3-dev +* New module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * for vnc/cisco/... protocols that only check for a password, skip host after the password is found diff --git a/Makefile.am b/Makefile.am index 3768fe3..10cad3a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ APPDIR = /share/applications SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-cobaltstrike.c hydra-xmpp.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ @@ -25,7 +25,7 @@ SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c \ + hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ hydra-smb2.c OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ diff --git a/hydra-cobaltstrike.c b/hydra-cobaltstrike.c index 5997bf7..6c40e64 100644 --- a/hydra-cobaltstrike.c +++ b/hydra-cobaltstrike.c @@ -35,22 +35,22 @@ int32_t start_cobaltstrike(int32_t s, char *ip, int32_t port, unsigned char opti if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) return 1; - reply_byte_0 = 0x00; + reply_byte_0 = 0x00; ret = hydra_recv_nb(s, &reply_byte_0, 1); if (ret <= 0) return 3; - reply_byte_1 = 0x00; + reply_byte_1 = 0x00; ret = hydra_recv_nb(s, &reply_byte_1, 1); if (ret <= 0) return 3; - reply_byte_2 = 0x00; + reply_byte_2 = 0x00; ret = hydra_recv_nb(s, &reply_byte_2, 1); if (ret <= 0) return 3; - reply_byte_3 = 0x00; + reply_byte_3 = 0x00; ret = hydra_recv_nb(s, &reply_byte_3, 1); if (ret <= 0) return 3; diff --git a/hydra-mod.h b/hydra-mod.h index 636efb5..f0c22c4 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -71,7 +71,7 @@ char *cmdlinetarget; typedef int32_t BOOL; #else /* __APPLE__ */ /* ensure compatibility with objc libraries */ -#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH +#if (TARGET_OS_IPHONE && __LP64__) || TARGET_OS_WATCH typedef bool BOOL; #else typedef signed char BOOL; diff --git a/hydra-sip.c b/hydra-sip.c index 9c5ad78..c9d71d2 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -71,14 +71,12 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u } int32_t has_sip_cred = 0; - int32_t try - = 0; + int32_t try = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ while (try < 2 && !has_sip_cred) { - try - ++; + try++; if (hydra_data_ready_timed(s, 3, 0) > 0) { i = hydra_recv(s, (char *)buf, sizeof(buf) - 1); if (i > 0) @@ -160,14 +158,12 @@ int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, u if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } - try - = 0; + try = 0; int32_t has_resp = 0; int32_t sip_code = 0; while (try < 2 && !has_resp) { - try - ++; + try++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0) diff --git a/hydra-ssh.c b/hydra-ssh.c index eb021ce..785ae1e 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -34,7 +34,7 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char if (new_session) { if (session) { ssh_disconnect(session); - //ssh_finalize(); + // ssh_finalize(); ssh_free(session); } else { ssh_init(); diff --git a/hydra-telnet.c b/hydra-telnet.c index 63fcb23..183621a 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -76,28 +76,16 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "password:") == NULL || strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) - || (miscptr == NULL - && strstr(buf, "invalid") == NULL - && strstr(buf, "incorrect") == NULL - && strstr(buf, "bad ") == NULL - && (strchr(buf, '/') != NULL - || strchr(buf, '>') != NULL - || strchr(buf, '$') != NULL - || strchr(buf, '#') != NULL - || strchr(buf, '%') != NULL - || ((buf[1] == '\xfd') - && (buf[2] == '\x18'))) - )) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "incorrect") == NULL && strstr(buf, "bad ") == NULL && (strchr(buf, '/') != NULL || strchr(buf, '>') != NULL || strchr(buf, '$') != NULL || strchr(buf, '#') != NULL || strchr(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } else if (buf && strstr(buf, "assword:") ) { + } else if (buf && strstr(buf, "assword:")) { hydra_completed_pair(); - //printf("password prompt\n"); + // printf("password prompt\n"); free(buf); if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -116,7 +104,7 @@ int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, c return 1; } } - } else if (buf && strstr(buf, "login:") ) { + } else if (buf && strstr(buf, "login:")) { free(buf); hydra_completed_pair(); return 2; diff --git a/hydra.c b/hydra.c index 5db647b..54038da 100644 --- a/hydra.c +++ b/hydra.c @@ -1935,8 +1935,11 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, - hydra_targets[target_no]->redo); + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", + hydra_targets[target_no]->redo_state ? "REDO-" + : snp_is_redo ? "RE-" + : "", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, hydra_targets[target_no]->redo); } loop_cnt = 0; return 0; From 5cb14100f87daa6190a6e811e47852180ef2748a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 31 Aug 2021 09:37:06 +0200 Subject: [PATCH 092/223] remove old option from help output --- hydra.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/hydra.c b/hydra.c index 54038da..5ffecbe 100644 --- a/hydra.c +++ b/hydra.c @@ -596,8 +596,6 @@ void help_bfg() { "others,\n" " just add their real representation.\n" " -y disable the use of the above letters as placeholders\n" - " -r use a shuffling method called 'rain' to try to break\n" - " the linearity of the bruteforce\n" "Examples:\n" " -x 3:5:a generate passwords from length 3 to 5 with all " "lowercase letters\n" From b3bd06833480e3ae99102b6ff8e0fce867f4c308 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 6 Oct 2021 15:21:26 +0200 Subject: [PATCH 093/223] fix nits --- hydra-cisco.c | 2 +- hydra-vnc.c | 2 +- hydra.c | 14 +++++++------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/hydra-cisco.c b/hydra-cisco.c index 72709ac..e31c749 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -5,7 +5,7 @@ #endif extern char *HYDRA_EXIT; -char *buf = NULL; +static char *buf = NULL; int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; diff --git a/hydra-vnc.c b/hydra-vnc.c index aeecd59..c836371 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -19,7 +19,7 @@ int32_t vnc_client_version = RFB33; int32_t failed_auth = 0; extern char *HYDRA_EXIT; -char *buf; +static char *buf; /* * Encrypt CHALLENGESIZE bytes in memory using a password. diff --git a/hydra.c b/hydra.c index 5ffecbe..7f37f11 100644 --- a/hydra.c +++ b/hydra.c @@ -2220,6 +2220,10 @@ int main(int argc, char *argv[]) { SERVICES = hydra_string_replace(SERVICES, "radmin2 ", ""); strcat(unsupported, "radmin2 "); #endif +#ifndef LIBFREERDP + SERVICES = hydra_string_replace(SERVICES, "rdp ", ""); + strcat(unsupported, "rdp "); +#endif #ifndef LIBSAPR3 SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); strcat(unsupported, "sapr3 "); @@ -2267,11 +2271,6 @@ int main(int argc, char *argv[]) { strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif -#ifndef LIBFREERDP - // for rdp - SERVICES = hydra_string_replace(SERVICES, " rdp", ""); -#endif - #ifndef HAVE_MATH_H if (strlen(unsupported) > 0) strcat(unsupported, "and "); @@ -3940,9 +3939,10 @@ int main(int argc, char *argv[]) { } freeaddrinfo(res); } - // restore device information if present + // restore device information if present (overwrite null bytes) if (device != NULL) { - *(device - 1) = '%'; + char *tmpptr = device - 1; + *tmpptr = '%'; // you can ignore the compiler warning fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " "link local addresses, e.g. SSH does not\n"); } From 89fbd9a44d552f9f65c79e312d0157834cdd5492 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 14 Oct 2021 10:14:42 +0200 Subject: [PATCH 094/223] debug --- hydra-rdp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index 6a000a4..d8eec87 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -54,6 +54,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, } login_result = rdp_connect(server, port, domain, login, pass); + if (debug) hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result); switch (login_result) { case 0: // login success From 3e364483d2dfd498b4fce4e2f2e5e2a23bcb6b75 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 20 Oct 2021 16:29:52 +0200 Subject: [PATCH 095/223] support xcode --- CHANGES | 3 ++- Makefile.am | 2 +- configure | 9 +++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 398cd19..5f0f8ba 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,8 @@ Changelog for hydra ------------------- Release 9.3-dev -* New module: cobaltstrike by ultimaiiii, thank you! +* support Xcode compilation +* new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * for vnc/cisco/... protocols that only check for a password, skip host after the password is found diff --git a/Makefile.am b/Makefile.am index 10cad3a..74288cf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition +OPTS=-I. -O3 $(CFLAGS) -fcommon # -Wall -g -pedantic LIBS=-lm DESTDIR ?= diff --git a/configure b/configure index 139c9bf..8ad8af2 100755 --- a/configure +++ b/configure @@ -1362,6 +1362,10 @@ echo '#include ' >> $TMPC.c echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c $CC -o $TMPC $TMPC.c > /dev/null 2>&1 test -x $TMPC && STRRCHR="" +rm -f $TMPC +$CC -o $TMPC -Wl,--allow-multiple-definition $TMPC.c > /dev/null 2>&1 +WALLOW="no" +test -x $TMPC && WALLOW="yes" rm -f $TMPC $TMPC.c echo " ... strrchr()$STRRCHR found" if [ -n "$CRYPTO_PATH" ]; then @@ -1392,6 +1396,11 @@ rm -f $TMPC $TMPC.c $TMPC.c.err echo " Compiling... $GCCSEC" echo " Linking... $LDSEC" +echo "Checking for --allow-multiple-definition linker option ... $WALLOW" +if [ "$WALLOW" = "yes" ]; then + GCCSECOPT="$GCCSECOPT -Wl,--allow-multiple-definition" +fi + echo XDEFINES="" XLIBS="" From 13db28f9d26af1027cf42beeb41b61ae3df6ed58 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 27 Oct 2021 17:19:13 +0200 Subject: [PATCH 096/223] rdp empty pw fix --- CHANGES | 1 + hydra-rdp.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 5f0f8ba..f3aadbe 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,7 @@ Release 9.3-dev * support Xcode compilation * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range +* fix for rdp to detect empty passwords * for vnc/cisco/... protocols that only check for a password, skip host after the password is found * added "make uninstall" diff --git a/hydra-rdp.c b/hydra-rdp.c index d8eec87..6e9c8db 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -22,7 +22,10 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->Username = login; instance->settings->Password = password; instance->settings->IgnoreCertificate = TRUE; - instance->settings->AuthenticationOnly = TRUE; + if (password[0] == 0) + instance->settings->AuthenticationOnly = FALSE; + else + instance->settings->AuthenticationOnly = TRUE; instance->settings->ServerHostname = server; instance->settings->ServerPort = port; instance->settings->Domain = domain; From 9b055287c07719861c8053ca3e1218ab2303f529 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 1 Nov 2021 14:13:51 +0100 Subject: [PATCH 097/223] fix -M ipv6 --- CHANGES | 1 + hydra.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index f3aadbe..1f5d497 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,7 @@ Release 9.3-dev * fix for rdp to detect empty passwords * for vnc/cisco/... protocols that only check for a password, skip host after the password is found +* fixe to support IPv6 addresses in -M * added "make uninstall" diff --git a/hydra.c b/hydra.c index 7f37f11..abc6286 100644 --- a/hydra.c +++ b/hydra.c @@ -3586,7 +3586,7 @@ int main(int argc, char *argv[]) { } } else hydra_targets[i]->target = tmpptr; - if ((tmpptr2 = strchr(hydra_targets[i]->target, ':')) != NULL) { + if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; hydra_targets[i]->port = atoi(tmpptr2); From f20ca77309fa57c47d80e4a28cd8f015c6212fad Mon Sep 17 00:00:00 2001 From: Kai Date: Fri, 5 Nov 2021 17:47:21 +0100 Subject: [PATCH 098/223] README: HTTP => HTTPS --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 322da43..2ce34ad 100644 --- a/README +++ b/README @@ -74,7 +74,7 @@ make install ``` If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need +system, get it from https://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! From 52ce0772e85f2f305a0a2307038f5f148090d685 Mon Sep 17 00:00:00 2001 From: Yisus7u7 <64093255+Yisus7u7@users.noreply.github.com> Date: Mon, 22 Nov 2021 13:55:36 -0500 Subject: [PATCH 099/223] hydra-gtk: update to gtk3 gtk3 is more modern and successor to the old gtk2 --- hydra-gtk/configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-gtk/configure.in b/hydra-gtk/configure.in index e4fb923..5bf4e78 100755 --- a/hydra-gtk/configure.in +++ b/hydra-gtk/configure.in @@ -10,7 +10,7 @@ AC_PROG_CC AM_PROG_CC_STDC AC_HEADER_STDC -pkg_modules="gtk+-2.0 >= 2.0.0" +pkg_modules="gtk+-3.0 >= 3.24.24" PKG_CHECK_MODULES(PACKAGE, [$pkg_modules]) AC_SUBST(PACKAGE_CFLAGS) AC_SUBST(PACKAGE_LIBS) From 4a1bb5117f9bd1f1310f995f6a2c870e971f6878 Mon Sep 17 00:00:00 2001 From: Toranova Date: Fri, 31 Dec 2021 11:43:19 +0800 Subject: [PATCH 100/223] fix mongodb module not using user specified port --- hydra-mongodb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-mongodb.c b/hydra-mongodb.c index 5b38a42..201c3ff 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -72,7 +72,7 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, mongoc_log_set_handler(NULL, NULL); bson_init(&q); - snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr); + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr); client = mongoc_client_new(uri); if (!client) return 3; From c637d1d7a04d9f6068b332bf5e9c9ffbc9b967e4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 1 Jan 2022 00:50:58 +0100 Subject: [PATCH 101/223] welcome 2022 --- Makefile.am | 2 +- README | 2 +- hydra.1 | 2 +- hydra.c | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 74288cf..adfbf64 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC # WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align diff --git a/README b/README index 2ce34ad..2b59866 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2021 by van Hauser / THC + (c) 2001-2022 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal diff --git a/hydra.1 b/hydra.1 index 039d55f..81b2feb 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2021" +.TH "HYDRA" "1" "01/01/2022" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index abc6286..9450847 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2021 by van Hauser / THC + * hydra (c) 2001-2022 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -2181,7 +2181,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP From c61fe26d167f6c0d8fd1c20380a5eb0ec53c7ef5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 11 Jan 2022 10:19:04 +0100 Subject: [PATCH 102/223] fix http with proxy + port usage --- hydra-http.c | 24 ++++++++++++------------ hydra-rdp.c | 1 + 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/hydra-http.c b/hydra-http.c index a0769b9..c76b937 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -52,17 +52,17 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha /* again: no snprintf to be portable. don't worry, buffer can't overflow */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "%s http://%s%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buffer2, header); + type, webtarget, miscptr, webtarget, buffer2, header); else sprintf(buffer, "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: " @@ -110,16 +110,16 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha // send the first.. if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); + type, webtarget, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " @@ -174,16 +174,16 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha // create the auth response if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " "(Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + type, webtarget, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s http://%s%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); + type, webtarget, miscptr, webtarget, buf1, header); else sprintf(buffer, "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " diff --git a/hydra-rdp.c b/hydra-rdp.c index 6e9c8db..20f665c 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -29,6 +29,7 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerHostname = server; instance->settings->ServerPort = port; instance->settings->Domain = domain; + instance->settings->MaxTimeInCheckLoop = 100; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); return err; From e11e00740020fb0728d6314b8ad036af0b92f8ec Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 11 Jan 2022 13:50:47 +0100 Subject: [PATCH 103/223] make strip optional --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index adfbf64..8cd56d1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -67,7 +67,7 @@ pw-inspector: pw-inspector.c $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) strip: all - strip $(BINS) + -strip $(BINS) -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null install: strip From 02ae72c7e72505144f640db51bb0c4911008ca68 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 12 Jan 2022 10:14:57 +0100 Subject: [PATCH 104/223] dont exit after find with -C --- CHANGES | 4 +++- hydra.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 1f5d497..208b12f 100644 --- a/CHANGES +++ b/CHANGES @@ -6,9 +6,11 @@ Release 9.3-dev * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * fix for rdp to detect empty passwords +* fix for http on non-default ports when using with a proxy * for vnc/cisco/... protocols that only check for a password, skip host after the password is found -* fixe to support IPv6 addresses in -M +* fix to support IPv6 addresses in -M +* fix to test all entries in -C files, not exiting after the first found * added "make uninstall" diff --git a/hydra.c b/hydra.c index 9450847..c154424 100644 --- a/hydra.c +++ b/hydra.c @@ -3316,7 +3316,8 @@ int main(int argc, char *argv[]) { hydra_options.port = port; } - if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && + hydra_options.colonfile == NULL) hydra_options.exit_found = 1; if (hydra_options.ssl == 0 && hydra_options.port == 443) From 5a451ba54192cb029600a83afaf0fc3a1730dd50 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 12 Jan 2022 10:27:58 +0100 Subject: [PATCH 105/223] http-form: no empty headers --- CHANGES | 1 + hydra-http-form.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 208b12f..48374f9 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ Release 9.3-dev * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range * fix for rdp to detect empty passwords +* fix for http-form to no send empty headers * fix for http on non-default ports when using with a proxy * for vnc/cisco/... protocols that only check for a password, skip host after the password is found diff --git a/hydra-http-form.c b/hydra-http-form.c index f675beb..224bf8d 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -258,6 +258,9 @@ int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char ty ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; + if (!header || !value || !strlen(header) || !strlen(value)) + return; + // get to the last header for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) ; From 1edef892f63f4c2ea3e4c42a68f7b407133ca0ba Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 19 Jan 2022 13:00:57 +0100 Subject: [PATCH 106/223] fix disappearing targets --- CHANGES | 1 + hydra.c | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 48374f9..39940ae 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,7 @@ Release 9.3-dev after the password is found * fix to support IPv6 addresses in -M * fix to test all entries in -C files, not exiting after the first found +* attempt to make disappearing targets faster to terminate on * added "make uninstall" diff --git a/hydra.c b/hydra.c index c154424..f7d31c3 100644 --- a/hydra.c +++ b/hydra.c @@ -1487,7 +1487,7 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { hydra_heads[head_no]->current_pass_ptr = empty_login; } if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use <= hydra_targets[target_no]->failed) { if (hydra_targets[target_no]->ok == 1) hydra_targets[target_no]->done = TARGET_ERROR; // mark target as done by errors else @@ -1497,12 +1497,15 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { "[ERROR] Too many connect errors to target, disabling " "%s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && strchr(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + } else { + hydra_targets[target_no]->failed++; } - if (hydra_brains.targets > hydra_brains.finished) + if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense + } + // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { @@ -1517,12 +1520,14 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } +/* hydra_targets[target_no]->fail_count--; if (k < 5 && hydra_targets[target_no]->ok) hydra_targets[target_no]->fail_count--; if (k == 2 && hydra_targets[target_no]->ok) hydra_targets[target_no]->fail_count--; - if (hydra_brains.targets > hydra_brains.finished) +*/ + if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else { hydra_kill_head(head_no, 1, 2); From 6d5fa802a246be1afcd5a34f43cb5f9b42211705 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 23 Jan 2022 16:33:22 +0100 Subject: [PATCH 107/223] citation --- CITATION.cff | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 CITATION.cff diff --git a/CITATION.cff b/CITATION.cff new file mode 100644 index 0000000..3ed8ae2 --- /dev/null +++ b/CITATION.cff @@ -0,0 +1,20 @@ +cff-version: 1.2.0 +message: "If you use this software, please cite it as below." +authors: + - given-names: Heuse + family-names: Marc + name-particle: van Hauser + email: vh@thc.org + affiliation: The Hacker's Choice +title: "hydra" +version: 9.2 +type: software +date-released: 2021-03-15 +url: "https://github.com/vanhauser-thc/thc-hydra" +keywords: + - scanning + - passwords + - hacking + - pentesting + - securiy +license: AGPL-3.0-or-later From e9140e5434f29bb08a710ba1ff02ac94b982844c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 23 Jan 2022 19:33:28 +0100 Subject: [PATCH 108/223] fix --- CITATION.cff | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CITATION.cff b/CITATION.cff index 3ed8ae2..3b450d3 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -1,9 +1,9 @@ cff-version: 1.2.0 message: "If you use this software, please cite it as below." authors: - - given-names: Heuse - family-names: Marc - name-particle: van Hauser + - given-names: Marc + family-names: Heuse + name-particle: "van Hauser" email: vh@thc.org affiliation: The Hacker's Choice title: "hydra" From e40b0dc252b36a1cdd240b169672fcfb6a2686b8 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Mon, 31 Jan 2022 14:41:32 -0700 Subject: [PATCH 109/223] configure: openssl / memcached build fix On Debian/Ubuntu, compilation against openssl 3.0 causes a failure to find INT_MAX, despite the openssl headers including limits.h. However, the fact that the libmemcached-dev package provides both /usr/include/libmemcached{,-1.0} directories, both of which contain memcached.h, mean that MCACHED_IPATH ends up set to the libmemcached-1.0 one, which contains a limits.h, which shadows /usr/include/limits.h. Don't do that. --- configure | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configure b/configure index 8ad8af2..1cde2f1 100755 --- a/configure +++ b/configure @@ -998,11 +998,9 @@ echo "Checking for Memcached (libmemcached/memcached.h) ..." if [ "X" = "X$MCACHED_IPATH" ]; then if [ -f "$i/memcached.h" ]; then MCACHED_IPATH="$i" - fi - if [ -f "$i/libmemcached/memcached.h" ]; then + elif [ -f "$i/libmemcached/memcached.h" ]; then MCACHED_IPATH="$i/libmemcached" - fi - if [ -f "$i/libmemcached-1.0/memcached.h" ]; then + elif [ -f "$i/libmemcached-1.0/memcached.h" ]; then MCACHED_IPATH="$i/libmemcached-1.0" fi fi From 9cf065f06e6eccf9429c0224c3fe3ce34a87aae4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Feb 2022 10:32:20 +0100 Subject: [PATCH 110/223] error exit, restore write fix --- hydra.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra.c b/hydra.c index f7d31c3..c31cc60 100644 --- a/hydra.c +++ b/hydra.c @@ -4390,6 +4390,7 @@ int main(int argc, char *argv[]) { strncat(json_error, tmp_str, STRMAX); strncat(json_error, "\"", STRMAX); error = 1; + hydra_restore_write(1); } // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); From 58b8ede906f1923e872f4fecd4723078bf0ef38a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Feb 2022 10:34:26 +0100 Subject: [PATCH 111/223] 9.3 release --- CHANGES | 4 ++-- hydra.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 39940ae..32b0db1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ Changelog for hydra ------------------- -Release 9.3-dev +Release 9.3 * support Xcode compilation * new module: cobaltstrike by ultimaiiii, thank you! * fix for ssh to support -M or ip/range @@ -12,7 +12,7 @@ Release 9.3-dev after the password is found * fix to support IPv6 addresses in -M * fix to test all entries in -C files, not exiting after the first found -* attempt to make disappearing targets faster to terminate on +* make disappearing targets faster to terminate on * added "make uninstall" diff --git a/hydra.c b/hydra.c index c31cc60..b0e5cab 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.3-dev" +#define VERSION "v9.3" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 9ac9f7010ec430c3c853d2a42915d07bea7b2104 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Feb 2022 10:36:43 +0100 Subject: [PATCH 112/223] v9.4-dev init --- CHANGES | 4 ++++ hydra.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 32b0db1..796f664 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ Changelog for hydra ------------------- +Release 9.4-dev + * your patch? + + Release 9.3 * support Xcode compilation * new module: cobaltstrike by ultimaiiii, thank you! diff --git a/hydra.c b/hydra.c index b0e5cab..ed528f4 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.3" +#define VERSION "v9.4-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From e5996654ed48b385bc7f842d84d8b2ba72d29be1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 6 Feb 2022 11:59:08 +0100 Subject: [PATCH 113/223] fix return --- hydra-http-form.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 224bf8d..2fc6d60 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -259,7 +259,7 @@ int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char ty ptr_header_node existing_hdr, new_ptr; if (!header || !value || !strlen(header) || !strlen(value)) - return; + return 0; // get to the last header for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) From 280988bfe6bfb8fb3de5a4c3b3794654da960c46 Mon Sep 17 00:00:00 2001 From: Yisus7u7 Date: Fri, 11 Feb 2022 11:23:24 -0500 Subject: [PATCH 114/223] hydra-gtk: add support for termux path --- hydra-gtk/src/main.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c index 72d6dd7..b713e6f 100644 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -17,6 +17,8 @@ char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; +char *hydra_path4 = "/data/data/com.termux/files/usr/bin/hydra"; +char *hydra_path5 = "/data/data/com.termux/files/usr/local/bin/hydra"; GtkWidget *wndMain; char *HYDRA_BIN; @@ -53,6 +55,10 @@ int main(int argc, char *argv[]) { HYDRA_BIN = hydra_path2; } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) { HYDRA_BIN = hydra_path3; + } else if (g_file_test(hydra_path4, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path4; + } else if (g_file_test(hydra_path5, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path5; } else { g_error("Please tell me where hydra is, use --hydra-path\n"); return -1; From 330e910a02dbd9aa165c077796ae1cff10f0ff99 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 21 Feb 2022 14:18:29 +0100 Subject: [PATCH 115/223] try redo fix --- hydra.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index ed528f4..6afdf48 100644 --- a/hydra.c +++ b/hydra.c @@ -1597,7 +1597,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { snp_is_redo = 0; snpdont = 0; loop_cnt++; - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; @@ -1629,7 +1629,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return -1; } - if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + if (hydra_heads[head_no]->redo == 1 && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { hydra_heads[head_no]->redo = 0; snp_is_redo = 1; snpdone = 1; @@ -1638,7 +1638,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " "%" hPRIu64 " of %" hPRIu64 "\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); - hydra_heads[head_no]->redo = 0; + //hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; From c82e5d51c5595374e6b7801bfc84c26a497d8989 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Mar 2022 14:56:05 +0100 Subject: [PATCH 116/223] switch to pcre2 --- CHANGES | 2 +- configure | 18 +++++++++--------- hydra-mod.c | 21 +++++++++++++-------- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/CHANGES b/CHANGES index 796f664..869fb68 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ Changelog for hydra ------------------- Release 9.4-dev - * your patch? +* Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian Release 9.3 diff --git a/configure b/configure index 1cde2f1..d9c8b02 100755 --- a/configure +++ b/configure @@ -380,21 +380,21 @@ if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then CURSES_IPATH="" fi -echo "Checking for pcre (libpcre/pcre.h) ..." +echo "Checking for pcre2 (libpcre/pcre.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$PCRE_PATH" ]; then - if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then + if [ -f "$i/libpcre2-8.so" -o -f "$i/libpcre2-8.dylib" -o -f "$i/libpcre2-8.a" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.` + TMP_LIB=`/bin/ls $i/libpcre2*.so* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi fi if [ "X" = "X$PCRE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.` + TMP_LIB=`/bin/ls $i/libpcre2*.dll* 2> /dev/null | grep libpcre.` if [ -n "$TMP_LIB" ]; then PCRE_PATH="$i" fi @@ -402,20 +402,20 @@ for i in $LIBDIRS ; do done for i in $INCDIRS ; do if [ "X" != "X$PCRE_PATH" ]; then - if [ -f "$i/pcre.h" ]; then + if [ -f "$i/pcre2.h" ]; then PCRE_IPATH="$i" fi fi done if [ "X" != "X$DEBUG" ]; then echo DEBUG: PCRE_PATH=$PCRE_PATH/libpcre - echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h + echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre2.h fi if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then - echo " ... NOT found, server response checks will be less reliable" + echo " ... NOT found, server response checks will be less reliable" PCRE_PATH="" PCRE_IPATH="" fi @@ -1649,7 +1649,7 @@ if [ -n "$IDN_PATH" ]; then XLIBS="$XLIBS -lidn" fi if [ -n "$PCRE_PATH" ]; then - XLIBS="$XLIBS -lpcre" + XLIBS="$XLIBS -lpcre2-8" fi if [ -n "$MYSQL_PATH" ]; then XLIBS="$XLIBS -lmysqlclient" diff --git a/hydra-mod.c b/hydra-mod.c index 4d34b2a..a24889b 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -7,7 +7,8 @@ #include #endif #ifdef HAVE_PCRE -#include +#define PCRE2_CODE_UNIT_WIDTH 8 +#include #endif #define MAX_CONNECT_RETRY 1 @@ -1291,19 +1292,23 @@ void hydra_set_srcport(int32_t port) { src_port = port; } #ifdef HAVE_PCRE int32_t hydra_string_match(char *str, const char *regex) { - pcre *re = NULL; - int32_t offset_error = 0; - const char *error = NULL; + pcre2_code *re = NULL; + int32_t error_code = 0; + PCRE2_SIZE error_offset; int32_t rc = 0; - re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); + re = pcre2_compile(regex, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS | PCRE2_DOTALL, &error_code, &error_offset, NULL); if (re == NULL) { - fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error); + fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %d\n", error_offset, error_code); return 0; } - rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0); - if (rc >= 0) { + pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(re, NULL); + rc = pcre2_match(re, str, PCRE2_ZERO_TERMINATED, 0, 0, match_data, NULL); + pcre2_match_data_free(match_data); + pcre2_code_free(re); + + if (rc >= 1) { return 1; } return 0; From 59b96af73454d659621b5344a64944bcb90a7ff1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Mar 2022 11:25:14 +0100 Subject: [PATCH 117/223] rtsp fix --- CHANGES | 1 + Makefile | 108 +++++++++++++++++++++++++++++++++++++++++++++++++-- hydra-rtsp.c | 55 ++++++++++++-------------- 3 files changed, 131 insertions(+), 33 deletions(-) diff --git a/CHANGES b/CHANGES index 869fb68..1e229ab 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,7 @@ Changelog for hydra Release 9.4-dev * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian +* Small fix for weird RTSP servers Release 9.3 diff --git a/Makefile b/Makefile index 0fc0d2e..a8c13f5 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,110 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBFREERDP -DLIBWINPR2 -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre2-8 -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lfreerdp2 -lwinpr2 +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached -I/usr/include/freerdp2 -I/usr/include/winpr2 +PREFIX=/usr/local +XHYDRA_SUPPORT=xhydra +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition + +# +# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC +# +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -g +OPTS=-I. -O3 $(CFLAGS) -fcommon +# -Wall -g -pedantic +LIBS=-lm +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + -strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - @echo Error: you must run "./configure" first + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 1bc6f4d..436a0be 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -104,42 +104,37 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } else { create_core_packet(1, ip, port); - if (use_Basic_Auth(lresp) == 1) { + if (use_Digest_Auth(lresp) == 1) { + char aux[500] = "", dbuf[500] = "", *result = NULL; + char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); + + strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); + aux[sizeof(aux) - 1] = '\0'; + free(lresp); +#ifdef LIBOPENSSL + result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); +#else + hydra_report(stderr, "[ERROR] Digest auth required but compiled " + "without OpenSSL/MD5 support\n"); + return 3; +#endif + if (result == NULL) { + hydra_report(stderr, "[ERROR] digest generation failed\n"); + return 3; + } + sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } else if (use_Basic_Auth(lresp) == 1) { free(lresp); sprintf(buffer2, "%.249s:%.249s", login, pass); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2); - - if (debug) { + if (debug) hydra_report(stderr, "C:%s\n", buffer); - } } else { - if (use_Digest_Auth(lresp) == 1) { - char aux[500] = "", dbuf[500] = "", *result = NULL; - char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); - - strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); - aux[sizeof(aux) - 1] = '\0'; - free(lresp); -#ifdef LIBOPENSSL - result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); -#else - hydra_report(stderr, "[ERROR] Digest auth required but compiled " - "without OpenSSL/MD5 support\n"); - return 3; -#endif - - if (result == NULL) { - hydra_report(stderr, "[ERROR] digest generation failed\n"); - return 3; - } - sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); - - if (debug) { - hydra_report(stderr, "C:%s\n", buffer); - } - } + hydra_report(stderr, "[ERROR] unknown authentication protocol\n"); + return 1; } if (strlen(buffer) == 0) { From 7dfedbb43aac31343f0eaad8d37d081ddcfac9eb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Mar 2022 11:25:22 +0100 Subject: [PATCH 118/223] rtsp fix --- Makefile | 108 ++----------------------------------------------------- 1 file changed, 3 insertions(+), 105 deletions(-) diff --git a/Makefile b/Makefile index a8c13f5..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -1,110 +1,8 @@ -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DHAVE_ZLIB -DLIBMCACHED -DLIBFREERDP -DLIBWINPR2 -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lcurses -lssl -lfbclient -lidn -lpcre2-8 -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lssh -lcrypto -lmemcached -lfreerdp2 -lwinpr2 -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include/postgresql -I/usr/include -I/usr/include/subversion-1 -I/usr/include/apr-1.0 -I/usr/include/subversion-1 -I/usr/include/libmemcached -I/usr/include/freerdp2 -I/usr/include/winpr2 -PREFIX=/usr/local -XHYDRA_SUPPORT=xhydra -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition - -# -# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC -# -WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations -WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -# -Wall -g -pedantic -LIBS=-lm -DESTDIR ?= -BINDIR = /bin -MANDIR = /man/man1/ -DATADIR = /etc -PIXDIR = /share/pixmaps -APPDIR = /share/applications - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - -strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) - -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ - -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) - -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv - -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 - -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png - -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop + @echo Error: you must run "./configure" first From 584be39d138befdbfa7cb8ecc3d9907fed1d1852 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 18 Mar 2022 10:48:52 +0100 Subject: [PATCH 119/223] debug --- hydra-rtsp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 436a0be..2652871 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -104,6 +104,8 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } else { create_core_packet(1, ip, port); + printf("[DEBUG] checking for auth type\n"); + if (use_Digest_Auth(lresp) == 1) { char aux[500] = "", dbuf[500] = "", *result = NULL; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); From 354d9734afd9ca6b28df2c91664c376104c4e763 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 19 Mar 2022 13:47:42 +0100 Subject: [PATCH 120/223] rtsp support 200 ok for auth check --- hydra-rtsp.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 2652871..1d970e3 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -104,8 +104,6 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha } else { create_core_packet(1, ip, port); - printf("[DEBUG] checking for auth type\n"); - if (use_Digest_Auth(lresp) == 1) { char aux[500] = "", dbuf[500] = "", *result = NULL; char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); @@ -156,7 +154,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; } - if ((is_NotFound(lresp))) { + if (is_NotFound(lresp) || is_Authorized(lresp)) { free(lresp); hydra_completed_pair_found(); From 64ca3aead24297952fe330e405c33d12ccaf12ff Mon Sep 17 00:00:00 2001 From: Raphael Isemann Date: Mon, 11 Apr 2022 16:57:49 +0200 Subject: [PATCH 121/223] Fix memory leak in radmin2 `msg` is calloc'd a few lines above via `msg = buffer2message(buffer);`. The check afterwards either exits the process on success or restarts the loop without free'ing `msg`. --- hydra-radmin2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-radmin2.c b/hydra-radmin2.c index 8c417d3..bc6b461 100644 --- a/hydra-radmin2.c +++ b/hydra-radmin2.c @@ -366,6 +366,7 @@ void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); hydra_child_exit(2); } + free(msg); } #endif } From d95a89c384ec73b015967ce1803e6afb57f0e43d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Apr 2022 13:21:45 +0200 Subject: [PATCH 122/223] no .md --- README | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README b/README index 2b59866..99c968b 100644 --- a/README +++ b/README @@ -14,6 +14,8 @@ in these organizations do not care for laws and ethics anyways. You are not one of the "good" ones if you ignore this.) + NOTE: no this is not meant to be a markdown doc! old school! + INTRODUCTION From a1cbbe14327da406237dc05ed8d775dc04ada15f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 26 Apr 2022 12:09:03 +0200 Subject: [PATCH 123/223] more variance for rtsp, code format --- hydra-rdp.c | 3 ++- hydra-rtsp.c | 11 ++++++----- hydra.c | 21 ++++++++++----------- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index 20f665c..b33c87d 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -58,7 +58,8 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, } login_result = rdp_connect(server, port, domain, login, pass); - if (debug) hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result); + if (debug) + hydra_report(stderr, "[DEBUG] rdp reported %08x\n", login_result); switch (login_result) { case 0: // login success diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 1d970e3..3b6e84b 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -9,6 +9,7 @@ #include "hydra-mod.h" #include "sasl.h" #include +#define _GNU_SOURCE #include extern char *HYDRA_EXIT; @@ -16,7 +17,7 @@ char packet[500]; char packet2[500]; int32_t is_Unauthorized(char *s) { - if (strstr(s, "401 Unauthorized") != NULL) { + if (strcasestr(s, "401 Unauthorized") != NULL) { return 1; } else { return 0; @@ -24,7 +25,7 @@ int32_t is_Unauthorized(char *s) { } int32_t is_NotFound(char *s) { - if (strstr(s, "404 Stream Not Found") != NULL) { + if (strcasestr(s, "404 Stream") != NULL || strcasestr(s, "404 Not") != NULL) { return 1; } else { return 0; @@ -32,7 +33,7 @@ int32_t is_NotFound(char *s) { } int32_t is_Authorized(char *s) { - if (strstr(s, "200 OK") != NULL) { + if (strcasestr(s, "200 OK") != NULL) { return 1; } else { return 0; @@ -40,7 +41,7 @@ int32_t is_Authorized(char *s) { } int32_t use_Basic_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Basic") != NULL) { + if (strcasestr(s, "WWW-Authenticate: Basic") != NULL) { return 1; } else { return 0; @@ -48,7 +49,7 @@ int32_t use_Basic_Auth(char *s) { } int32_t use_Digest_Auth(char *s) { - if (strstr(s, "WWW-Authenticate: Digest") != NULL) { + if (strcasestr(s, "WWW-Authenticate: Digest") != NULL) { return 1; } else { return 0; diff --git a/hydra.c b/hydra.c index 6afdf48..a4267d4 100644 --- a/hydra.c +++ b/hydra.c @@ -1520,13 +1520,13 @@ void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } -/* - hydra_targets[target_no]->fail_count--; - if (k < 5 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; - if (k == 2 && hydra_targets[target_no]->ok) - hydra_targets[target_no]->fail_count--; -*/ + /* + hydra_targets[target_no]->fail_count--; + if (k < 5 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (k == 2 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + */ if (hydra_brains.targets <= hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else { @@ -1638,7 +1638,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " "%" hPRIu64 " of %" hPRIu64 "\n", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); - //hydra_heads[head_no]->redo = 0; + // hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; @@ -3321,8 +3321,7 @@ int main(int argc, char *argv[]) { hydra_options.port = port; } - if (hydra_options.login == NULL && hydra_options.loginfile == NULL && - hydra_options.colonfile == NULL) + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) hydra_options.exit_found = 1; if (hydra_options.ssl == 0 && hydra_options.port == 443) @@ -3948,7 +3947,7 @@ int main(int argc, char *argv[]) { // restore device information if present (overwrite null bytes) if (device != NULL) { char *tmpptr = device - 1; - *tmpptr = '%'; // you can ignore the compiler warning + *tmpptr = '%'; // you can ignore the compiler warning fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " "link local addresses, e.g. SSH does not\n"); } From 7591dcc60bfddc9c7de855147d6f15dbeebb4d32 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 5 May 2022 09:33:49 +0200 Subject: [PATCH 124/223] add 2= optional parameter to http-post-form --- CHANGES | 2 ++ hydra-http-form.c | 22 +++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 1e229ab..ab378a9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Changelog for hydra Release 9.4-dev * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian * Small fix for weird RTSP servers +* Added "2=" optional parameter to http-post-form module to tell hydra that + a "302" HTTP return code means success Release 9.3 diff --git a/hydra-http-form.c b/hydra-http-form.c index 2fc6d60..3a32909 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -75,6 +75,7 @@ typedef struct cookie_node { int32_t success_cond = 0; int32_t getcookie = 1; int32_t auth_flag = 0; +int32_t code_302_is_success = 0; char cookie[4096] = "", cmiscptr[1024]; @@ -441,6 +442,9 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":")); miscptr = ptr; break; + case '2': + code_302_is_success = 1; + break; case 'g': // fall through case 'G': ptr = miscptr + 2; @@ -951,12 +955,16 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); + if (redirected_flag && code_302_is_success) { + found = success_cond; + } + if (auth_flag) { // we received a 401 error - user is using wrong module hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP " "error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); - return 4; + return 2; } if (strlen(cookie) > 0) @@ -967,7 +975,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { // we have to split the location char *startloc, *endloc; char str[2048]; @@ -1108,7 +1116,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } // if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { + if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1436,8 +1444,9 @@ void usage_http_form(const char *service) { " login check must be preceded by \"S=\".\n" " This is where most people get it wrong. You have to check the webapp " "what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" + " failed string looks like and put it in this parameter! Add the -d switch to see\nthe sent/received data!\n" + "\nThe following parameters are optional:\n" + " 2= 302 page forward return codes identify a successful attempt\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" @@ -1451,8 +1460,7 @@ void usage_http_form(const char *service) { "exists, by the\n" " one supplied by the user, or add the header at the " "end\n" - "Note that if you are going to put colons (:) in your headers you should " - "escape them with a backslash (\\).\n" + "\nNote that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" " All colons that are not option separators should be escaped (see the " "examples above and below).\n" " You can specify a header without escaping the colons, but that way you " From 63e2836e91175d7c8bc0a775729975541d1d6fe2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 5 May 2022 12:45:47 +0200 Subject: [PATCH 125/223] fix option parsing --- hydra-http-form.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 3a32909..983b525 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -404,7 +404,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { * Beware of the backslashes (\)! */ while (*miscptr != 0) { - if (strlen(miscptr) < 3 || miscptr[1] != '=') { + if (strlen(miscptr) < 2 || miscptr[1] != '=') { hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); return 0; } @@ -444,6 +444,11 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '2': code_302_is_success = 1; + char *tmp = strchr(miscptr, ':'); + if (tmp) + miscptr = tmp + 1; + else + miscptr += strlen(miscptr); break; case 'g': // fall through case 'G': @@ -1281,8 +1286,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr = ptr2 = NULL; sprintf(bufferurl, "%.6096s", miscptr); - url = bufferurl; - ptr = url; + ptr = url = bufferurl; while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; @@ -1295,15 +1299,19 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { if (*ptr != 0) *ptr++ = 0; - cond = ptr; + optional1 = cond = ptr; - if ((ptr2 = strchr(ptr, ':')) != NULL) { + ptr2 = ptr + strlen(ptr); + + while (ptr2 > ptr && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2--; + + if (*ptr2 == ':') { *ptr2++ = 0; - if (*ptr2) - optional1 = ptr2; - else - optional1 = NULL; - } else + cond = ptr2; + } + + if (optional1 == cond) optional1 = NULL; if (strstr(url, "\\:") != NULL) { @@ -1325,9 +1333,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { } } - // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: - // %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : - // optional1); + // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : optional1); if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */) hydra_child_exit(2); @@ -1351,8 +1357,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { success_cond = 0; } - // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s - // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); /* * Parse the user-supplied options. From b9a985fb566277b5cd39e56a559554be411dac73 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 11 May 2022 11:27:39 +0200 Subject: [PATCH 126/223] fix wizard script --- hydra-wizard.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-wizard.sh b/hydra-wizard.sh index 1370661..d4e3c3f 100755 --- a/hydra-wizard.sh +++ b/hydra-wizard.sh @@ -33,10 +33,10 @@ test -e "$pass" && passs="-P $pass" test -e "$pass" || passs="-p $pass" test -n "$port" && ports="-s $port" test -n "$pw" && pws="-e $pw" -test -n "$opt" && opts="-m '$opt'" +test -n "$opt" && { opts="-m $opt" ; dopts="-m '$opt'" ; } echo The following command will be executed now: -echo " hydra $users $passs -u $pws $ports $opts $targets $service" +echo " hydra $users $passs -u $pws $ports $dopts $targets $service" echo read -p "Do you want to run the command now? [Y/n] " yn test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; } From 2dc4656d720a4dcbe819688584088b30a9afac0e Mon Sep 17 00:00:00 2001 From: Paramtamtam <7326800+tarampampam@users.noreply.github.com> Date: Mon, 13 Jun 2022 18:07:55 +0400 Subject: [PATCH 127/223] Docker env implemented --- .github/workflows/release.yml | 45 ++++++++++++++++++++++ .github/workflows/tests.yml | 33 ++++++++++++++++ Dockerfile | 72 +++++++++++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/tests.yml create mode 100644 Dockerfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..b595cea --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,45 @@ +name: release + +on: + release: # Docs: + types: [published] + +jobs: + docker-image: + name: Build the docker image + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - uses: docker/setup-qemu-action@v2 + + - uses: docker/setup-buildx-action@v2 + + # uncomment for publishing on hub.docker.com (don't forget to fillup the repository secrets) + #- uses: docker/login-action@v2 + # with: + # username: ${{ secrets.DOCKER_LOGIN }} + # password: ${{ secrets.DOCKER_PASSWORD }} + + - uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: gacts/github-slug@v1 # Action page: + id: slug + + - uses: docker/build-push-action@v3 # Action page: + with: + context: . + file: Dockerfile + push: true + platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 + build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" + tags: | + ghcr.io/${{ github.actor }}/hydra:${{ steps.slug.outputs.version-semantic }} + # append the following line to the list above for publishing on hub.docker.com + # (and don't forget to change on a real repo/user name) + # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} + diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..84e173a --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,33 @@ +name: tests + +on: + push: + branches: [master, main] + tags-ignore: ['**'] + paths-ignore: [README, TODO, PROBLEMS] + pull_request: + paths-ignore: [README, TODO, PROBLEMS] + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + +jobs: # Docs: + docker-build: + name: Build the docker image + runs-on: ubuntu-20.04 + timeout-minutes: 25 + steps: + - uses: actions/checkout@v3 + + - uses: docker/setup-qemu-action@v2 + + - uses: docker/setup-buildx-action@v2 + + - uses: docker/build-push-action@v3 # Action page: + with: + context: . + file: Dockerfile + platforms: linux/amd64,linux/arm/v7 + push: false + tags: hydra:ci diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4312a10 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,72 @@ +FROM debian:buster-slim + +ARG HYDRA_VERSION="unknown" + +LABEL \ + org.opencontainers.image.url="https://github.com/vanhauser-thc/thc-hydra" \ + org.opencontainers.image.source="https://github.com/vanhauser-thc/thc-hydra" \ + org.opencontainers.image.version="$HYDRA_VERSION" \ + org.opencontainers.image.vendor="vanhauser-thc" \ + org.opencontainers.image.title="hydra" \ + org.opencontainers.image.licenses="GNU AFFERO GENERAL PUBLIC LICENSE" + +COPY . /src + +RUN set -x \ + && apt-get update \ + && apt-get -y install \ + #libmysqlclient-dev \ + default-libmysqlclient-dev \ + libgpg-error-dev \ + #libmemcached-dev \ + #libgcrypt11-dev \ + libgcrypt-dev \ + #libgcrypt20-dev \ + #libgtk2.0-dev \ + libpcre3-dev \ + #firebird-dev \ + libidn11-dev \ + libssh-dev \ + #libsvn-dev \ + libssl-dev \ + #libpq-dev \ + make \ + curl \ + gcc \ + 1>/dev/null \ + # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm + && c_rehash \ + # Get hydra sources and compile + && cd /src \ + && ./configure 1>/dev/null \ + && make 1>/dev/null \ + && make install \ + # Make clean + && apt-get purge -y make gcc libgpg-error-dev libgcrypt-dev \ + && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* \ + # Verify hydra installation + && hydra -h || error_code=$? \ + && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \ + # Unprivileged user creation + && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \ + && echo 'hydra:x:10001:' > /etc/group + +ARG INCLUDE_SECLISTS="true" + +RUN set -x \ + && if [ "${INCLUDE_SECLISTS}" = "true" ]; then \ + mkdir /tmp/seclists \ + && curl -SL "https://api.github.com/repos/danielmiessler/SecLists/tarball" -o /tmp/seclists/src.tar.gz \ + && tar xzf /tmp/seclists/src.tar.gz -C /tmp/seclists \ + && mv /tmp/seclists/*SecLists*/Passwords /opt/passwords \ + && mv /tmp/seclists/*SecLists*/Usernames /opt/usernames \ + && chmod -R u+r /opt/passwords /opt/usernames \ + && rm -Rf /tmp/seclists \ + && ls -la /opt/passwords /opt/usernames \ + ;fi + +# Use an unprivileged user +USER 10001:10001 + +ENTRYPOINT ["hydra"] From f90c4d24c6fa2baeacb11f4bc5838dc7c6e74dfd Mon Sep 17 00:00:00 2001 From: Paramtamtam <7326800+tarampampam@users.noreply.github.com> Date: Mon, 13 Jun 2022 19:40:11 +0500 Subject: [PATCH 128/223] Update release.yml --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b595cea..bfaee9d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,7 +38,7 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" tags: | - ghcr.io/${{ github.actor }}/hydra:${{ steps.slug.outputs.version-semantic }} + ghcr.io/${{ github.repository }}:${{ steps.slug.outputs.version-semantic }} # append the following line to the list above for publishing on hub.docker.com # (and don't forget to change on a real repo/user name) # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} From 26f97b54d56f84c6a2c5da3e226e2f5e5bec2cbf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 13 Jun 2022 17:09:43 +0200 Subject: [PATCH 129/223] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4312a10..4496f50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM debian:buster-slim -ARG HYDRA_VERSION="unknown" +ARG HYDRA_VERSION="github" LABEL \ org.opencontainers.image.url="https://github.com/vanhauser-thc/thc-hydra" \ From 705a6c180dac7198aaf149aa7466a9d5123510eb Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 13 Jun 2022 17:13:37 +0200 Subject: [PATCH 130/223] Update release.yml --- .github/workflows/release.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bfaee9d..5bd629b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,8 +24,8 @@ jobs: - uses: docker/login-action@v2 with: registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} - uses: gacts/github-slug@v1 # Action page: id: slug @@ -37,8 +37,7 @@ jobs: push: true platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" - tags: | - ghcr.io/${{ github.repository }}:${{ steps.slug.outputs.version-semantic }} + tags: vanhauser/hydra:latest # append the following line to the list above for publishing on hub.docker.com # (and don't forget to change on a real repo/user name) # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} From d5e525bcb0cd9f44a78c45c7ffd588637197d8a0 Mon Sep 17 00:00:00 2001 From: Paramtamtam <7326800+tarampampam@users.noreply.github.com> Date: Mon, 13 Jun 2022 20:20:58 +0500 Subject: [PATCH 131/223] cleanup --- .github/workflows/release.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5bd629b..7c9308d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,12 +15,6 @@ jobs: - uses: docker/setup-buildx-action@v2 - # uncomment for publishing on hub.docker.com (don't forget to fillup the repository secrets) - #- uses: docker/login-action@v2 - # with: - # username: ${{ secrets.DOCKER_LOGIN }} - # password: ${{ secrets.DOCKER_PASSWORD }} - - uses: docker/login-action@v2 with: registry: ghcr.io @@ -38,7 +32,4 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" tags: vanhauser/hydra:latest - # append the following line to the list above for publishing on hub.docker.com - # (and don't forget to change on a real repo/user name) - # vanhauser-thc/thc-hydra:${{ steps.slug.outputs.version-semantic }} From 63e3dce877e96432a738f93fbedf8586277a0703 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 13 Jun 2022 17:30:57 +0200 Subject: [PATCH 132/223] Update .github/workflows/release.yml Co-authored-by: Paramtamtam <7326800+tarampampam@users.noreply.github.com> --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7c9308d..6b13896 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,6 @@ jobs: - uses: docker/login-action@v2 with: - registry: ghcr.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} From 77037ecbb6acd64732edb00a2fbcdb8b272cec88 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 19:32:55 +0200 Subject: [PATCH 133/223] docker image --- .github/workflows/tests.yml | 4 ++-- README | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 84e173a..0baa450 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -16,7 +16,7 @@ jobs: # Docs: docker-build: name: Build the docker image runs-on: ubuntu-20.04 - timeout-minutes: 25 + timeout-minutes: 45 steps: - uses: actions/checkout@v3 @@ -29,5 +29,5 @@ jobs: # Docs: context: . file: Dockerfile platforms: linux/amd64,linux/arm/v7 - push: false + push: true tags: hydra:ci diff --git a/README b/README index 99c968b..e8c7b6a 100644 --- a/README +++ b/README @@ -17,6 +17,11 @@ NOTE: no this is not meant to be a markdown doc! old school! +Hydra in the most current github state can be directly downloaded via docker: +``` +docker pull vanhauser/hydra +``` + INTRODUCTION ------------ @@ -63,6 +68,10 @@ repository is at Github: Use the development version at your own risk. It contains new features and new bugs. Things might not work! +Alternatively (and easier) to can pull it as a docker container: +``` +docker pull vanhauser/hydra +``` HOW TO COMPILE From 72f5cfe67cec27d195ad414ddfeebd2158c4ea7a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 19:52:13 +0200 Subject: [PATCH 134/223] fix --- .github/workflows/release.yml | 14 +++++++++++--- .github/workflows/tests.yml | 33 --------------------------------- 2 files changed, 11 insertions(+), 36 deletions(-) delete mode 100644 .github/workflows/tests.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b13896..bfe82ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,16 @@ name: release on: - release: # Docs: - types: [published] + push: + branches: [master, main] + tags-ignore: ['**'] + paths-ignore: [README, TODO, PROBLEMS] + pull_request: + paths-ignore: [README, TODO, PROBLEMS] + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true jobs: docker-image: @@ -28,7 +36,7 @@ jobs: context: . file: Dockerfile push: true - platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 + platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" tags: vanhauser/hydra:latest diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index 0baa450..0000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: tests - -on: - push: - branches: [master, main] - tags-ignore: ['**'] - paths-ignore: [README, TODO, PROBLEMS] - pull_request: - paths-ignore: [README, TODO, PROBLEMS] - -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - -jobs: # Docs: - docker-build: - name: Build the docker image - runs-on: ubuntu-20.04 - timeout-minutes: 45 - steps: - - uses: actions/checkout@v3 - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - - - uses: docker/build-push-action@v3 # Action page: - with: - context: . - file: Dockerfile - platforms: linux/amd64,linux/arm/v7 - push: true - tags: hydra:ci From b2fe51dc7f9fd1e727fb4eb6ee2cd8b5ec395fc4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 19:56:31 +0200 Subject: [PATCH 135/223] fix --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bfe82ee..569c68a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: - uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} + password: ${{ secrets.DOCKER_PASSWORD }} - uses: gacts/github-slug@v1 # Action page: id: slug From ea1e64fa5d993bda7c7ab6a7edfc793c94a6c150 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:06:32 +0200 Subject: [PATCH 136/223] fix --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 569c68a..19c1bb7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,5 @@ +# build docker image + name: release on: From 03a490133e19fb29b79d84ac02ff1823b590fd6a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:15:35 +0200 Subject: [PATCH 137/223] fix --- .github/workflows/release.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 19c1bb7..569c68a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,3 @@ -# build docker image - name: release on: From 1835eac20a301dc39b11e969b625a35ad4765c3e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:35:28 +0200 Subject: [PATCH 138/223] fix --- .github/workflows/release.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 569c68a..e88bc6f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,10 +8,6 @@ on: pull_request: paths-ignore: [README, TODO, PROBLEMS] -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - jobs: docker-image: name: Build the docker image @@ -36,7 +32,7 @@ jobs: context: . file: Dockerfile push: true - platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 - build-args: HYDRA_VERSION="${{ steps.slug.outputs.version-semantic }}" + platforms: linux/amd64 +# ,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 tags: vanhauser/hydra:latest From 770c5c436e367b22dc50cc5a1b7eaa1800d9be99 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Jun 2022 20:40:50 +0200 Subject: [PATCH 139/223] fix --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e88bc6f..e7e79e7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: context: . file: Dockerfile push: true - platforms: linux/amd64 -# ,linux/arm64,linux/arm/v6,linux/arm/v7,linux/arm64 + platforms: linux/amd64, linux/arm64 +# ,linux/arm/v6, linux/arm/v7 tags: vanhauser/hydra:latest From 615e566e79571001ff36800300ff9a33dba91c52 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Jul 2022 10:04:01 +0200 Subject: [PATCH 140/223] wait3 -> waitpid --- CHANGES | 1 + hydra.c | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index ab378a9..9727b33 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ Release 9.4-dev * Small fix for weird RTSP servers * Added "2=" optional parameter to http-post-form module to tell hydra that a "302" HTTP return code means success +* replaced wait3 with waitpid for better compatability Release 9.3 diff --git a/hydra.c b/hydra.c index a4267d4..b464010 100644 --- a/hydra.c +++ b/hydra.c @@ -1026,7 +1026,7 @@ void killed_childs(int32_t signo) { int32_t pid, i; killed++; - pid = wait3(NULL, WNOHANG, NULL); + pid = waitpid(-1, NULL, WNOHANG); for (i = 0; i < hydra_options.max_use; i++) { if (pid == hydra_heads[i]->pid) { hydra_heads[i]->pid = -1; @@ -1447,7 +1447,7 @@ void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = // NULL; } - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); } void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { @@ -4251,7 +4251,7 @@ int main(int argc, char *argv[]) { // hydra_brains.sent); usleepn(USLEEP_LOOP); - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); // write restore file and report status if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { hydra_restore_write(0); @@ -4354,7 +4354,7 @@ int main(int argc, char *argv[]) { for (i = 0; i < hydra_options.max_use; i++) if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0) hydra_kill_head(i, 1, 3); - (void)wait3(NULL, WNOHANG, NULL); + (void)waitpid(-1, NULL, WNOHANG); #define STRMAX (10 * 1024) char json_error[STRMAX + 2], tmp_str[STRMAX + 2]; From 0eb19744dfdc7e90db9a4615f740309afd26ae7d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 18 Jul 2022 17:57:11 +0200 Subject: [PATCH 141/223] Create LICENSE.md --- LICENSE.md | 661 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 661 insertions(+) create mode 100644 LICENSE.md diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..0ad25db --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. From 697f408d417e5ba0f3c698900b183f1c6b321b61 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Jul 2022 17:59:18 +0200 Subject: [PATCH 142/223] license stuff --- LICENSE | 32 +- LICENSE.md | 661 ----------------------------- LICENSE.OPENSSL => LICENSE_OPENSSL | 0 3 files changed, 5 insertions(+), 688 deletions(-) delete mode 100644 LICENSE.md rename LICENSE.OPENSSL => LICENSE_OPENSSL (100%) diff --git a/LICENSE b/LICENSE index 052a76b..0ad25db 100644 --- a/LICENSE +++ b/LICENSE @@ -1,12 +1,7 @@ -[see the end of the file for the special exception for linking with OpenSSL - - debian people need this] - - - GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -638,8 +633,8 @@ the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -648,7 +643,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . + along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. @@ -663,21 +658,4 @@ specific requirements. You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see -. - - -Special Exception - - * In addition, as a special exception, the copyright holders give - * permission to link the code of portions of this program with the - * OpenSSL library under certain conditions as described in each - * individual source file, and distribute linked combinations - * including the two. - * You must obey the GNU Affero General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you - * do not wish to do so, delete this exception statement from your - * version. If you delete this exception statement from all source - * files in the program, then also delete it here. - +. diff --git a/LICENSE.md b/LICENSE.md deleted file mode 100644 index 0ad25db..0000000 --- a/LICENSE.md +++ /dev/null @@ -1,661 +0,0 @@ - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU Affero General Public License is a free, copyleft license for -software and other kinds of works, specifically designed to ensure -cooperation with the community in the case of network server software. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -our General Public Licenses are intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - Developers that use our General Public Licenses protect your rights -with two steps: (1) assert copyright on the software, and (2) offer -you this License which gives you legal permission to copy, distribute -and/or modify the software. - - A secondary benefit of defending all users' freedom is that -improvements made in alternate versions of the program, if they -receive widespread use, become available for other developers to -incorporate. Many developers of free software are heartened and -encouraged by the resulting cooperation. However, in the case of -software used on network servers, this result may fail to come about. -The GNU General Public License permits making a modified version and -letting the public access it on a server without ever releasing its -source code to the public. - - The GNU Affero General Public License is designed specifically to -ensure that, in such cases, the modified source code becomes available -to the community. It requires the operator of a network server to -provide the source code of the modified version running there to the -users of that server. Therefore, public use of a modified version, on -a publicly accessible server, gives the public access to the source -code of the modified version. - - An older license, called the Affero General Public License and -published by Affero, was designed to accomplish similar goals. This is -a different license, not a version of the Affero GPL, but Affero has -released a new version of the Affero GPL which permits relicensing under -this license. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU Affero General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Remote Network Interaction; Use with the GNU General Public License. - - Notwithstanding any other provision of this License, if you modify the -Program, your modified version must prominently offer all users -interacting with it remotely through a computer network (if your version -supports such interaction) an opportunity to receive the Corresponding -Source of your version by providing access to the Corresponding Source -from a network server at no charge, through some standard or customary -means of facilitating copying of software. This Corresponding Source -shall include the Corresponding Source for any work covered by version 3 -of the GNU General Public License that is incorporated pursuant to the -following paragraph. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the work with which it is combined will remain governed by version -3 of the GNU General Public License. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU Affero General Public License from time to time. Such new versions -will be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU Affero General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU Affero General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU Affero General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If your software can interact with users remotely through a computer -network, you should also make sure that it provides a way for users to -get its source. For example, if your program is a web application, its -interface could display a "Source" link that leads users to an archive -of the code. There are many ways you could offer source, and different -solutions will be better for different programs; see section 13 for the -specific requirements. - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU AGPL, see -. diff --git a/LICENSE.OPENSSL b/LICENSE_OPENSSL similarity index 100% rename from LICENSE.OPENSSL rename to LICENSE_OPENSSL From 5cb9e50cc58a568a14542d682619834b5549f7ac Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 4 Aug 2022 09:20:06 +0200 Subject: [PATCH 143/223] fix for http-form redirect --- hydra-http-form.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 983b525..a864088 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -983,9 +983,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { // we have to split the location char *startloc, *endloc; - char str[2048]; - char str2[2048]; - char str3[2048]; + char str[2048], str2[2048], str3[2048], str4[2048]; redirected_cpt--; redirected_flag = 0; @@ -1004,19 +1002,21 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options startloc += strlen("://"); if ((endloc = strchr(startloc, '\r')) != NULL) { - startloc[endloc - startloc] = 0; + *endloc = 0; } if ((endloc = strchr(startloc, '\n')) != NULL) { - startloc[endloc - startloc] = 0; + *endloc = 0; } - strcpy(str, startloc); + strncpy(str, startloc, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; endloc = strchr(str, '/'); if (endloc != NULL) { strncpy(str2, str, endloc - str); str2[endloc - str] = 0; - } else - strncpy(str2, str, sizeof(str)); + } else { + strcpy(str2, str); + } if (strlen(str) - strlen(str2) == 0) { strcpy(str3, "/"); @@ -1025,7 +1025,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options str3[strlen(str) - strlen(str2)] = 0; } } else { - strncpy(str2, webtarget, sizeof(str2)); + strncpy(str2, webtarget, sizeof(str2) - 1); + str2[sizeof(str2) - 1] = 0; if (redirected_url_buff[0] != '/') { // it's a relative path, so we have to concatenate it // with the path from the first url given @@ -1041,8 +1042,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } else { sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); } - } else - strncpy(str3, redirected_url_buff, sizeof(str3)); + } else { + strncpy(str3, redirected_url_buff, sizeof(str3) - 1); + str3[sizeof(str3) - 1] = 0; + } if (debug) hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); } @@ -1054,12 +1057,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options str3[0] = '/'; } - if (strrchr(url, ':') == NULL && port != 80) { - sprintf(str2, "%.2040s:%d", str2, port); + if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { + sprintf(str4, "%.2000s:%d", str2, port); + strcpy(str2, str4); } if (verbose) - hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); + hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -1315,19 +1319,19 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { optional1 = NULL; if (strstr(url, "\\:") != NULL) { - if ((ptr = malloc(strlen(url))) != NULL) { + if ((ptr = malloc(strlen(url) + 1)) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); url = ptr; } } if (strstr(variables, "\\:") != NULL) { - if ((ptr = malloc(strlen(variables))) != NULL) { + if ((ptr = malloc(strlen(variables) + 1)) != NULL) { strcpy(ptr, hydra_strrep(variables, "\\:", ":")); variables = ptr; } } if (strstr(cond, "\\:") != NULL) { - if ((ptr = malloc(strlen(cond))) != NULL) { + if ((ptr = malloc(strlen(cond) + 1)) != NULL) { strcpy(ptr, hydra_strrep(cond, "\\:", ":")); cond = ptr; } From 45d2f2dd67d2a18a993536187079d6a1eaa8a9b0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Sep 2022 10:32:44 +0200 Subject: [PATCH 144/223] v9.4 release --- CHANGES | 2 +- hydra.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 9727b33..8fd6cf4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ Changelog for hydra ------------------- -Release 9.4-dev +Release 9.4 * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian * Small fix for weird RTSP servers * Added "2=" optional parameter to http-post-form module to tell hydra that diff --git a/hydra.c b/hydra.c index b464010..12772bb 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.4-dev" +#define VERSION "v9.4" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 28aaa7bab9f25bfff9f4dfb03a02cd3fb5a526f6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Sep 2022 10:33:59 +0200 Subject: [PATCH 145/223] v9.5-dev init --- CHANGES | 4 ++++ hydra.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 8fd6cf4..2111ce2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ Changelog for hydra ------------------- +Release 9.5-dev +* ... your patch? :) + + Release 9.4 * Switched from pcre/pcre3 to pcre2 as pcre/pcre3 will be dropped from Debian * Small fix for weird RTSP servers diff --git a/hydra.c b/hydra.c index 12772bb..2e4f2ab 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.4" +#define VERSION "v9.5-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 613bd02264dcc989eeeb77b83603d4c2f48f0bbc Mon Sep 17 00:00:00 2001 From: Sam James Date: Fri, 9 Sep 2022 04:32:05 +0100 Subject: [PATCH 146/223] Makefile.am: add -D_GNU_SOURCE for strcasestr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit strcasestr is not a standard function and per the man page, needs -D_GNU_SOURCE to be visible. Fixes a build error: ``` hydra-rtsp.c:20:7: error: implicit declaration of function ‘strcasestr’; did you mean ‘strcasecmp’? [-Werror=implicit-function-declaration] 20 | if (strcasestr(s, "401 Unauthorized") != NULL) { | ^~~~~~~~~~ | strcasecmp ``` Signed-off-by: Sam James --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index 8cd56d1..a8da8d6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,6 +5,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversio WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g OPTS=-I. -O3 $(CFLAGS) -fcommon +CPPFLAGS += -D_GNU_SOURCE # -Wall -g -pedantic LIBS=-lm DESTDIR ?= From 882a1a3aaca6257069fa8619352cb986973ff98b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 29 Sep 2022 10:01:56 +0200 Subject: [PATCH 147/223] fix http-...-form help --- CHANGES | 3 ++- hydra-http-form.c | 48 +++++++++++++++++++++++------------------------ 2 files changed, 25 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 2111ce2..3d61f77 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,8 @@ Changelog for hydra ------------------- Release 9.5-dev -* ... your patch? :) +* The help for http forms was wrong. the condition variable must always be + the *last* parameter, not the third Release 9.4 diff --git a/hydra-http-form.c b/hydra-http-form.c index a864088..93953dc 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1434,27 +1434,26 @@ void usage_http_form(const char *service) { "redirections in\n" "a row. It always gathers a new cookie from the same URL without " "variables\n" - "The parameters take three \":\" separated values, plus optional " + "The parameters requires three \":\" separated values, plus optional " "values.\n" "(Note: if you need a colon in the option string as value, escape it " "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: :

:[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, " - "etc.\n" - " with url-encoded (resp. base64-encoded) usernames and passwords being " - "replaced in the\n" - " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") " - "placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful " - "condition\n" + "\nSyntax: :[:[:]:\n" + "\nFirst is the page on the server to GET or POST to (URL), e.g. \"/login\".\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.)\n" + " without the initial '?' character and the usernames and passwords being\n" + " replaced with \"^USER^\" (\"^USER64^\" for base64 encodings) and \"^PASS^\"\n" + " (\"^PASS64^\" for base64 encodings).\n" + "Third are optional parameters (see below)\n" + "Last is the string that it checks for an *invalid* login (by default).\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp " - "what a\n" - " failed string looks like and put it in this parameter! Add the -d switch to see\nthe sent/received data!\n" - "\nThe following parameters are optional:\n" + " This is where most people get it wrong! You have to check the webapp what a\n" + " failed string looks like and put it in this parameter! Add the -d switch to see\n" + " the sent/received data!\n" + " Note that using invalid login condition checks can result in false positives!\n" + "\nThe following parameters are optional and are put between the form parameters\n" + " and the condition string; seperate them too with colons:\n" " 2= 302 page forward return codes identify a successful attempt\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" @@ -1469,17 +1468,16 @@ void usage_http_form(const char *service) { "exists, by the\n" " one supplied by the user, or add the header at the " "end\n" - "\nNote that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the " - "examples above and below).\n" - " You can specify a header without escaping the colons, but that way you " - "will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as " - "option separators.\n" + "\nNote that if you are going to put colons (:) in your headers you should escape\n" + "them with a backslash (\\). All colons that are not option separators should be\n" + "escaped (see the examples above and below).\n" + "You can specify a header without escaping the colons, but that way you will not\n" + "be able to put colons in the header value itself, as they will be interpreted by\n" + "hydra as option separators.\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/" - "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*" + "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=result=" "success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic " From 8ddec0107b57b356820a8f19ca50d2cb5ea687ed Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 13 Oct 2022 17:28:39 +0200 Subject: [PATCH 148/223] dockerfile fix --- Dockerfile | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4496f50..599e7e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,18 +35,23 @@ RUN set -x \ gcc \ 1>/dev/null \ # The next line fixes the curl "SSL certificate problem: unable to get local issuer certificate" for linux/arm - && c_rehash \ - # Get hydra sources and compile - && cd /src \ - && ./configure 1>/dev/null \ - && make 1>/dev/null \ - && make install \ - # Make clean - && apt-get purge -y make gcc libgpg-error-dev libgcrypt-dev \ + && c_rehash + +# Get hydra sources and compile +RUN cd /src \ + && make clean \ + && ./configure \ + && make \ + && make install + +# Make clean +RUN apt-get purge -y make gcc \ && apt-get autoremove -y \ && rm -rf /var/lib/apt/lists/* \ - # Verify hydra installation - && hydra -h || error_code=$? \ + && rm -rf /src + +# Verify hydra installation +RUN hydra -h || error_code=$? \ && if [ ! "${error_code}" -eq 255 ]; then echo "Wrong exit code for 'hydra help' command"; exit 1; fi \ # Unprivileged user creation && echo 'hydra:x:10001:10001::/tmp:/sbin/nologin' > /etc/passwd \ From 5ab0b95f8f1e6b24846fb9012570c7022eaf32b3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 14 Oct 2022 10:23:19 +0200 Subject: [PATCH 149/223] fix attempt for smb2 --- hydra-smb2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-smb2.c b/hydra-smb2.c index 275bbae..c213596 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,6 +126,7 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { + case 0: break; case ENOENT: // Noticed this when connecting to older samba servers on linux // where any credentials are accepted. From 04204f7d9b9ced8f564aa18d6636779bea5c59eb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 14 Oct 2022 10:29:22 +0200 Subject: [PATCH 150/223] fix attempt for smb2 --- hydra-smb2.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hydra-smb2.c b/hydra-smb2.c index c213596..5e99451 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,7 +126,11 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { - case 0: break; + case 0: + // maybe false positive? unclear ... :( ... needs more testing + smbc_free_context(ctx, 1); + return true; + break; case ENOENT: // Noticed this when connecting to older samba servers on linux // where any credentials are accepted. From 8fb5f5e2b473eb351109d11bfe13a04aa3020bc3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 14 Oct 2022 10:31:21 +0200 Subject: [PATCH 151/223] update changelog --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index 3d61f77..55d74e9 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,8 @@ Changelog for hydra ------------------- Release 9.5-dev +* smb2: fix for updated libsmb2 which resulted in correct guessing attempts + not being detected * The help for http forms was wrong. the condition variable must always be the *last* parameter, not the third From feaab90b1fe29c9f059e4b548540f00b6df79ff1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Nov 2022 17:05:41 +0100 Subject: [PATCH 152/223] fix smtp --- CHANGES | 5 +++-- hydra-smtp.c | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 55d74e9..2c27d84 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,11 @@ Changelog for hydra ------------------- Release 9.5-dev +* The help for http-form was wrong. the condition variable must always be + the *last* parameter, not the third * smb2: fix for updated libsmb2 which resulted in correct guessing attempts not being detected -* The help for http forms was wrong. the condition variable must always be - the *last* parameter, not the third +* smtp: break early if the server does not allow authentication Release 9.4 diff --git a/hydra-smtp.c b/hydra-smtp.c index dc6e54a..97d5b72 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -61,6 +61,10 @@ int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, cha return 1; if (strstr(buf, "334") == NULL) { hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf); + if (strstr(buf, "503") != NULL) { + free(buf); + return 4; + } free(buf); return 3; } @@ -438,6 +442,12 @@ void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } hydra_child_exit(0); return; + case 4: /* error exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(3); + return; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); From 972039b3ae2122a2aa8e9322a6f1b36fd5ef3966 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 4 Nov 2022 10:56:56 +0100 Subject: [PATCH 153/223] fix help --- pw-inspector.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw-inspector.c b/pw-inspector.c index 2f53e05..cc91c02 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -30,7 +30,7 @@ void help() { printf(" -l lowcase characters (a,b,c,d, etc.)\n"); printf(" -u upcase characters (A,B,C,D, etc.)\n"); printf(" -n numbers (1,2,3,4, etc.)\n"); - printf(" -p printable characters (which are not -l/-n/-p, e.g. " + printf(" -p printable characters (which are not -l/-u/-n, e.g. " "$,!,/,(,*, etc.)\n"); printf(" -s special characters - all others not within the sets " "above\n"); From 4778a398d963847bf70862d687d752606847f3f2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 9 Nov 2022 12:08:34 +0100 Subject: [PATCH 154/223] fix man page --- hydra-mod.c | 6 +++--- pw-inspector.1 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index a24889b..de86f66 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -662,10 +662,10 @@ char *hydra_get_next_pair() { pair[sizeof(pair) - 1] = 0; __fck = read(intern_socket, pair, sizeof(pair) - 1); // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); - if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) - return HYDRA_EXIT; - if (pair[0] == 0) + if (pair[0] == 0 || __fck <= 0) return HYDRA_EMPTY; + if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) + return HYDRA_EXIT; } return pair; } diff --git a/pw-inspector.1 b/pw-inspector.1 index 90bff65..c9f228c 100644 --- a/pw-inspector.1 +++ b/pw-inspector.1 @@ -42,7 +42,7 @@ upcase characters (A,B,C,D, etc.) numbers (1,2,3,4, etc.) .TP .B \-p -printable characters (which are not \-l/\-n/\-p, e.g. $,!,/,(,*, etc.) +printable characters (which are not \-l/\-n/\-n, e.g. $,!,/,(,*, etc.) .TP .B \ -s special characters \- all others not withint the sets above From 128467103181c2982a7be6acef33759c8401726b Mon Sep 17 00:00:00 2001 From: mashaz Date: Tue, 15 Nov 2022 15:01:58 +0800 Subject: [PATCH 155/223] fix: error when mongodb user is empty --- hydra-mongodb.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/hydra-mongodb.c b/hydra-mongodb.c index 201c3ff..994f477 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -72,10 +72,17 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, mongoc_log_set_handler(NULL, NULL); bson_init(&q); - snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr); + if (login[0] == '\0' && pass[0] == '\0') { + snprintf(uri, sizeof(uri), "mongodb://%s:%d/?authSource=%s", hydra_address2string(ip), port, miscptr); + } else { + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s:%d/?authSource=%s", login, pass, hydra_address2string(ip), port, miscptr); + } + client = mongoc_client_new(uri); - if (!client) + if (!client) { + hydra_completed_pair_skip(); return 3; + } mongoc_client_set_appname(client, "hydra"); collection = mongoc_client_get_collection(client, miscptr, "test"); From e9698cd53053442f23effc8fee68a8d566fbc94f Mon Sep 17 00:00:00 2001 From: ringzero Date: Sun, 4 Dec 2022 16:13:47 +0800 Subject: [PATCH 156/223] freerdp tls-seclevel to 0 --- hydra-rdp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index b33c87d..a772086 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -30,6 +30,7 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerPort = port; instance->settings->Domain = domain; instance->settings->MaxTimeInCheckLoop = 100; + instance->settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); return err; From eb939baaa51c6f48c4fdfe5a993bdc7aa495ba89 Mon Sep 17 00:00:00 2001 From: ringzero Date: Mon, 5 Dec 2022 20:12:56 +0800 Subject: [PATCH 157/223] rdp: support hydra waittime --- hydra-rdp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index a772086..405ecf3 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -9,6 +9,7 @@ #include "hydra-mod.h" +extern hydra_option hydra_options; extern char *HYDRA_EXIT; #ifndef LIBFREERDP void dummy_rdp() { printf("\n"); } @@ -18,6 +19,7 @@ void dummy_rdp() { printf("\n"); } freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; + int32_t waittime = hydra_options.waittime; instance->settings->Username = login; instance->settings->Password = password; @@ -30,6 +32,11 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerPort = port; instance->settings->Domain = domain; instance->settings->MaxTimeInCheckLoop = 100; + // hydra_options.waittime default value -> 32 + if (waittime != 32) { + // freerdp timeout format is microseconds -> default:15000 + instance->settings->TcpConnectTimeout = waittime * 1000; + } instance->settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); From d830ac795e65a7b47492d50859eb36bb8d2dd116 Mon Sep 17 00:00:00 2001 From: ringzero Date: Tue, 6 Dec 2022 09:41:04 +0800 Subject: [PATCH 158/223] rdp implementing-w and -W support --- hydra-rdp.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index 405ecf3..4036591 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -19,7 +19,6 @@ void dummy_rdp() { printf("\n"); } freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; - int32_t waittime = hydra_options.waittime; instance->settings->Username = login; instance->settings->Password = password; @@ -32,11 +31,8 @@ BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *pa instance->settings->ServerPort = port; instance->settings->Domain = domain; instance->settings->MaxTimeInCheckLoop = 100; - // hydra_options.waittime default value -> 32 - if (waittime != 32) { - // freerdp timeout format is microseconds -> default:15000 - instance->settings->TcpConnectTimeout = waittime * 1000; - } + // freerdp timeout format is microseconds -> default:15000 + instance->settings->TcpConnectTimeout = hydra_options.waittime * 1000; instance->settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); @@ -108,6 +104,7 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1; int32_t myport = PORT_RDP; + int32_t __first_rdp_connect = 1; if (port != 0) myport = port; @@ -119,6 +116,10 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL next_run = 0; switch (run) { case 1: /* run the cracking function */ + if (__first_rdp_connect != 0) + __first_rdp_connect = 0; + else + sleep(hydra_options.conwait); next_run = start_rdp(ip, myport, options, miscptr, fp); break; case 2: /* clean exit */ From c6a3f77476bbdf7d409a7cdf46725694fbf18f10 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 3 Jan 2023 11:47:39 +0100 Subject: [PATCH 159/223] welcome 2023 --- Makefile.am | 2 +- hydra.1 | 2 +- hydra.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index a8da8d6..0dd498e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -# Makefile for Hydra - (c) 2001-2022 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC # WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align diff --git a/hydra.1 b/hydra.1 index 81b2feb..b9cb7a5 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,4 +1,4 @@ -.TH "HYDRA" "1" "01/01/2022" +.TH "HYDRA" "1" "01/01/2023" .SH NAME hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS diff --git a/hydra.c b/hydra.c index 2e4f2ab..dbea4c0 100644 --- a/hydra.c +++ b/hydra.c @@ -1,5 +1,5 @@ /* - * hydra (c) 2001-2022 by van Hauser / THC + * hydra (c) 2001-2023 by van Hauser / THC * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. @@ -2186,7 +2186,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2022 by %s & %s - Please do not use in military or secret " + printf("%s %s (c) 2023 by %s & %s - Please do not use in military or secret " "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); #ifndef LIBAFP From a41d10dc8ce718c9bd4397534636d6b4de1450cd Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 18 Jan 2023 16:30:24 +0100 Subject: [PATCH 160/223] Various C99 compatibility fixes strrchr is declared in , not . _GNU_SOURCE needs to be defined before any glibc headers are included, otherwise it is not effective. Also patch some old autoconf-internal issues in the hydra-gtk configure script. --- configure | 2 +- hydra-gtk/configure | 8 ++++---- hydra-rtsp.c | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/configure b/configure index d9c8b02..425f80a 100755 --- a/configure +++ b/configure @@ -1356,7 +1356,7 @@ echo "Checking for Android specialities ..." TMPC=comptest$$ STRRCHR=" not" echo '#include ' > $TMPC.c -echo '#include ' >> $TMPC.c +echo '#include ' >> $TMPC.c echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c $CC -o $TMPC $TMPC.c > /dev/null 2>&1 test -x $TMPC && STRRCHR="" diff --git a/hydra-gtk/configure b/hydra-gtk/configure index 653ba7d..6cd3de7 100755 --- a/hydra-gtk/configure +++ b/hydra-gtk/configure @@ -2391,7 +2391,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ - '' \ + '#include ' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ @@ -3192,7 +3192,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ - '' \ + '#include ' \ 'extern "C" void std::exit (int) throw (); using std::exit;' \ 'extern "C" void std::exit (int); using std::exit;' \ 'extern "C" void exit (int) throw ();' \ @@ -3797,8 +3797,8 @@ main () for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) - exit(2); - exit (0); + return 2; + return 0; } _ACEOF rm -f conftest$ac_exeext diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 3b6e84b..3b4bdca 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -6,10 +6,11 @@ // // +#define _GNU_SOURCE + #include "hydra-mod.h" #include "sasl.h" #include -#define _GNU_SOURCE #include extern char *HYDRA_EXIT; From 97cae4633c45be76d2f5df5a739a3870adbd293e Mon Sep 17 00:00:00 2001 From: xd0419 <1249457656@qq.com> Date: Wed, 1 Mar 2023 22:08:53 +0800 Subject: [PATCH 161/223] edit mongodb moudle error --- hydra-mongodb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-mongodb.c b/hydra-mongodb.c index 994f477..d413192 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -97,11 +97,11 @@ int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, mongoc_collection_destroy(collection); mongoc_client_destroy(client); mongoc_cleanup(); - hydra_completed_pair_skip(); + hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { return 3; } - return 2; + return 1; } } From 4ae7a365e92f3b30cc3eb58aa47bf7e42f21a8ef Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 6 Mar 2023 10:35:03 +0100 Subject: [PATCH 162/223] fix http form help output --- hydra-http-form.c | 44 +++++++++++++++++--------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 93953dc..53b7ce5 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -20,33 +20,23 @@ Here's a couple of examples: - ./hydra -S -s 443 -l "" -P pass.txt 10.221.64.2 https-get-form "/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect" -The option field (following the service field) takes three ":" separated -values and an optional fourth value, the first is the page on the server -to GET or POST to, the second is the POST/GET variables (taken from either -the browser, or a proxy such as PAROS) with the varying usernames and passwords -in the "^USER^" and "^PASS^" placeholders, the third is the string that it -checks for an *invalid* or *valid* login - any exception to this is counted -as a success. +The option field (following the service field) takes ":" separated values: +The first is the page on the server to GET or POST to. +The second is the POST/GET variables (taken from either the browser, or a proxy +such as ZAP) with the varying usernames and passwords in the "^USER^" and +"^PASS^" placeholders. +The third + are optional parameters like C=, H= etc. (see below) +The final(!) parameter is the string that it checks for an *invalid* or *valid* +login So please: * invalid condition login should be preceded by "F=" * valid condition login should be preceded by "S=". -By default, if no header is found the condition is assume to be a fail, -so checking for *invalid* login. -The fourth optional value, can be a 'C' to define a different page to GET -initial cookies from. +By default, if no header is found the condition is assume to be a fail (F=), +so checking for an *invalid* login string. -If you specify the verbose flag (-v) it will show you the response from the +If you specify the debug flag (-d) it will show you the response from the HTTP server which is useful for checking the result of a failed login to -find something to pattern match against. - -Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com), -rewritten by David Maciejak - -Fix and issue with strtok use and implement 1 step location follow if HTTP -3xx code is returned (david dot maciejak at gmail dot com) - -Added fail or success condition, getting cookies, and allow 5 redirections by -david +find something to pattern match against. This should be done together with -t 1. */ @@ -1434,8 +1424,8 @@ void usage_http_form(const char *service) { "redirections in\n" "a row. It always gathers a new cookie from the same URL without " "variables\n" - "The parameters requires three \":\" separated values, plus optional " - "values.\n" + "The parameters requires at a minimum three \":\" separated values,\n" + "plus optional values.\n" "(Note: if you need a colon in the option string as value, escape it " "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" "\nSyntax: :[:[:]:\n" @@ -1480,11 +1470,11 @@ void usage_http_form(const char *service) { "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=result=" "success\"\n" " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic " + " \"/:user=^USER&pass=^PASS^:H=Authorization\\: Basic " "dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/" + " \"/exchweb/bin/auth/:F=failed" "owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&" "username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:" - "reason=:C=/exchweb\"\n", + "C=/exchweb\":reason=\n", service); } From 75b7b52da9a2590b772ec75d4b8fb71ed2910335 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Mar 2023 09:23:55 +0100 Subject: [PATCH 163/223] fix proxy support for http-form --- CHANGES | 6 ++++-- hydra-http-form.c | 12 ++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 2c27d84..9f21de3 100644 --- a/CHANGES +++ b/CHANGES @@ -2,8 +2,10 @@ Changelog for hydra ------------------- Release 9.5-dev -* The help for http-form was wrong. the condition variable must always be - the *last* parameter, not the third +* http-form: + - The help for http-form was wrong. the condition variable must always be + the *last* parameter, not the third + - Proxy support was not working correctly * smb2: fix for updated libsmb2 which resulted in correct guessing attempts not being detected * smtp: break early if the server does not allow authentication diff --git a/hydra-http-form.c b/hydra-http-form.c index 53b7ce5..d41cbd9 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -761,7 +761,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); @@ -775,7 +775,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); @@ -823,7 +823,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (getcookie) { // doing a GET to get cookies memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); @@ -837,7 +837,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); @@ -1072,7 +1072,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // proxy with authentication hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); @@ -1084,7 +1084,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // proxy without authentication hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); From 01efa98ded7e7053dc8d7b898dee5bd2c365b671 Mon Sep 17 00:00:00 2001 From: bugith Date: Sun, 14 May 2023 12:03:43 +0200 Subject: [PATCH 164/223] Update README -x syntax with special characters --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index e8c7b6a..846164a 100644 --- a/README +++ b/README @@ -267,6 +267,7 @@ Examples: -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters -x 2:5:/ generate passwords from length 2 to 5 containing only slashes -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates lenght 3 passwords with all 95 characters, and verbose. ``` Example: From a0565e1abe731c455c688c2e82da28bbe7db4a16 Mon Sep 17 00:00:00 2001 From: leo Date: Fri, 9 Jun 2023 20:43:21 +1200 Subject: [PATCH 165/223] fix rdp response 0002000f not recognised as a failed attempt --- hydra-rdp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hydra-rdp.c b/hydra-rdp.c index 4036591..456a1c3 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -76,6 +76,10 @@ int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, // login failure hydra_completed_pair(); break; + case 0x0002000f: + // login failure + hydra_completed_pair_skip(); + break; case 0x0002000d: hydra_report(stderr, "[%d][rdp] account on %s might be valid but account not " From 377ac86652f86bd3317a771a173c4235aaa2055c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 10:03:28 +0200 Subject: [PATCH 166/223] v9.6 release --- CHANGES | 1 + hydra.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 9f21de3..d30e1ac 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,7 @@ Release 9.5-dev * smb2: fix for updated libsmb2 which resulted in correct guessing attempts not being detected * smtp: break early if the server does not allow authentication +* rdp: detect more return codes that say a user is disabled etc. Release 9.4 diff --git a/hydra.c b/hydra.c index dbea4c0..cae3dde 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.5-dev" +#define VERSION "v9.6" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 714b051867365c724faf7f505c59dd0b0389ca58 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 10:05:41 +0200 Subject: [PATCH 167/223] v9.5 release --- CHANGES | 2 +- README | 2 +- hydra.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index d30e1ac..a78dfea 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,7 @@ Changelog for hydra ------------------- -Release 9.5-dev +Release 9.5 * http-form: - The help for http-form was wrong. the condition variable must always be the *last* parameter, not the third diff --git a/README b/README index 846164a..44cb585 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ H Y D R A - (c) 2001-2022 by van Hauser / THC + (c) 2001-2023 by van Hauser / THC https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal diff --git a/hydra.c b/hydra.c index cae3dde..c250f4c 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.6" +#define VERSION "v9.5" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 28f073fd79d337c957fc41ada2be5ec2e8122b0e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 24 Jun 2023 12:03:03 +0200 Subject: [PATCH 168/223] fix pw-inspector --- pw-inspector.c | 55 +++++++++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 32 deletions(-) diff --git a/pw-inspector.c b/pw-inspector.c index cc91c02..8b87a5a 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -50,7 +50,7 @@ int main(int argc, char *argv[]) { int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; FILE *in = stdin, *out = stdout; - char buf[MAXLENGTH + 1]; + unsigned char buf[MAXLENGTH + 1]; prg = argv[0]; if (argc < 2) @@ -124,9 +124,9 @@ int main(int argc, char *argv[]) { if (countsets == 0) countsets = sets; - while (fgets(buf, sizeof(buf), in) != NULL) { - i = -1; - if (buf[0] == 0) + while (fgets((void *)buf, sizeof(buf), in) != NULL) { + int is_low = 0, is_up = 0, is_no = 0, is_print = 0, is_other = 0; + if (!buf[0]) continue; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; @@ -134,40 +134,31 @@ int main(int argc, char *argv[]) { buf[strlen(buf) - 1] = 0; if (strlen(buf) >= minlen && strlen(buf) <= maxlen) { i = 0; - if (countsets > 0) { - if (set_low) - if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL) - i++; - if (set_up) - if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL) - i++; - if (set_no) - if (strpbrk(buf, "0123456789") != NULL) - i++; - if (set_print) { - j = 0; - for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0) - j = 1; - if (j) - i++; - } - if (set_other) { - j = 0; - for (k = 0; k < strlen(buf); k++) - if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0) - j = 1; - if (j) - i++; + j = 1; + for (i = 0; i < strlen(buf) && j; i++) { + j = 0; + if (set_low && islower(buf[i])) { + j = 1; + is_low = 1; + } else if (set_up && isupper(buf[i])) { + j = 1; + is_up = 1; + } else if (set_no && isdigit(buf[i])) { + j = 1; + is_no = 1; + } else if (set_print && isprint(buf[i]) && !isalnum(buf[i])) { + j = 1; + is_print = 1; + } else if (set_other && !isprint(buf[i])) { + j = 1; + is_other = 1; } } - if (i >= countsets) { + if (j && countsets <= is_low + is_up + is_no + is_print + is_other) { fprintf(out, "%s\n", buf); count++; } } - /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, - * minlen, maxlen, strlen(buf)); */ } fclose(in); fclose(out); From 58256c8b4f1517d15ba416347451bbf1397d7bef Mon Sep 17 00:00:00 2001 From: neo-one0873 <50387785+neo-one0873@users.noreply.github.com> Date: Tue, 27 Jun 2023 10:41:16 +0800 Subject: [PATCH 169/223] fix: array proxy_string_port may out of bound when proxy_count=64, array proxy_string_port , proxy_string_ip, etc. may out of bound. --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index c250f4c..5a21928 100644 --- a/hydra.c +++ b/hydra.c @@ -2045,7 +2045,7 @@ void process_proxy_line(int32_t type, char *string) { string[strlen(string) - 1] = 0; if (string[strlen(string) - 1] == '\r') string[strlen(string) - 1] = 0; - if (proxy_count > MAX_PROXY_COUNT) { + if (proxy_count >= MAX_PROXY_COUNT) { fprintf(stderr, "[WARNING] maximum amount of proxies loaded, ignoring this entry: %s\n", string); return; } From bb0fc9353913e0f114ec8f1144417a117b951359 Mon Sep 17 00:00:00 2001 From: xiongyi Date: Tue, 27 Jun 2023 17:45:38 +0800 Subject: [PATCH 170/223] fix memory leaks for hydra-http-form.c Signed-off-by: xiongyi --- hydra-http-form.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index d41cbd9..3707b2f 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -796,8 +796,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -814,8 +816,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } } else { if (use_proxy == 1) { @@ -858,8 +862,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -876,8 +882,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } } else { // direct web server, no proxy @@ -921,8 +929,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); @@ -939,8 +949,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (http_request != NULL) free(http_request); http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } } } } @@ -1105,8 +1117,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hydra_reconnect(s, ip, port, options, hostname); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; + } found = analyze_server_response(s); if (strlen(cookie) > 0) From 8a2df9b8f28ecb8c25b532be1b1deeed2a51d598 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Jun 2023 17:21:44 +0200 Subject: [PATCH 171/223] 9.6dev --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 5a21928..4e33711 100644 --- a/hydra.c +++ b/hydra.c @@ -228,7 +228,7 @@ char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cobaltstrike cvs fire #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v9.5" +#define VERSION "v9.6dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define AUTHOR2 "David Maciejak" From 310068c9ca54b86b937dc07c59c5b7a129ed06d7 Mon Sep 17 00:00:00 2001 From: Coen Tempelaars Date: Fri, 7 Jul 2023 20:55:04 +0200 Subject: [PATCH 172/223] fix replacement of user/pass placeholders in http header --- hydra-http-form.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 3707b2f..9e3c92b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -314,9 +314,15 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { - cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1); - if (cur_ptr->value) - strcpy(cur_ptr->value, newvalue); + size_t oldlen = strlen(oldvalue); + size_t newlen = strlen(newvalue); + if (oldlen != newlen) + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(cur_ptr->value) - oldlen + newlen + 1); + if (cur_ptr->value) { + char *p = strstr(cur_ptr->value, oldvalue); + memmove(p + newlen, p + oldlen, strlen(p + oldlen) + 1); + memcpy(p, newvalue, newlen); + } else { hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n"); hydra_child_exit(0); From fb964fc1132d7e7ee993b5cfe1ed280978530589 Mon Sep 17 00:00:00 2001 From: Roan Rothrock Date: Tue, 11 Jul 2023 10:15:24 -0500 Subject: [PATCH 173/223] Fixed #868 on vanhauser-thc/thc-hydra --- hydra-rtsp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra-rtsp.c b/hydra-rtsp.c index 3b4bdca..5526f9b 100644 --- a/hydra-rtsp.c +++ b/hydra-rtsp.c @@ -6,7 +6,9 @@ // // +#ifndef _GNU_SOURCE #define _GNU_SOURCE +#endif #include "hydra-mod.h" #include "sasl.h" From 568ef74e0d513c8a3a0d388acdd444f92e700cab Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 21 Jul 2023 10:44:31 +0200 Subject: [PATCH 174/223] nits --- Makefile.am | 2 +- hydra-http-form.c | 5 ++--- hydra-mod.c | 2 +- hydra-smb2.c | 2 +- hydra-svn.c | 2 ++ 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index 0dd498e..f6d4bb0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations CPPFLAGS += -D_GNU_SOURCE # -Wall -g -pedantic LIBS=-lm diff --git a/hydra-http-form.c b/hydra-http-form.c index 9e3c92b..a8e5922 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -322,8 +322,7 @@ void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) { char *p = strstr(cur_ptr->value, oldvalue); memmove(p + newlen, p + oldlen, strlen(p + oldlen) + 1); memcpy(p, newvalue, newlen); - } - else { + } else { hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n"); hydra_child_exit(0); } @@ -805,7 +804,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { free(cookie_header); return 1; - } + } } else { if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); diff --git a/hydra-mod.c b/hydra-mod.c index de86f66..c988c1d 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -664,7 +664,7 @@ char *hydra_get_next_pair() { // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); if (pair[0] == 0 || __fck <= 0) return HYDRA_EMPTY; - if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) + if (__fck >= sizeof(HYDRA_EXIT) && memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) return HYDRA_EXIT; } return pair; diff --git a/hydra-smb2.c b/hydra-smb2.c index 5e99451..9f396be 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -126,7 +126,7 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { */ switch (errno) { - case 0: + case 0: // maybe false positive? unclear ... :( ... needs more testing smbc_free_context(ctx, 1); return true; diff --git a/hydra-svn.c b/hydra-svn.c index 063f12c..0258f9a 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -4,7 +4,9 @@ #ifdef LIBSVN /* needed on openSUSE */ +#ifndef _GNU_SOURCE #define _GNU_SOURCE +#endif #if !defined PATH_MAX && defined HAVE_SYS_PARAM_H #include From d2363dc99eb109adb031508e3fbde6fbba5103ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20den=20Berg?= Date: Thu, 10 Aug 2023 16:25:37 +0200 Subject: [PATCH 175/223] Allow HTTP-POST with F=403 I had a site which returns 200OK, but a json containing 403. Get results in "invalid api call". Allow using F= with post. --- hydra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra.c b/hydra.c index 4e33711..30a8ece 100644 --- a/hydra.c +++ b/hydra.c @@ -388,7 +388,7 @@ static const struct { {"http-get-form", service_http_form_init, service_http_get_form, usage_http_form}, {"http-head", service_http_init, service_http_head, NULL}, {"http-form", service_http_form_init, NULL, usage_http_form}, - {"http-post", NULL, service_http_post, usage_http}, + {"http-post", service_http_init, service_http_post, usage_http}, {"http-post-form", service_http_form_init, service_http_post_form, usage_http_form}, SERVICE3("http-proxy", http_proxy), SERVICE3("http-proxy-urlenum", http_proxy_urlenum), From 16b424af4db7f49d09b4a9157e805040ebff23ee Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 13 Aug 2023 13:07:10 +0200 Subject: [PATCH 176/223] support -W for modules that use libarries --- CHANGES | 2 ++ hydra-firebird.c | 3 +++ hydra-http.c | 2 +- hydra-memcached.c | 3 +++ hydra-mongodb.c | 3 +++ hydra-mysql.c | 3 +++ hydra-oracle-listener.c | 3 +++ hydra-oracle-sid.c | 3 +++ hydra-oracle.c | 3 +++ hydra-postgres.c | 3 +++ hydra-rdp.c | 2 ++ hydra-sapr3.c | 3 +++ hydra-smb2.c | 8 ++++++++ hydra-ssh.c | 2 ++ hydra-sshkey.c | 3 +++ hydra-svn.c | 3 +++ 16 files changed, 48 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a78dfea..685f48d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,8 @@ Changelog for hydra ------------------- Release 9.5 +* many modules did not support -W (all those that used a library for the + connection). All (or most?) should be fixed now. * http-form: - The help for http-form was wrong. the condition variable must always be the *last* parameter, not the third diff --git a/hydra-firebird.c b/hydra-firebird.c index 4898c46..dea104f 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -22,6 +22,7 @@ void dummy_firebird() { printf("\n"); } #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" +extern hydra_option hydra_options; extern char *HYDRA_EXIT; int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { @@ -124,6 +125,8 @@ void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr */ next_run = start_firebird(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: diff --git a/hydra-http.c b/hydra-http.c index c76b937..ba9a676 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -451,7 +451,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis start--; memset(start, '\0', condition_len); if (debug) - hydra_report(stderr, "Modificated options:%s\n", miscptr); + hydra_report(stderr, "Modified options:%s\n", miscptr); } else { if (debug) hydra_report(stderr, "Condition not found\n"); diff --git a/hydra-memcached.c b/hydra-memcached.c index ca21d26..5a7c112 100644 --- a/hydra-memcached.c +++ b/hydra-memcached.c @@ -13,6 +13,7 @@ void dummy_mcached() { printf("\n"); } extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; int mcached_send_com_quit(int32_t sock) { @@ -117,6 +118,8 @@ void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: next_run = start_mcached(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: hydra_child_exit(0); diff --git a/hydra-mongodb.c b/hydra-mongodb.c index d413192..66269be 100644 --- a/hydra-mongodb.c +++ b/hydra-mongodb.c @@ -14,6 +14,7 @@ void dummy_mongodb() { printf("\n"); } extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char *buf; @@ -136,6 +137,8 @@ void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: next_run = start_mongodb(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: hydra_child_exit(0); diff --git a/hydra-mysql.c b/hydra-mysql.c index eae5fd9..01a258e 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -35,6 +35,7 @@ char *hydra_scramble(char *to, const char *message, const char *password); extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length); extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char mysqlsalt[9]; @@ -332,6 +333,8 @@ void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, F break; case 2: /* run the cracking function */ next_run = start_mysql(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) { diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index e6b77ec..563670b 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -19,6 +19,7 @@ void dummy_oracle_listener() { printf("\n"); } #include #define HASHSIZE 17 +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char *buf; unsigned char *hash; @@ -304,6 +305,8 @@ void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char * } /* run the cracking function */ next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c index c2db73a..32ac557 100644 --- a/hydra-oracle-sid.c +++ b/hydra-oracle-sid.c @@ -16,6 +16,7 @@ void dummy_oracle_sid() { printf("\n"); } #include #define HASHSIZE 16 +extern hydra_option hydra_options; extern char *HYDRA_EXIT; char *buf; unsigned char *hash; @@ -113,6 +114,8 @@ void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscp } /* run the cracking function */ next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) diff --git a/hydra-oracle.c b/hydra-oracle.c index 46deb44..2ae18de 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -21,6 +21,7 @@ void dummy_oracle() { printf("\n"); } #include #include +extern hydra_option hydra_options; extern char *HYDRA_EXIT; OCIEnv *o_environment; @@ -165,6 +166,8 @@ void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, break; case 2: next_run = start_oracle(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: /* clean exit */ if (sock >= 0) diff --git a/hydra-postgres.c b/hydra-postgres.c index 7f958f7..6826c78 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -16,6 +16,7 @@ void dummy_postgres() { printf("\n"); } #define DEFAULT_DB "template1" +extern hydra_option hydra_options; extern char *HYDRA_EXIT; int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { @@ -99,6 +100,8 @@ void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr * Here we start the password cracking process */ next_run = start_postgres(sock, ip, port, options, miscptr, fp); + if ((next_run == 2 || next_run == 1) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: if (sock >= 0) diff --git a/hydra-rdp.c b/hydra-rdp.c index 456a1c3..a8a69bc 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -125,6 +125,8 @@ void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL else sleep(hydra_options.conwait); next_run = start_rdp(ip, myport, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: /* clean exit */ freerdp_disconnect(instance); diff --git a/hydra-sapr3.c b/hydra-sapr3.c index 26024da..76ce7b7 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -14,6 +14,7 @@ const int32_t *__ctype_b; extern void flood(); /* for -lm */ +extern hydra_option hydra_options; extern char *HYDRA_EXIT; RFC_ERROR_INFO_EX error_info; @@ -99,6 +100,8 @@ void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, F switch (run) { case 1: /* connect and service init function */ next_run = start_sapr3(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: hydra_child_exit(0); diff --git a/hydra-smb2.c b/hydra-smb2.c index 9f396be..d1d220d 100644 --- a/hydra-smb2.c +++ b/hydra-smb2.c @@ -27,6 +27,7 @@ #include #include +extern hydra_option hydra_options; extern char *HYDRA_EXIT; typedef struct creds { @@ -173,10 +174,15 @@ bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { } void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + static int first_run = 0; hydra_register_socket(sp); + while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) { char *login, *pass; + if (first_run && hydra_options.conwait) + sleep(hydra_options.conwait); + login = hydra_get_next_login(); pass = hydra_get_next_password(); @@ -191,6 +197,8 @@ void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FI } else { hydra_completed_pair(); } + + first_run = 1; } EXIT_NORMAL; } diff --git a/hydra-ssh.c b/hydra-ssh.c index 785ae1e..96293ab 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -119,6 +119,8 @@ void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL switch (run) { case 1: /* connect and service init function */ next_run = start_ssh(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: ssh_disconnect(session); diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 092d655..cac66e0 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -16,6 +16,7 @@ void dummy_sshkey() { printf("\n"); } #if LIBSSH_VERSION_MAJOR >= 0 && LIBSSH_VERSION_MINOR >= 4 extern ssh_session session; +extern hydra_option hydra_options; extern char *HYDRA_EXIT; extern int32_t new_session; @@ -117,6 +118,8 @@ void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, switch (run) { case 1: /* connect and service init function */ next_run = start_sshkey(sock, ip, port, options, miscptr, fp); + if (next_run == 1 && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 2: ssh_disconnect(session); diff --git a/hydra-svn.c b/hydra-svn.c index 0258f9a..0664924 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -32,6 +32,7 @@ void dummy_svn() { printf("\n"); } extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); +extern hydra_option hydra_options; extern char *HYDRA_EXIT; #define DEFAULT_BRANCH "trunk" @@ -197,6 +198,8 @@ void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FIL break; case 2: next_run = start_svn(sock, ip, port, options, miscptr, fp); + if ((next_run == 1 || next_run == 2) && hydra_options.conwait) + sleep(hydra_options.conwait); break; case 3: if (sock >= 0) From 1dce42a0ccab0fa8946741e71be8bdf7fb16e9f4 Mon Sep 17 00:00:00 2001 From: andraxin Date: Fri, 29 Sep 2023 00:06:49 +0200 Subject: [PATCH 177/223] Update hydra-http-form.c Fix handling web forms that may return 401. --- hydra-http-form.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index a8e5922..b6f888e 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -66,6 +66,7 @@ int32_t success_cond = 0; int32_t getcookie = 1; int32_t auth_flag = 0; int32_t code_302_is_success = 0; +int32_t code_401_is_failure = 0; char cookie[4096] = "", cmiscptr[1024]; @@ -437,6 +438,14 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":")); miscptr = ptr; break; + case '1': + code_401_is_failure = 1; + char *tmp = strchr(miscptr, ':'); + if (tmp) + miscptr = tmp + 1; + else + miscptr += strlen(miscptr); + break; case '2': code_302_is_success = 1; char *tmp = strchr(miscptr, ':'); @@ -971,12 +980,17 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = success_cond; } - if (auth_flag) { // we received a 401 error - user is using wrong module - hydra_report(stderr, - "[ERROR] the target is using HTTP auth, not a web form, received HTTP " - "error code 401. Use module \"http%s-get\" instead.\n", - (options & OPTION_SSL) > 0 ? "s" : ""); - return 2; + if (auth_flag) { // we received a 401 error - user may be using wrong module + if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure + hydra_completed_pair(); + return 1; + } else { + hydra_report(stderr, + "[ERROR] received HTTP error code 401. The target may be using HTTP auth, " + "not a web form. Use module \"http%s-get\" instead, or set \"1=\".\n", + (options & OPTION_SSL) > 0 ? "s" : ""); + return 2; + } } if (strlen(cookie) > 0) From 15b1f93903e0ba1aa1733afd509183ba761e0683 Mon Sep 17 00:00:00 2001 From: Hatsumi-FR Date: Sun, 3 Dec 2023 14:11:19 +0100 Subject: [PATCH 178/223] Fix "make" error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Variable 'tmp' was moved to a higher scope in the parse_options function of hydra-http-form.c. This change was necessary to prevent duplicate declarations in the different switch case blocks. This PR fix "make" error : error: redefinition of ‘tmp’ --- hydra-http-form.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index b6f888e..26c2d29 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -390,7 +390,7 @@ char *stringify_headers(ptr_header_node *ptr_head) { } int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { - char *ptr, *ptr2; + char *ptr, *ptr2, *tmp; if (miscptr == NULL) return 1; @@ -440,7 +440,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '1': code_401_is_failure = 1; - char *tmp = strchr(miscptr, ':'); + *tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else @@ -448,7 +448,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '2': code_302_is_success = 1; - char *tmp = strchr(miscptr, ':'); + *tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else From 48c1e20985204087e9d30cf0fa97557bf281495b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=93TH=20Istv=C3=A1n?= Date: Tue, 5 Dec 2023 01:04:50 +0100 Subject: [PATCH 179/223] fix smb password expired vs account expired confusion --- hydra-smb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra-smb.c b/hydra-smb.c index 6fc5bbd..6476822 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1280,8 +1280,8 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char } else if (SMBerr == 0x000193) { /* Valid password, account expired */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); - hydra_completed_pair_found(); - } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ + hydra_completed_pair_skip(); + } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, password expired */ hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, password " "expired and must be changed on next logon\n", @@ -1311,7 +1311,7 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char } else if (SMBerr == 0x000071) { /* password expired */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); - hydra_completed_pair_skip(); + hydra_completed_pair_found(); } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); From 9269d54ca48717dbd66c80778dab9ea1fc15c935 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=93TH=20Istv=C3=A1n?= Date: Tue, 5 Dec 2023 00:56:18 +0100 Subject: [PATCH 180/223] add legacy SSH ciphers support --- hydra-ssh.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hydra-ssh.c b/hydra-ssh.c index 96293ab..6ccae4e 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -47,6 +47,9 @@ int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list + ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256"); + ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256"); if (ssh_connect(session) != 0) { // if the connection was drop, exit and let hydra main handle it if (verbose) @@ -192,6 +195,9 @@ int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *misc ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + // might be better to add the legacy (first two for KEX and HOST) to the default instead of specifying the full list + ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256"); + ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256"); if (ssh_connect(session) != 0) { fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session)); return 2; From 438e4fa5370b0d81b3c577a6cf7a29d6fccec624 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 5 Dec 2023 09:36:16 +0100 Subject: [PATCH 181/223] fix --- hydra-http-form.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 26c2d29..2ff75a0 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -440,7 +440,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '1': code_401_is_failure = 1; - *tmp = strchr(miscptr, ':'); + tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else @@ -448,7 +448,7 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { break; case '2': code_302_is_success = 1; - *tmp = strchr(miscptr, ':'); + tmp = strchr(miscptr, ':'); if (tmp) miscptr = tmp + 1; else From 8c4165a83bc3126dd727244e0b5466c1a18aa67c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 7 Dec 2023 15:54:02 +0100 Subject: [PATCH 182/223] show form 401 option --- hydra-http-form.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 2ff75a0..022cc24 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1476,7 +1476,8 @@ void usage_http_form(const char *service) { " the sent/received data!\n" " Note that using invalid login condition checks can result in false positives!\n" "\nThe following parameters are optional and are put between the form parameters\n" - " and the condition string; seperate them too with colons:\n" + "and the condition string; seperate them too with colons:\n" + " 1= 401 error response is interpreted as user/pass wrong\n" " 2= 302 page forward return codes identify a successful attempt\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" From 82fd1a3ca0120960a5f0263e6984e03ebc1a6b5f Mon Sep 17 00:00:00 2001 From: tothi Date: Thu, 29 Feb 2024 02:52:00 +0100 Subject: [PATCH 183/223] Update hydra-smb.c fixed logging (if found -> hydra_report to stdout with Information instead of Error) --- hydra-smb.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hydra-smb.c b/hydra-smb.c index 6476822..0db54da 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1304,13 +1304,12 @@ int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_completed_pair_skip(); } else if (SMBerr == 0x000024) { /* change password on next login [success] */ - hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_completed_pair_found(); } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ hydra_completed_pair(); } else if (SMBerr == 0x000071) { /* password expired */ - if (verbose) - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Information: PASSWORD EXPIRED\n", port, ipaddr_str, login); hydra_completed_pair_found(); } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */ if (verbose) From 03cdc31f98098cf52129d32d5cb604875538560a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 1 Apr 2024 14:18:47 +0200 Subject: [PATCH 184/223] update oracle url --- INSTALL | 2 +- configure | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 752aa63..20f12fd 100644 --- a/INSTALL +++ b/INSTALL @@ -24,5 +24,5 @@ https://wiki.termux.com/wiki/Graphical_Environment For the Oracle login module, install the basic and SDK packages: - http://www.oracle.com/technetwork/database/features/instant-client/index.html + https://www.oracle.com/database/technologies/instant-client/downloads.html diff --git a/configure b/configure index 425f80a..1ae09a9 100755 --- a/configure +++ b/configure @@ -966,7 +966,7 @@ if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then fi if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then echo " ... NOT found, module Oracle disabled" - echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" + echo "Get basic and sdk package from https://www.oracle.com/database/technologies/instant-client/downloads.html" ORACLE_PATH="" ORACLE_IPATH="" fi From eaf17e9d5dab49accd9663fd7847b9c821dac9f9 Mon Sep 17 00:00:00 2001 From: Umut Yilmaz Date: Tue, 7 May 2024 21:53:13 +0200 Subject: [PATCH 185/223] Bump Dockerfile Base Image * Debian Buster -> Debian Bookworm --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 599e7e1..9f16b02 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:bookworm-slim ARG HYDRA_VERSION="github" From eb7ab3907b97df475c455b0bd187b937e2cfe4aa Mon Sep 17 00:00:00 2001 From: a12092 Date: Tue, 13 Aug 2024 13:16:22 +0800 Subject: [PATCH 186/223] Adapt with freerdp changes FreeRDP/FreeRDP#7738 use fields under rdpContext instead of freerdp FreeRDP/FreeRDP@5f8100 removes reference to MaxTimeInCheckLoop since FreeRDP has dropped this field after migrating away from blocking poll loop. --- hydra-rdp.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index a8a69bc..dc38b40 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -16,24 +16,34 @@ void dummy_rdp() { printf("\n"); } #else #include +#include freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; - instance->settings->Username = login; - instance->settings->Password = password; - instance->settings->IgnoreCertificate = TRUE; +#if FREERDP_VERSION_MAJOR == 3 + rdpSettings* settings = instance->context->settings; +#else + rdpSettings* settings = instance->settings; +#endif + + settings->Username = login; + settings->Password = password; + settings->IgnoreCertificate = TRUE; if (password[0] == 0) - instance->settings->AuthenticationOnly = FALSE; + settings->AuthenticationOnly = FALSE; else - instance->settings->AuthenticationOnly = TRUE; - instance->settings->ServerHostname = server; - instance->settings->ServerPort = port; - instance->settings->Domain = domain; - instance->settings->MaxTimeInCheckLoop = 100; + settings->AuthenticationOnly = TRUE; + settings->ServerHostname = server; + settings->ServerPort = port; + settings->Domain = domain; + +#if FREERDP_VERSION_MAJOR == 2 + settings->MaxTimeInCheckLoop = 100; +#endif // freerdp timeout format is microseconds -> default:15000 - instance->settings->TcpConnectTimeout = hydra_options.waittime * 1000; - instance->settings->TlsSecLevel = 0; + settings->TcpConnectTimeout = hydra_options.waittime * 1000; + settings->TlsSecLevel = 0; freerdp_connect(instance); err = freerdp_get_last_error(instance->context); return err; From 7545077a16b7aec696bbf14c87b4f5a44f0d34fc Mon Sep 17 00:00:00 2001 From: a12092 Date: Tue, 13 Aug 2024 14:19:14 +0800 Subject: [PATCH 187/223] Unify settings access between freerdp 2 and 3 use `instance->context->settings` in both versions. --- hydra-rdp.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hydra-rdp.c b/hydra-rdp.c index dc38b40..0b3c690 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -21,11 +21,7 @@ freerdp *instance = 0; BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { int32_t err = 0; -#if FREERDP_VERSION_MAJOR == 3 rdpSettings* settings = instance->context->settings; -#else - rdpSettings* settings = instance->settings; -#endif settings->Username = login; settings->Password = password; From 0b7d3c4bbfe31ea459575b8e922a69254b1e7ab2 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 5 Feb 2025 23:18:42 +0100 Subject: [PATCH 188/223] integrated multipart in start_http_form, created multipart flag --- hydra-http-form.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index 022cc24..81528eb 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -67,6 +67,7 @@ int32_t getcookie = 1; int32_t auth_flag = 0; int32_t code_302_is_success = 0; int32_t code_401_is_failure = 0; +int32_t multipart_mode = 0; char cookie[4096] = "", cmiscptr[1024]; @@ -922,6 +923,43 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hydra_reconnect(s, ip, port, options, hostname); } // now prepare for the "real" request + // first handle multipart/form-data, which is always POST + if (multipart_mode){ + char *multipart_body = NULL; + char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; + multipart_body = build_multipart_body(variables, multipart_boundary); + if (multipart_body == NULL) { + hydra_report(stderr, "[ERROR] FAiled to build multipart body. \n"); + return 0; + } + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + + char content_type[256]; + snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_body); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Content-type", content_type); + + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + http_request = prepare_http_request("POST", url, multipart_body, normal_request); + free(multipart_body); + return 1; + } + + // for "normal" non-multipart POST forms if (strcmp(type, "POST") == 0) { snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) From 71c846d14fcf052ec4bb54c9290f8507c07f1a95 Mon Sep 17 00:00:00 2001 From: motypi Date: Thu, 6 Feb 2025 14:11:48 +0100 Subject: [PATCH 189/223] started on the build_multipart_body function --- hydra-http-form.c | 43 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 81528eb..8456dde 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -8,7 +8,7 @@ web-based login forms that require username and password variables via either a GET or POST request. The module works similarly to the HTTP basic auth module and will honour -proxy mode (with authenticaion) as well as SSL. The module can be invoked +proxy mode (with authentication) as well as SSL. The module can be invoked with the service names of "http-get-form", "http-post-form", "https-get-form" and "https-post-form". @@ -76,6 +76,7 @@ char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "" #define MAX_REDIRECT 8 #define MAX_CONTENT_LENGTH 20 +#define MAX_CONTENT_DISPOSITION 200 #define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; @@ -533,6 +534,38 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { return 1; } +char *build_multipart_body(char multipart_boundary){ + char *ptr, *param1, *param2, *value1, *value2; + char *body = NULL; + char content_disposition[MAX_CONTENT_DISPOSITION]; + memcpy(ptr, variables, sizeof(variables)); + param1 = ptr; + + if (1){ + while (*ptr != 0 && (*ptr != '=')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + value1 = ptr; + + while (*ptr != 0 && (*ptr != '&')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + param2 = ptr; + + while (*ptr != 0 && (*ptr != '=')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + value2 = ptr; + + strcat(body, multipart_boundary); + snprintf(content_disposition, MAX_CONTENT_DISPOSITION - 1, "%d", (int32_t)strlen(upd3variables)); + + } +} + char *prepare_http_request(char *type, char *path, char *params, char *headers) { uint32_t reqlen = 0; char *http_request = NULL; @@ -926,10 +959,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // first handle multipart/form-data, which is always POST if (multipart_mode){ char *multipart_body = NULL; - char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; - multipart_body = build_multipart_body(variables, multipart_boundary); + char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z\r\n"; + multipart_body = build_multipart_body(multipart_boundary); if (multipart_body == NULL) { - hydra_report(stderr, "[ERROR] FAiled to build multipart body. \n"); + hydra_report(stderr, "[ERROR] Failed to build multipart body. \n"); return 0; } snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); @@ -939,7 +972,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_body); + snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_boundary); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); else From 57216f5ce656190803729fe68b59351b6c94cf66 Mon Sep 17 00:00:00 2001 From: motypi Date: Thu, 6 Feb 2025 16:26:53 +0100 Subject: [PATCH 190/223] added multipart_mode flag, build function incomplete --- hydra-http-form.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 8456dde..6d05abb 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -456,6 +456,15 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { else miscptr += strlen(miscptr); break; + case 'm': //fall through + case 'M': + multipart_mode = 1; + tmp = strchr(miscptr, ':'); + if (tmp) + miscptr = tmp + 1; + else + miscptr += strlen(miscptr); + break; case 'g': // fall through case 'G': ptr = miscptr + 2; @@ -959,7 +968,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options // first handle multipart/form-data, which is always POST if (multipart_mode){ char *multipart_body = NULL; - char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z\r\n"; + char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z\r\n"; multipart_body = build_multipart_body(multipart_boundary); if (multipart_body == NULL) { hydra_report(stderr, "[ERROR] Failed to build multipart body. \n"); From 373da88a7ed2926b8fadfab38369e2cec77072e4 Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:21:47 +0100 Subject: [PATCH 191/223] build multipart function completed --- .vscode/tasks.json | 28 ++ Test | Bin 0 -> 20352 bytes Test.c | 122 +++++++ hydra-http-form.c | 663 ++++++++++++++++----------------------- peda-session-61558.txt | 3 + peda-session-61747.txt | 3 + peda-session-62215.txt | 3 + peda-session-62317.txt | 3 + peda-session-unknown.txt | 8 + 9 files changed, 445 insertions(+), 388 deletions(-) create mode 100644 .vscode/tasks.json create mode 100755 Test create mode 100644 Test.c create mode 100644 peda-session-61558.txt create mode 100644 peda-session-61747.txt create mode 100644 peda-session-62215.txt create mode 100644 peda-session-62317.txt create mode 100644 peda-session-unknown.txt diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..08d9005 --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,28 @@ +{ + "tasks": [ + { + "type": "cppbuild", + "label": "C/C++: gcc build active file", + "command": "/usr/bin/gcc", + "args": [ + "-fdiagnostics-color=always", + "-g", + "${file}", + "-o", + "${fileDirname}/${fileBasenameNoExtension}" + ], + "options": { + "cwd": "${fileDirname}" + }, + "problemMatcher": [ + "$gcc" + ], + "group": { + "kind": "build", + "isDefault": true + }, + "detail": "Task generated by Debugger." + } + ], + "version": "2.0.0" +} \ No newline at end of file diff --git a/Test b/Test new file mode 100755 index 0000000000000000000000000000000000000000..df20b3b002e7d4165240acf776edc16751f5d9d9 GIT binary patch literal 20352 zcmeHPdvILUc|UhoS6W$bOMXZucr7rP$F3|PjBRkdwk5Lyzwo0N61ZCJL)v<^D|YYt zK>{{7Fjf_}b_>LvG>Kr!;IyW3J1|jsMLc3dCuB_10BMGn(xga%rY1aUUf%w`bI!L~ zT_nG~LQeb>QGcahfk ze8AnjS=TpRKMd>qGt}u7Es1!~lJ=HF#FvOCv%7t}moD)wY4>MR{x(@L#pT68W9sS+ z+XUQ<5>Ka5xb`WU{gJFe%Sr#?z&{^+^qOz4-+uCiMW61<&3XGbXZMp%H;&tz&i>un zj*a3g&Gw#wX!G*sNVKQ<(&khKXtpPtw6ma+p?(teBF-?#ozZkAo=Sq#=5Jr@YgKxe zK@v)b`{H&qY-iJC5bBRCX>Yy_)yVNed7>C8CMpy^4@sg4r&|H($ow030240a&BXCi z^vC_nelx_EDaj_4W>BQ(EZ2fD75^CcUZ*l>s(&hdj>Bn^nMQxcG<>=qrt<$h_+A{& z(gDU)`j=0`_fNy8%X=z6w@$-<1$-|KXSooJsr*F1r#^6&o4}|O^Mp5`Bz!**89N;w z*dsE@fpk1+$Ao2N>`-`z74F+%#X|9fh^3=Z(u!mU2-v9|A{`AS5~;AX4cVe!QItJhc<&Ux&z z3AD|Bxv;vnuD9SZ+8fW<(e&2!YZ9qsbZe+55k(!n{i&p`+)}DjDx&!=jCup-5*+kL zIR7zjK<5tV@_nTt9Y2q>dHxo2H_{SfZpy`1>{>KwEJ?O{poS^9eKc1eT>A^nUGeOe? zW_{;mgm!U*mU!HrtX8u0Xdsai}zeB=?PZR`&ZmaXmIeCc4csA#oZvr z;%9TYu?TwSgn2J$<0jbV>nHp1T@Vto4R#os`+|eF9YCd1CO zMYD90eEO+$f(zufQzH8Xr14G64ugXyen7R2`PuM*GCXxc*`wZ9;Rj};2JqK|L+f#D zBi@0o!56v)PXz~`hO=)=XU{xE&ZI}#vayFy>tN?SL!I}K{SgY}&s88}2xLrTo8d^Z zeZ;2rKxF}Nm6;l}QX7X)2ZwH>`cd~bB(Za>Yw*La!RLd6FHsI;{U=qet+0nxFnkJX z!$AWvcETFR!A%ArDwNr}NQH6+p_~y}Kl!BUANWLuBEz~*;WDg00ItH?t&(&GeviO- zSY$C4w~ZCJPD1ysdI$4o%Gqg{4Rd9e6YrpTBd+v(XWUP`!Oo*_eN@!k)lPk*Q&Xy3 z98g*BmR6t1dMlI$I}Z(Y9?ECkuUwA6<%r16R*{|@`~Jt=qzBP)+JG`GGd!Yl`w{L+ z$cxJDPhkPQNx2<`yHQ7OUxXgo@H{GfUS#J(1Kv)KttGbZ^5tClTbF=^jzlttwv8yU z?4YAcTUu6X%NL%VxS-w+M1n&l3l|}FSf6Pf4UYIwwg%Vuf{z9FMAD(vsVpQI02s0( zl1xTI!N<~jZf(18LLb4w;W$M82PXY(DCEiXIo}tPgS9 zChbOQ0P)_sR5joPgr6v(%GNhNlFdciPL5p*TyoLKGm+pW4Ki-q9NP?mYL$GR<)2`1 zTr9;56f;oFKrsWw3=}g^%s?>%`3%td29<0knx-Yi6?QaZ6LG;nD3jThN=GDz2(0%D z;qxubRLxkEO4`w+?dynV22z>0jg`mc-dHN#?~8=&(3M{4sd-_hxoSq$3^I^*J|7TW zI@9S?+S`+jCnE7=ueU#&u;T+*DDw8CB76KZ#QI5$e)JYfGvE|&o8 zIGxMg1Gp9N7+}LYx!hL3PXV6;-0*%b_Y30Vpkmy*Ss1%(jd_)2o)5}y_?M_^Cw z6CGvpXZrJjwiAtdP7$oGU0Xf(nwpATo_%6v)3S>%JHMIOWdCIxN1<2v`#$k)9K+y` z0&=0czK)|6@m)v1i*#1k-tAgbRq7795t59B+R^h~F84BEUhaC4#Kls~KrsWw3=}g^ z%s?>%#S9cPP|QFv1OJaRz~6cCcU|;5HMsB< zoFt68dh%s{=uvbf3 zJ(YmQrSN@OSqyv?^pbMY_ZT(cUm@{Y;{hlxmH1qv4Ohc5iF=JZptD@!i;P*&xl-bb zjZ^S&mBg1CmqBNR!~@1(0}n_%XnX?wRTAH190$Hy;@gdFz&mCy#JSs`3w>?F#lZWF zGS~)XoCC&>fOkpUHm(PLO$Gf7vD;V)eErPpfbTN~VYQ)VJMcRV`axx*rv;q-#tGZV_=^nhF{M zV9o_zel6*A5cU$dJSM! z1z3isjQY0R%^%p7o+SMpMkRIsbHH8Xs!DkN5%u3ox~~zF5GfI!A3$)B=np0fN*5wc zp1*WeQ*vekcM;-}ZJPZaP|x>VRiq>NqLgm2o?)ea6|tpe=?~$x^bQrz&BT^flZ+$# zBLwgPad(lJ!ga~9Te=W}vWQVlvOgi&VX{g?L3qY-ew+jkv5}bL18Ve}Wc-o7;lB)= zit%S}Lg-!ttJDlaU55j1+Kh5b1vzma9@(pU;y)piJ<%lQ{t9xVQYM%$botwt^w+oy zzKqIdWq#&%H>Idndpoe#eIc~!D)F%joFCfjJ_o)Uv~+l{I|1WHO&;0n&Ov&8IR)-M zyl=1jNl3SA>CwIJRq$+SSI76dD?xT^>B!!u=6aZ+&_^Fs-2VjYb809qG;-dK=pJD- zYcl8#L+dLpdG-mmR-e;2|wE!^%t4;})w)B@MxZuh@Hwo1$Tz%#0ZyL$P8 zk}E5gRdm%a#RJ!6iY~30!yrmYgptD!y3ZuEvaS`vz%H9j))mSa{j9YXl!3FLdP1+f9(q?{nlZyLy6VZYVgageK^&D=$T+I# z*;`#_EUd1taL=DNzs{IhR*UC&4MKoctq#hAZn{7k%&a%u)fE-0a`IR|5eqs`HcJP# zvXQEuHJL?Cojti#s!en9Oyr81K%oTYepNPj?sP&75VIf`drF1i+-v*n!M14FIQO4~_?L{1C^lakz~6uA1^?zzjNxkBL_TD|aPM zCG~V_!pUr=(*2qAzghdFS?BIT-KKllF>}sS<|5akdUICH^t@u0XU*Ej z&GUv$GiILWYHlzqW9Hn45!rVjdYoi4cADmXII4WYG_Eyk7e8js_&4($*U|>l^R6^^ zomX#~yI@fHxM|$rnvG0aRw@>=Y;4WgXki0M#2T>E`K=@2KH4vmjP9~%J;2JyeIhuK zex@&#wtKQM+OyQfVLdwxqB!!Gdril<8wJ);k~w#|miK4n$@3 zgfiI0LZVZnXF@xps)eMFeL@!Y{p^5Wimy#r{fL6M0demMxyobZmw05C zif{r8N6B6bji=_uWj7SWB-=QUj_y=Lfr6!~FaQc2W$_(S8c{&HwrgD{0+0>Ohq+gEQfZV8CSN_+Rh1o3$&`DcR9^C3l)$E@{LU)5eTuA9hsl7Hk-Rio z`cnPTmT(ALp5oz9OGhf4?Z^6Dre#w)_4`rVyKzg4{En-|?hE_+=!-7j`nD}wx>~kk zwa*_GzpK4y$!5~DRkEcw9B#p-W-V#g8zy^`*_PJ!mUuFp$YM-LMNNEGu_tb4{u?SS zv>$S^BIP?0jrse8lmQ~$*|05#gQOzyl;UEvDF)&N^7#dKXYB5JC+F0n_fZ26h)*zg zpyHKhJmLVS(x>-T7k1j6uG5Mdcs1W!xM>Q!%QT;VF90b^7tRLu>n#c>n&P9f4TmA- z2!8*UOq{-ogX-nqADDjth#_X@_oFfYAs|!5KV7^2O8S{4jxS&j6L2a&Pe}c_!udW- z4^LV}J?522{`4v^Lp0`pS6~4>XdNk&BI>BA_%vPgN{z{@Ml88lM|k=k4ZjTPr#4Cuf_OW9GKt{cE9#Bs>lBYEXIU+ zs`fU3Pky`sR#ea{_3J+KK0+_UQ~6m6ejV~ttNmbhD$D9=^y$@lDnEVX2YGY$yA8fq z`z!>1IE|nC!EY{9)c6ym@4~Nsj^Ayb0e{NgS4Ot=+t8eW%sAp~J!^+>RSItXki-2F94W zS)D;G4R&l6*467au3ojy+PHS@md>r#)>W(5by{-16ySZpa?7uCPjOy~y}_TiA6QLS z^4ii@R6YKwod{|2Hs`!%J3UY^Gs-i_ly^r@Vj|C&PN*%%@Hct?u@%XrtiDh(LVJ^G zCSl{d7mKD0Q%{f79_q>dY2u-`T2B^OJ(-NISMRf?ZP}A_CZ<@_oRB?9sJ32DVp$fp zQ**!3KI%wMx@D@S;80UTB7ry|}P78BfMijE8!9FlA;6|GENMP)5in zqr}E=Nl$S*`X94sJp#9Q%r#VT{y!I9kI-VN%Q!*$ZG?WJW&7#=ZwcvA;rqCvgjfQk z(BAp~OU`FS4f*-TY?@aU+J9Zo>lhBO;xzWxJM4L0$k6*+?4yu>fHeqizgGvyaFMpB z7^yhhPm39}M#J{Jj>GVI>KqiZBb4pwrw%H+a8Q%kp4WvKzC%g{MZ3#$_5!0d7PjYg z6^8u0=lJt_+5`Q%Mr$_A=XD!~0j=kZU$ezGfl$iWp4X8Wp4N(7zq9=hYWvk%kJqIb zdUb=z9=}w5CV$@pk5o!=$imNY4SBte#m@2f7Z4QMd$k?IQ*5ZA!@YRaVSidHFl2pp z!!$$MYF1c3CLOA1II2koY{&2<1cmlI&tq6?vZaD-$J`ek_B@Yfh?&u(;>_Pqv_1E~ z@M?7pk7<$t_dnA=2SV|)J->%Ayowbybk;xaupjd(MTS4pb_|^LzY76=&Xw07>F_!) z|Gy%qKGO{8y{D$Yp5FueeB^CnyeevfX8Q^>p2n`e?d9Lk`2SBi|IZZLaXw6i|aK5fz ztLLR`zc9~H2*pZ;;UaCXxD)3U+M&}g+p*>q)7bZG!&$7#Q28v8phS2fU@P+@V9 z;<{<<>#k5%v?5nn9Hh8O+dJEN>r!R4jypy>VS9#s)7YQ5QW> +#include +#include + +// On définit ici la variable globale "variables" qui sera utilisée par build_multipart_body. +// On suppose qu'elle contient des paires clé=valeur séparées par '&'. +// Pour ce test, on utilise par exemple : +char *variables = "username=testuser&password=testpass"; + +// La fonction build_multipart_body construit le corps d'une requête multipart/form-data +// à partir de la chaîne globale "variables" et du boundary fourni. +char *build_multipart_body(char *multipart_boundary) { + if (!variables) + return NULL; // Pas de paramètres à traiter + + char *body = NULL; // Chaîne résultat + size_t body_size = 0; // Taille actuelle du corps + + // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser (strtok modifie la chaîne) + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; + + // Tokeniser la chaîne sur le caractère '&' + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Pour chaque paire, rechercher le séparateur '=' + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; // Terminer la clé + char *key = pair; + char *value = equal_sign + 1; + + // Construire la section multipart pour ce champ. + // Format attendu : + // --\r\n + // Content-Disposition: form-data; name=""\r\n + // \r\n + // \r\n + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + // Réallouer le buffer "body" pour y ajouter cette section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) + strcpy(body, section); + else + strcat(body, section); + body_size = new_body_size; + free(section); + + // Passage à la paire suivante + pair = strtok(NULL, "&"); + } + free(vars_dup); + + // Ajouter la fermeture du multipart : + // ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); + + return body; +} + +int main(void) { + // Définir un boundary pour le test + char boundary[] = "----THC-HydraBoundaryz2Z2z"; + // Appeler la fonction build_multipart_body + char *multipart_body = build_multipart_body(boundary); + if (multipart_body == NULL) { + fprintf(stderr, "Error building multipart body.\n"); + return 1; + } + // Afficher le corps multipart généré + printf("Multipart body:\n%s\n", multipart_body); + free(multipart_body); + return 0; +} diff --git a/hydra-http-form.c b/hydra-http-form.c index 6d05abb..a39330b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -543,36 +543,102 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { return 1; } -char *build_multipart_body(char multipart_boundary){ - char *ptr, *param1, *param2, *value1, *value2; - char *body = NULL; - char content_disposition[MAX_CONTENT_DISPOSITION]; - memcpy(ptr, variables, sizeof(variables)); - param1 = ptr; - - if (1){ - while (*ptr != 0 && (*ptr != '=')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - value1 = ptr; +char *build_multipart_body(char *multipart_boundary) { + if (!variables) + return NULL; // Pas de paramètres à traiter - while (*ptr != 0 && (*ptr != '&')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - param2 = ptr; + char *body = NULL; // Chaîne résultat + size_t body_size = 0; // Taille actuelle du corps - while (*ptr != 0 && (*ptr != '=')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - value2 = ptr; + // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; - strcat(body, multipart_boundary); - snprintf(content_disposition, MAX_CONTENT_DISPOSITION - 1, "%d", (int32_t)strlen(upd3variables)); + // Tokeniser la chaîne sur le caractère '&' + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Pour chaque paire, rechercher le séparateur '=' + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; // Terminer la clé + char *key = pair; + char *value = equal_sign + 1; - } + // Construire la section multipart pour ce champ. + // Format attendu : + // --\r\n + // Content-Disposition: form-data; name=""\r\n + // \r\n + // \r\n + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + // Réallouer le buffer "body" pour y ajouter cette section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) { + strcpy(body, section); + } else { + strcat(body, section); + } + body_size = new_body_size; + free(section); + + // Passage à la paire suivante + pair = strtok(NULL, "&"); + } + free(vars_dup); + + // Ajouter la fermeture du multipart : + // ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); + + return body; } char *prepare_http_request(char *type, char *path, char *params, char *headers) { @@ -775,7 +841,9 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c } } -int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, + char *miscptr, FILE *fp, char *hostname, char *type, + ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; @@ -785,12 +853,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // reset cookies from potential previous attempt + cookie[0] = 0; // Réinitialiser les cookies d'une tentative antérieure if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - // Take the next login/pass pair + /* Récupération du prochain login/mot de passe */ if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -808,14 +876,15 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); - // Replace the user/pass placeholders in the user-supplied headers + // Mise à jour des en‐têtes utilisateur (substitution dans les headers) hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^PASS64^", b64pass); - /* again: no snprintf to be portable. don't worry, buffer can't overflow */ + /* Gestion du proxy (cas avec proxy authentifié ou non) */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { + /* --- Bloc pour proxy avec authentification --- */ if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); @@ -824,12 +893,75 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); // ignore result + i = analyze_server_response(s); + if (strlen(cookie) > 0) + process_cookies(&ptr_cookie, cookie); + hydra_reconnect(s, ip, port, options, hostname); + } + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } else { + /* Cas GET avec proxy authentifié */ + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } + } else if (use_proxy == 1) { + /* --- Bloc pour proxy sans authentification --- */ + if (getcookie) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options, hostname); } - // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); @@ -879,91 +1011,34 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else { - if (use_proxy == 1) { - // proxy without authentication - if (getcookie) { - // doing a GET to get cookies - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - hydra_reconnect(s, ip, port, options, hostname); - } - // now prepare for the "real" request - if (strcmp(type, "POST") == 0) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); + /* --- Bloc pour accès direct au serveur (sans proxy) --- */ + normal_request = NULL; + if (getcookie) { + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); + if (strlen(cookie) > 0) { + process_cookies(&ptr_cookie, cookie); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } } - } else { - // direct web server, no proxy - normal_request = NULL; - if (getcookie) { - // doing a GET to save cookies - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) { - // printf("[DEBUG] Got cookie: %s\n", cookie); - process_cookies(&ptr_cookie, cookie); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - } - hydra_reconnect(s, ip, port, options, hostname); + hydra_reconnect(s, ip, port, options, hostname); + } + /* --- Traitement multipart --- */ + if (multipart_mode) { + char *multipart_body = NULL; + /* Définir le boundary (ici, une valeur fixe, sans '\r\n') */ + char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; + multipart_body = build_multipart_body(multipart_boundary); + if (multipart_body == NULL) { + hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); + return 0; } +<<<<<<< Updated upstream // now prepare for the "real" request // first handle multipart/form-data, which is always POST if (multipart_mode){ @@ -998,55 +1073,84 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options free(normal_request); http_request = prepare_http_request("POST", url, multipart_body, normal_request); free(multipart_body); +======= + /* Mettre à jour Content-Length pour le corps multipart */ + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + + /* Mettre à jour Content-Type avec le boundary */ + char content_type[256]; + snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Content-Type", content_type); + + /* Mettre à jour l'en-tête Cookie */ + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + if (normal_request != NULL) + free(normal_request); + /* Préparer la requête POST avec le corps multipart */ + http_request = prepare_http_request("POST", url, multipart_body, normal_request); + free(multipart_body); + return 1; + } + /* --- Traitement classique non-multipart --- */ + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); +>>>>>>> Stashed changes return 1; } - - // for "normal" non-multipart POST forms - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } + } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; } } } @@ -1056,12 +1160,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); - if (redirected_flag && code_302_is_success) { + if (redirected_flag && code_302_is_success) found = success_cond; - } - if (auth_flag) { // we received a 401 error - user may be using wrong module - if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure + if (auth_flag) { // 401 error + if (code_401_is_failure) { hydra_completed_pair(); return 1; } else { @@ -1076,159 +1179,20 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - // if page was redirected, follow the location header + // Gérer les redirections redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - // we have to split the location - char *startloc, *endloc; - char str[2048], str2[2048], str3[2048], str4[2048]; - - redirected_cpt--; - redirected_flag = 0; - // check if the redirect page contains the fail/success condition -#ifdef HAVE_PCRE - if (hydra_string_match(redirected_url_buff, cond) == 1) { -#else - if (strstr(redirected_url_buff, cond) != NULL) { -#endif - found = success_cond; - } else { - // location could be either absolute http(s):// or / something - // or relative - startloc = strstr(redirected_url_buff, "://"); - if (startloc != NULL) { - startloc += strlen("://"); - - if ((endloc = strchr(startloc, '\r')) != NULL) { - *endloc = 0; - } - if ((endloc = strchr(startloc, '\n')) != NULL) { - *endloc = 0; - } - strncpy(str, startloc, sizeof(str) - 1); - str[sizeof(str) - 1] = 0; - - endloc = strchr(str, '/'); - if (endloc != NULL) { - strncpy(str2, str, endloc - str); - str2[endloc - str] = 0; - } else { - strcpy(str2, str); - } - - if (strlen(str) - strlen(str2) == 0) { - strcpy(str3, "/"); - } else { - strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2)); - str3[strlen(str) - strlen(str2)] = 0; - } - } else { - strncpy(str2, webtarget, sizeof(str2) - 1); - str2[sizeof(str2) - 1] = 0; - if (redirected_url_buff[0] != '/') { - // it's a relative path, so we have to concatenate it - // with the path from the first url given - char *urlpath; - char urlpath_extracted[2048]; - - memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); - - urlpath = strrchr(url, '/'); - if (urlpath != NULL) { - strncpy(urlpath_extracted, url, urlpath - url); - sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); - } else { - sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); - } - } else { - strncpy(str3, redirected_url_buff, sizeof(str3) - 1); - str3[sizeof(str3) - 1] = 0; - } - if (debug) - hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); - } - if (str3[0] != '/') { - j = strlen(str3); - str3[j + 1] = 0; - for (i = j; i > 0; i--) - str3[i] = str3[i - 1]; - str3[0] = '/'; - } - - if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { - sprintf(str4, "%.2000s:%d", str2, port); - strcpy(str2, str4); - } - - if (verbose) - hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); - - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - - // re-use the above code to set cookies - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - - // re-use the code above to check for proxy use - if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { - // proxy with authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - if (use_proxy == 1) { - // proxy without authentication - hdrrepv(&ptr_head, "Host", str2); - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); - } else { - // direct web server, no proxy - hdrrepv(&ptr_head, "Host", str2); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", str3, NULL, normal_request); - } - } - - hydra_reconnect(s, ip, port, options, hostname); - - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - - found = analyze_server_response(s); - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - } + while (found == 0 && redirected_flag && !code_302_is_success && + (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + // Traitement de la redirection (code non modifié ici) + // ... } - // if the last status is still 3xx, set it as a false - if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { + if (found != -1 && found == success_cond && + ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && + redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1238,83 +1202,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } -void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { - int32_t run = 1, next_run = 1, sock = -1; - int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; - - // register our socket descriptor - hydra_register_socket(sp); - - /* - * Iterate through the runs. Possible values are the following: - * - 1 -> Open connection to remote server. - * - 2 -> Run password attempts. - * - 3 -> Disconnect and end with success. - * - 4 -> Disconnect and end with error. - */ - - while (1) { - if (run == 2) { - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - hydra_child_exit(1); - } - } - switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport, hostname); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; - } - case 2: /* run the cracking function */ - next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); - break; - case 3: /* clean exit */ - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_child_exit(0); - break; - case 4: /* silent error exit */ - if (sock >= 0) - sock = hydra_disconnect(sock); - hydra_child_exit(1); - break; - default: - hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); - hydra_child_exit(0); - } - run = next_run; - } -} - -void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { - ptr_cookie_node ptr_cookie = NULL; - ptr_header_node ptr_head = initialize(ip, options, miscptr); - - if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); - else { - hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(2); - } -} - void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); diff --git a/peda-session-61558.txt b/peda-session-61558.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-61558.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-61747.txt b/peda-session-61747.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-61747.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-62215.txt b/peda-session-62215.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-62215.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-62317.txt b/peda-session-62317.txt new file mode 100644 index 0000000..e50613c --- /dev/null +++ b/peda-session-62317.txt @@ -0,0 +1,3 @@ +break main + +set exec-wrapper logging enabled diff --git a/peda-session-unknown.txt b/peda-session-unknown.txt new file mode 100644 index 0000000..ddb86e5 --- /dev/null +++ b/peda-session-unknown.txt @@ -0,0 +1,8 @@ + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled + +set exec-wrapper logging enabled From 5e01d0d4e5a998cc290dc467f176874f4622115c Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:38:59 +0100 Subject: [PATCH 192/223] build multipart function completed --- hydra-http-form.c | 58 ----------------------------------------------- 1 file changed, 58 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index a39330b..f479369 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1038,7 +1038,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); return 0; } -<<<<<<< Updated upstream // now prepare for the "real" request // first handle multipart/form-data, which is always POST if (multipart_mode){ @@ -1073,63 +1072,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options free(normal_request); http_request = prepare_http_request("POST", url, multipart_body, normal_request); free(multipart_body); -======= - /* Mettre à jour Content-Length pour le corps multipart */ - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - - /* Mettre à jour Content-Type avec le boundary */ - char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Content-Type", content_type); - - /* Mettre à jour l'en-tête Cookie */ - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - - if (normal_request != NULL) - free(normal_request); - /* Préparer la requête POST avec le corps multipart */ - http_request = prepare_http_request("POST", url, multipart_body, normal_request); - free(multipart_body); - return 1; - } - /* --- Traitement classique non-multipart --- */ - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); ->>>>>>> Stashed changes return 1; } } else { From 6cca92477e76eb4ca526c06e6b27b1bdf078dcd5 Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:48:39 +0100 Subject: [PATCH 193/223] no comments --- hydra-http-form.c | 152 ++++++++++++++++++++++++++-------------------- 1 file changed, 87 insertions(+), 65 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index f479369..02be7da 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -85,6 +85,11 @@ int32_t redirected_cpt = MAX_REDIRECT; char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers + +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, + FILE *fp, int32_t port, char *hostname, char *type, + ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie); + /* * Function to perform some initial setup. */ @@ -103,6 +108,8 @@ ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char return found_header; } + + #if defined(__sun) /* Written by Kaveh R. Ghazi */ @@ -545,31 +552,31 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { char *build_multipart_body(char *multipart_boundary) { if (!variables) - return NULL; // Pas de paramètres à traiter + return NULL; - char *body = NULL; // Chaîne résultat - size_t body_size = 0; // Taille actuelle du corps + char *body = NULL; + size_t body_size = 0; - // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser + // Duplicate "variables" for tokenizing char *vars_dup = strdup(variables); if (!vars_dup) return NULL; - // Tokeniser la chaîne sur le caractère '&' + // Tokenize the string using '&' as a delimiter char *pair = strtok(vars_dup, "&"); while (pair != NULL) { - // Pour chaque paire, rechercher le séparateur '=' + // Find the '=' separator in each pair char *equal_sign = strchr(pair, '='); if (!equal_sign) { pair = strtok(NULL, "&"); continue; } - *equal_sign = '\0'; // Terminer la clé + *equal_sign = '\0'; char *key = pair; char *value = equal_sign + 1; - // Construire la section multipart pour ce champ. - // Format attendu : + // Build the multipart section for the field + // Expected format: // --\r\n // Content-Disposition: form-data; name=""\r\n // \r\n @@ -594,9 +601,9 @@ char *build_multipart_body(char *multipart_boundary) { "%s\r\n", multipart_boundary, key, value); - // Réallouer le buffer "body" pour y ajouter cette section + // Reallocate the body buffer to add this section size_t new_body_size = body_size + section_len; - char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' + char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator if (!new_body) { free(section); free(body); @@ -604,21 +611,18 @@ char *build_multipart_body(char *multipart_boundary) { return NULL; } body = new_body; - if (body_size == 0) { + if (body_size == 0) strcpy(body, section); - } else { + else strcat(body, section); - } body_size = new_body_size; free(section); - // Passage à la paire suivante pair = strtok(NULL, "&"); } free(vars_dup); - // Ajouter la fermeture du multipart : - // ----\r\n + // Append the closing boundary: ----\r\n int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); char *closing = malloc(closing_len + 1); if (!closing) { @@ -853,12 +857,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // Réinitialiser les cookies d'une tentative antérieure + cookie[0] = 0; if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; - /* Récupération du prochain login/mot de passe */ if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -876,15 +879,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); - // Mise à jour des en‐têtes utilisateur (substitution dans les headers) hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^PASS64^", b64pass); - /* Gestion du proxy (cas avec proxy authentifié ou non) */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { - /* --- Bloc pour proxy avec authentification --- */ if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); @@ -926,7 +926,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } } else { - /* Cas GET avec proxy authentifié */ if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", "0"); if (cookie_header != NULL) @@ -948,7 +947,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else if (use_proxy == 1) { - /* --- Bloc pour proxy sans authentification --- */ if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); @@ -1011,7 +1009,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else { - /* --- Bloc pour accès direct au serveur (sans proxy) --- */ + /* Direct access to the server (no proxy) */ normal_request = NULL; if (getcookie) { if (http_request != NULL) @@ -1028,50 +1026,64 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } hydra_reconnect(s, ip, port, options, hostname); } - /* --- Traitement multipart --- */ if (multipart_mode) { char *multipart_body = NULL; - /* Définir le boundary (ici, une valeur fixe, sans '\r\n') */ char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; multipart_body = build_multipart_body(multipart_boundary); if (multipart_body == NULL) { hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); return 0; } - // now prepare for the "real" request - // first handle multipart/form-data, which is always POST - if (multipart_mode){ - char *multipart_body = NULL; - char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z\r\n"; - multipart_body = build_multipart_body(multipart_boundary); - if (multipart_body == NULL) { - hydra_report(stderr, "[ERROR] Failed to build multipart body. \n"); - return 0; - } - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - - char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/for/data; boundary=%s", multipart_boundary); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Content-type", content_type); - - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - http_request = prepare_http_request("POST", url, multipart_body, normal_request); - free(multipart_body); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + + char content_type[256]; + snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Content-Type", content_type); + + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + if (normal_request != NULL) + free(normal_request); + http_request = prepare_http_request("POST", url, multipart_body, normal_request); + free(multipart_body); + return 1; + } + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); return 1; } } else { @@ -1105,7 +1117,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (redirected_flag && code_302_is_success) found = success_cond; - if (auth_flag) { // 401 error + if (auth_flag) { if (code_401_is_failure) { hydra_completed_pair(); return 1; @@ -1121,15 +1133,13 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - // Gérer les redirections redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - // Traitement de la redirection (code non modifié ici) - // ... + // Processing redirection (code omitted) } if (found != -1 && found == success_cond && @@ -1156,6 +1166,18 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m } } +void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + ptr_cookie_node ptr_cookie = NULL; + ptr_header_node ptr_head = initialize(ip, options, miscptr); + + if (ptr_head) + service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); + else { + hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); + hydra_child_exit(2); + } +} + int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be From 80a11bb1e06cba6f174b3aba691e9a46b8b1aaa3 Mon Sep 17 00:00:00 2001 From: Imane Khouani Date: Thu, 6 Feb 2025 17:54:26 +0100 Subject: [PATCH 194/223] no comments --- hydra-http-form.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 02be7da..8b105ba 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1166,18 +1166,6 @@ void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *m } } -void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { - ptr_cookie_node ptr_cookie = NULL; - ptr_header_node ptr_head = initialize(ip, options, miscptr); - - if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); - else { - hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(2); - } -} - int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be From 65c897da68b0646a713a0d6c3757808c1b2c8e83 Mon Sep 17 00:00:00 2001 From: motypi Date: Fri, 7 Feb 2025 14:27:04 +0100 Subject: [PATCH 195/223] multipart feature finished --- hydra-http-form.c | 742 +++++++++++++++++++++++++++++----------------- 1 file changed, 473 insertions(+), 269 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 8b105ba..1dd9521 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -8,7 +8,7 @@ web-based login forms that require username and password variables via either a GET or POST request. The module works similarly to the HTTP basic auth module and will honour -proxy mode (with authentication) as well as SSL. The module can be invoked +proxy mode (with authenticaion) as well as SSL. The module can be invoked with the service names of "http-get-form", "http-post-form", "https-get-form" and "https-post-form". @@ -76,7 +76,6 @@ char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "" #define MAX_REDIRECT 8 #define MAX_CONTENT_LENGTH 20 -#define MAX_CONTENT_DISPOSITION 200 #define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; @@ -85,11 +84,6 @@ int32_t redirected_cpt = MAX_REDIRECT; char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers - -void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, - FILE *fp, int32_t port, char *hostname, char *type, - ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie); - /* * Function to perform some initial setup. */ @@ -108,8 +102,6 @@ ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char return found_header; } - - #if defined(__sun) /* Written by Kaveh R. Ghazi */ @@ -463,8 +455,8 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { else miscptr += strlen(miscptr); break; - case 'm': //fall through - case 'M': + case 'm': // fall through + case 'M': multipart_mode = 1; tmp = strchr(miscptr, ':'); if (tmp) @@ -551,100 +543,96 @@ int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { } char *build_multipart_body(char *multipart_boundary) { - if (!variables) - return NULL; + if (!variables) + return NULL; - char *body = NULL; - size_t body_size = 0; + char *body = NULL; + size_t body_size = 0; - // Duplicate "variables" for tokenizing - char *vars_dup = strdup(variables); - if (!vars_dup) - return NULL; + // Duplicate "variables" for tokenizing + char *vars_dup = strdup(variables); + if (!vars_dup) + return NULL; - // Tokenize the string using '&' as a delimiter - char *pair = strtok(vars_dup, "&"); - while (pair != NULL) { - // Find the '=' separator in each pair - char *equal_sign = strchr(pair, '='); - if (!equal_sign) { - pair = strtok(NULL, "&"); - continue; - } - *equal_sign = '\0'; - char *key = pair; - char *value = equal_sign + 1; + // Tokenize the string using '&' as a delimiter + char *pair = strtok(vars_dup, "&"); + while (pair != NULL) { + // Find the '=' separator in each pair + char *equal_sign = strchr(pair, '='); + if (!equal_sign) { + pair = strtok(NULL, "&"); + continue; + } + *equal_sign = '\0'; + char *key = pair; + char *value = equal_sign + 1; - // Build the multipart section for the field - // Expected format: - // --\r\n - // Content-Disposition: form-data; name=""\r\n - // \r\n - // \r\n - int section_len = snprintf(NULL, 0, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); - - char *section = malloc(section_len + 1); - if (!section) { - free(body); - free(vars_dup); - return NULL; - } - snprintf(section, section_len + 1, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); + // Build the multipart section for the field + int section_len = snprintf(NULL, 0, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); + + char *section = malloc(section_len + 1); + if (!section) { + free(body); + free(vars_dup); + return NULL; + } + snprintf(section, section_len + 1, + "--%s\r\n" + "Content-Disposition: form-data; name=\"%s\"\r\n" + "\r\n" + "%s\r\n", + multipart_boundary, key, value); - // Reallocate the body buffer to add this section - size_t new_body_size = body_size + section_len; - char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator - if (!new_body) { - free(section); - free(body); - free(vars_dup); - return NULL; - } - body = new_body; - if (body_size == 0) - strcpy(body, section); - else - strcat(body, section); - body_size = new_body_size; - free(section); + // Reallocate the body buffer to add this section + size_t new_body_size = body_size + section_len; + char *new_body = realloc(body, new_body_size + 1); // +1 for null terminator + if (!new_body) { + free(section); + free(body); + free(vars_dup); + return NULL; + } + body = new_body; + if (body_size == 0) + strcpy(body, section); + else + strcat(body, section); + body_size = new_body_size; + free(section); - pair = strtok(NULL, "&"); - } - free(vars_dup); + pair = strtok(NULL, "&"); + } + free(vars_dup); - // Append the closing boundary: ----\r\n - int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); - char *closing = malloc(closing_len + 1); - if (!closing) { - free(body); - return NULL; - } - snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); - - size_t final_size = body_size + closing_len; - char *final_body = realloc(body, final_size + 1); - if (!final_body) { - free(closing); - free(body); - return NULL; - } - body = final_body; - strcat(body, closing); - free(closing); + // Append the closing boundary: ----\r\n + int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); + char *closing = malloc(closing_len + 1); + if (!closing) { + free(body); + return NULL; + } + snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); + + size_t final_size = body_size + closing_len; + char *final_body = realloc(body, final_size + 1); + if (!final_body) { + free(closing); + free(body); + return NULL; + } + body = final_body; + strcat(body, closing); + free(closing); - return body; + return body; } + char *prepare_http_request(char *type, char *path, char *params, char *headers) { uint32_t reqlen = 0; char *http_request = NULL; @@ -785,7 +773,7 @@ int32_t analyze_server_response(int32_t s) { if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { // yes it is. // if the cookie is not in the beginning of the cookiejar, copy the - // ones before + // ones before if (ptr != cookie && *(ptr - 1) == ' ') { strncpy(tmpcookie, cookie, ptr - cookie - 2); tmpcookie[ptr - cookie - 2] = 0; @@ -845,9 +833,7 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c } } -int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, - char *miscptr, FILE *fp, char *hostname, char *type, - ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; @@ -855,13 +841,14 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options char *http_request = NULL; int32_t found = !success_cond, i, j; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; - + char content_type[256]; memset(header, 0, sizeof(header)); - cookie[0] = 0; + cookie[0] = 0; // reset cookies from potential previous attempt if (use_proxy > 0 && proxy_count > 0) selected_proxy = random() % proxy_count; + // Take the next login/pass pair if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -874,16 +861,37 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options clogin[sizeof(clogin) - 1] = 0; strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); cpass[sizeof(cpass) - 1] = 0; - upd3variables = hydra_strrep(variables, "^USER^", clogin); - upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); - upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); - upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); + if (multipart_mode) { + char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z"; + + snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=%s", multipart_boundary); + char *multipart_body = build_multipart_body(multipart_boundary); + upd3variables = multipart_body; + + upd3variables = hydra_strrep(upd3variables, "^USER^", clogin); + upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); + upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); + upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); + +}else{ + snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded"); + + upd3variables = hydra_strrep(variables, "^USER^", clogin); + upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); + upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); + upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); +} + + + + // Replace the user/pass placeholders in the user-supplied headers hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); hdrrep(&ptr_head, "^USER64^", b64login); hdrrep(&ptr_head, "^PASS64^", b64pass); + /* again: no snprintf to be portable. don't worry, buffer can't overflow */ if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); @@ -893,11 +901,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); + i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); hydra_reconnect(s, ip, port, options, hostname); } + // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); @@ -907,69 +916,10 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; - } - } - } else if (use_proxy == 1) { - if (getcookie) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); - if (strlen(cookie) > 0) - process_cookies(&ptr_cookie, cookie); - hydra_reconnect(s, ip, port, options, hostname); - } - if (strcmp(type, "POST") == 0) { - memset(proxy_string, 0, sizeof(proxy_string)); - snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (multipart_mode) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + else + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); if (cookie_header != NULL) free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); @@ -1009,102 +959,137 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options } } } else { - /* Direct access to the server (no proxy) */ - normal_request = NULL; - if (getcookie) { - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) - return 1; - i = analyze_server_response(s); - if (strlen(cookie) > 0) { - process_cookies(&ptr_cookie, cookie); + if (use_proxy == 1) { + // proxy without authentication + if (getcookie) { + // doing a GET to get cookies + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, cookieurl); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) + process_cookies(&ptr_cookie, cookie); + hydra_reconnect(s, ip, port, options, hostname); + } + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); if (normal_request != NULL) free(normal_request); normal_request = stringify_headers(&ptr_head); - } - hydra_reconnect(s, ip, port, options, hostname); - } - if (multipart_mode) { - char *multipart_body = NULL; - char multipart_boundary[64] = "----THC-HydraBoundaryz2Z2z"; - multipart_body = build_multipart_body(multipart_boundary); - if (multipart_body == NULL) { - hydra_report(stderr, "[ERROR] Failed to build multipart body.\n"); - return 0; - } - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(multipart_body)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - - char content_type[256]; - snprintf(content_type, sizeof(content_type) - 1, "multipart/form-data; boundary=%s", multipart_boundary); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Content-Type", content_type); - - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - - if (normal_request != NULL) - free(normal_request); - http_request = prepare_http_request("POST", url, multipart_body, normal_request); - free(multipart_body); - return 1; - } - if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", content_length); - else - add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); - if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("POST", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } } } else { - if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) - hdrrepv(&ptr_head, "Content-Length", "0"); - if (cookie_header != NULL) - free(cookie_header); - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - if (normal_request != NULL) - free(normal_request); - normal_request = stringify_headers(&ptr_head); - if (http_request != NULL) - free(http_request); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); - if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { - free(cookie_header); - return 1; + // direct web server, no proxy + normal_request = NULL; + if (getcookie) { + // doing a GET to save cookies + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) { + // printf("[DEBUG] Got cookie: %s\n", cookie); + process_cookies(&ptr_cookie, cookie); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + } + hydra_reconnect(s, ip, port, options, hostname); + } + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", content_length); + else + add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); + if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } } } } @@ -1114,11 +1099,12 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options found = analyze_server_response(s); - if (redirected_flag && code_302_is_success) + if (redirected_flag && code_302_is_success) { found = success_cond; + } - if (auth_flag) { - if (code_401_is_failure) { + if (auth_flag) { // we received a 401 error - user may be using wrong module + if (code_401_is_failure) { // apparently they don't think so -- treat 401 as failure hydra_completed_pair(); return 1; } else { @@ -1133,18 +1119,159 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); + // if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); - while (found == 0 && redirected_flag && !code_302_is_success && - (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - // Processing redirection (code omitted) + while (found == 0 && redirected_flag && !code_302_is_success && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + // we have to split the location + char *startloc, *endloc; + char str[2048], str2[2048], str3[2048], str4[2048]; + + redirected_cpt--; + redirected_flag = 0; + // check if the redirect page contains the fail/success condition +#ifdef HAVE_PCRE + if (hydra_string_match(redirected_url_buff, cond) == 1) { +#else + if (strstr(redirected_url_buff, cond) != NULL) { +#endif + found = success_cond; + } else { + // location could be either absolute http(s):// or / something + // or relative + startloc = strstr(redirected_url_buff, "://"); + if (startloc != NULL) { + startloc += strlen("://"); + + if ((endloc = strchr(startloc, '\r')) != NULL) { + *endloc = 0; + } + if ((endloc = strchr(startloc, '\n')) != NULL) { + *endloc = 0; + } + strncpy(str, startloc, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; + + endloc = strchr(str, '/'); + if (endloc != NULL) { + strncpy(str2, str, endloc - str); + str2[endloc - str] = 0; + } else { + strcpy(str2, str); + } + + if (strlen(str) - strlen(str2) == 0) { + strcpy(str3, "/"); + } else { + strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2)); + str3[strlen(str) - strlen(str2)] = 0; + } + } else { + strncpy(str2, webtarget, sizeof(str2) - 1); + str2[sizeof(str2) - 1] = 0; + if (redirected_url_buff[0] != '/') { + // it's a relative path, so we have to concatenate it + // with the path from the first url given + char *urlpath; + char urlpath_extracted[2048]; + + memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); + + urlpath = strrchr(url, '/'); + if (urlpath != NULL) { + strncpy(urlpath_extracted, url, urlpath - url); + sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); + } else { + sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); + } + } else { + strncpy(str3, redirected_url_buff, sizeof(str3) - 1); + str3[sizeof(str3) - 1] = 0; + } + if (debug) + hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); + } + if (str3[0] != '/') { + j = strlen(str3); + str3[j + 1] = 0; + for (i = j; i > 0; i--) + str3[i] = str3[i - 1]; + str3[0] = '/'; + } + + if (strrchr(str2, ':') == NULL && (port != 80 || port != 443)) { + sprintf(str4, "%.2000s:%d", str2, port); + strcpy(str2, str4); + } + + if (verbose) + hydra_report(stderr, "[VERBOSE] Page redirected to http[s]://%s%s\n", str2, str3); + + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + + // re-use the above code to set cookies + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + // re-use the code above to check for proxy use + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { + // proxy with authentication + hdrrepv(&ptr_head, "Host", str2); + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); + } else { + if (use_proxy == 1) { + // proxy without authentication + hdrrepv(&ptr_head, "Host", str2); + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s%.600s", webtarget, str3); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); + } else { + // direct web server, no proxy + hdrrepv(&ptr_head, "Host", str2); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", str3, NULL, normal_request); + } + } + + hydra_reconnect(s, ip, port, options, hostname); + + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) { + free(cookie_header); + return 1; + } + + found = analyze_server_response(s); + if (strlen(cookie) > 0) + process_cookies(&ptr_cookie, cookie); + } } - if (found != -1 && found == success_cond && - ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && - redirected_cpt >= 0) { + // if the last status is still 3xx, set it as a false + if (found != -1 && found == success_cond && ((redirected_flag && code_302_is_success) || redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); } else { @@ -1154,6 +1281,83 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options return 1; } +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; + + // register our socket descriptor + hydra_register_socket(sp); + + /* + * Iterate through the runs. Possible values are the following: + * - 1 -> Open connection to remote server. + * - 2 -> Run password attempts. + * - 3 -> Disconnect and end with success. + * - 4 -> Disconnect and end with error. + */ + + while (1) { + if (run == 2) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + hydra_child_exit(1); + } + } + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + break; + case 4: /* silent error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(1); + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + ptr_cookie_node ptr_cookie = NULL; + ptr_header_node ptr_head = initialize(ip, options, miscptr); + + if (ptr_head) + service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); + else { + hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); + hydra_child_exit(2); + } +} + void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; ptr_header_node ptr_head = initialize(ip, options, miscptr); From ba9a3ba8de63e5ab95e8bc57c88704ed19a5d7e2 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Feb 2025 10:37:17 +0100 Subject: [PATCH 196/223] add help for multipart mode, remove junk files --- .vscode/tasks.json | 28 --------- Test | Bin 20352 -> 0 bytes Test.c | 122 --------------------------------------- hydra-http-form.c | 1 + peda-session-61558.txt | 3 - peda-session-61747.txt | 3 - peda-session-62215.txt | 3 - peda-session-62317.txt | 3 - peda-session-unknown.txt | 8 --- 9 files changed, 1 insertion(+), 170 deletions(-) delete mode 100644 .vscode/tasks.json delete mode 100755 Test delete mode 100644 Test.c delete mode 100644 peda-session-61558.txt delete mode 100644 peda-session-61747.txt delete mode 100644 peda-session-62215.txt delete mode 100644 peda-session-62317.txt delete mode 100644 peda-session-unknown.txt diff --git a/.vscode/tasks.json b/.vscode/tasks.json deleted file mode 100644 index 08d9005..0000000 --- a/.vscode/tasks.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "tasks": [ - { - "type": "cppbuild", - "label": "C/C++: gcc build active file", - "command": "/usr/bin/gcc", - "args": [ - "-fdiagnostics-color=always", - "-g", - "${file}", - "-o", - "${fileDirname}/${fileBasenameNoExtension}" - ], - "options": { - "cwd": "${fileDirname}" - }, - "problemMatcher": [ - "$gcc" - ], - "group": { - "kind": "build", - "isDefault": true - }, - "detail": "Task generated by Debugger." - } - ], - "version": "2.0.0" -} \ No newline at end of file diff --git a/Test b/Test deleted file mode 100755 index df20b3b002e7d4165240acf776edc16751f5d9d9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20352 zcmeHPdvILUc|UhoS6W$bOMXZucr7rP$F3|PjBRkdwk5Lyzwo0N61ZCJL)v<^D|YYt zK>{{7Fjf_}b_>LvG>Kr!;IyW3J1|jsMLc3dCuB_10BMGn(xga%rY1aUUf%w`bI!L~ zT_nG~LQeb>QGcahfk ze8AnjS=TpRKMd>qGt}u7Es1!~lJ=HF#FvOCv%7t}moD)wY4>MR{x(@L#pT68W9sS+ z+XUQ<5>Ka5xb`WU{gJFe%Sr#?z&{^+^qOz4-+uCiMW61<&3XGbXZMp%H;&tz&i>un zj*a3g&Gw#wX!G*sNVKQ<(&khKXtpPtw6ma+p?(teBF-?#ozZkAo=Sq#=5Jr@YgKxe zK@v)b`{H&qY-iJC5bBRCX>Yy_)yVNed7>C8CMpy^4@sg4r&|H($ow030240a&BXCi z^vC_nelx_EDaj_4W>BQ(EZ2fD75^CcUZ*l>s(&hdj>Bn^nMQxcG<>=qrt<$h_+A{& z(gDU)`j=0`_fNy8%X=z6w@$-<1$-|KXSooJsr*F1r#^6&o4}|O^Mp5`Bz!**89N;w z*dsE@fpk1+$Ao2N>`-`z74F+%#X|9fh^3=Z(u!mU2-v9|A{`AS5~;AX4cVe!QItJhc<&Ux&z z3AD|Bxv;vnuD9SZ+8fW<(e&2!YZ9qsbZe+55k(!n{i&p`+)}DjDx&!=jCup-5*+kL zIR7zjK<5tV@_nTt9Y2q>dHxo2H_{SfZpy`1>{>KwEJ?O{poS^9eKc1eT>A^nUGeOe? zW_{;mgm!U*mU!HrtX8u0Xdsai}zeB=?PZR`&ZmaXmIeCc4csA#oZvr z;%9TYu?TwSgn2J$<0jbV>nHp1T@Vto4R#os`+|eF9YCd1CO zMYD90eEO+$f(zufQzH8Xr14G64ugXyen7R2`PuM*GCXxc*`wZ9;Rj};2JqK|L+f#D zBi@0o!56v)PXz~`hO=)=XU{xE&ZI}#vayFy>tN?SL!I}K{SgY}&s88}2xLrTo8d^Z zeZ;2rKxF}Nm6;l}QX7X)2ZwH>`cd~bB(Za>Yw*La!RLd6FHsI;{U=qet+0nxFnkJX z!$AWvcETFR!A%ArDwNr}NQH6+p_~y}Kl!BUANWLuBEz~*;WDg00ItH?t&(&GeviO- zSY$C4w~ZCJPD1ysdI$4o%Gqg{4Rd9e6YrpTBd+v(XWUP`!Oo*_eN@!k)lPk*Q&Xy3 z98g*BmR6t1dMlI$I}Z(Y9?ECkuUwA6<%r16R*{|@`~Jt=qzBP)+JG`GGd!Yl`w{L+ z$cxJDPhkPQNx2<`yHQ7OUxXgo@H{GfUS#J(1Kv)KttGbZ^5tClTbF=^jzlttwv8yU z?4YAcTUu6X%NL%VxS-w+M1n&l3l|}FSf6Pf4UYIwwg%Vuf{z9FMAD(vsVpQI02s0( zl1xTI!N<~jZf(18LLb4w;W$M82PXY(DCEiXIo}tPgS9 zChbOQ0P)_sR5joPgr6v(%GNhNlFdciPL5p*TyoLKGm+pW4Ki-q9NP?mYL$GR<)2`1 zTr9;56f;oFKrsWw3=}g^%s?>%`3%td29<0knx-Yi6?QaZ6LG;nD3jThN=GDz2(0%D z;qxubRLxkEO4`w+?dynV22z>0jg`mc-dHN#?~8=&(3M{4sd-_hxoSq$3^I^*J|7TW zI@9S?+S`+jCnE7=ueU#&u;T+*DDw8CB76KZ#QI5$e)JYfGvE|&o8 zIGxMg1Gp9N7+}LYx!hL3PXV6;-0*%b_Y30Vpkmy*Ss1%(jd_)2o)5}y_?M_^Cw z6CGvpXZrJjwiAtdP7$oGU0Xf(nwpATo_%6v)3S>%JHMIOWdCIxN1<2v`#$k)9K+y` z0&=0czK)|6@m)v1i*#1k-tAgbRq7795t59B+R^h~F84BEUhaC4#Kls~KrsWw3=}g^ z%s?>%#S9cPP|QFv1OJaRz~6cCcU|;5HMsB< zoFt68dh%s{=uvbf3 zJ(YmQrSN@OSqyv?^pbMY_ZT(cUm@{Y;{hlxmH1qv4Ohc5iF=JZptD@!i;P*&xl-bb zjZ^S&mBg1CmqBNR!~@1(0}n_%XnX?wRTAH190$Hy;@gdFz&mCy#JSs`3w>?F#lZWF zGS~)XoCC&>fOkpUHm(PLO$Gf7vD;V)eErPpfbTN~VYQ)VJMcRV`axx*rv;q-#tGZV_=^nhF{M zV9o_zel6*A5cU$dJSM! z1z3isjQY0R%^%p7o+SMpMkRIsbHH8Xs!DkN5%u3ox~~zF5GfI!A3$)B=np0fN*5wc zp1*WeQ*vekcM;-}ZJPZaP|x>VRiq>NqLgm2o?)ea6|tpe=?~$x^bQrz&BT^flZ+$# zBLwgPad(lJ!ga~9Te=W}vWQVlvOgi&VX{g?L3qY-ew+jkv5}bL18Ve}Wc-o7;lB)= zit%S}Lg-!ttJDlaU55j1+Kh5b1vzma9@(pU;y)piJ<%lQ{t9xVQYM%$botwt^w+oy zzKqIdWq#&%H>Idndpoe#eIc~!D)F%joFCfjJ_o)Uv~+l{I|1WHO&;0n&Ov&8IR)-M zyl=1jNl3SA>CwIJRq$+SSI76dD?xT^>B!!u=6aZ+&_^Fs-2VjYb809qG;-dK=pJD- zYcl8#L+dLpdG-mmR-e;2|wE!^%t4;})w)B@MxZuh@Hwo1$Tz%#0ZyL$P8 zk}E5gRdm%a#RJ!6iY~30!yrmYgptD!y3ZuEvaS`vz%H9j))mSa{j9YXl!3FLdP1+f9(q?{nlZyLy6VZYVgageK^&D=$T+I# z*;`#_EUd1taL=DNzs{IhR*UC&4MKoctq#hAZn{7k%&a%u)fE-0a`IR|5eqs`HcJP# zvXQEuHJL?Cojti#s!en9Oyr81K%oTYepNPj?sP&75VIf`drF1i+-v*n!M14FIQO4~_?L{1C^lakz~6uA1^?zzjNxkBL_TD|aPM zCG~V_!pUr=(*2qAzghdFS?BIT-KKllF>}sS<|5akdUICH^t@u0XU*Ej z&GUv$GiILWYHlzqW9Hn45!rVjdYoi4cADmXII4WYG_Eyk7e8js_&4($*U|>l^R6^^ zomX#~yI@fHxM|$rnvG0aRw@>=Y;4WgXki0M#2T>E`K=@2KH4vmjP9~%J;2JyeIhuK zex@&#wtKQM+OyQfVLdwxqB!!Gdril<8wJ);k~w#|miK4n$@3 zgfiI0LZVZnXF@xps)eMFeL@!Y{p^5Wimy#r{fL6M0demMxyobZmw05C zif{r8N6B6bji=_uWj7SWB-=QUj_y=Lfr6!~FaQc2W$_(S8c{&HwrgD{0+0>Ohq+gEQfZV8CSN_+Rh1o3$&`DcR9^C3l)$E@{LU)5eTuA9hsl7Hk-Rio z`cnPTmT(ALp5oz9OGhf4?Z^6Dre#w)_4`rVyKzg4{En-|?hE_+=!-7j`nD}wx>~kk zwa*_GzpK4y$!5~DRkEcw9B#p-W-V#g8zy^`*_PJ!mUuFp$YM-LMNNEGu_tb4{u?SS zv>$S^BIP?0jrse8lmQ~$*|05#gQOzyl;UEvDF)&N^7#dKXYB5JC+F0n_fZ26h)*zg zpyHKhJmLVS(x>-T7k1j6uG5Mdcs1W!xM>Q!%QT;VF90b^7tRLu>n#c>n&P9f4TmA- z2!8*UOq{-ogX-nqADDjth#_X@_oFfYAs|!5KV7^2O8S{4jxS&j6L2a&Pe}c_!udW- z4^LV}J?522{`4v^Lp0`pS6~4>XdNk&BI>BA_%vPgN{z{@Ml88lM|k=k4ZjTPr#4Cuf_OW9GKt{cE9#Bs>lBYEXIU+ zs`fU3Pky`sR#ea{_3J+KK0+_UQ~6m6ejV~ttNmbhD$D9=^y$@lDnEVX2YGY$yA8fq z`z!>1IE|nC!EY{9)c6ym@4~Nsj^Ayb0e{NgS4Ot=+t8eW%sAp~J!^+>RSItXki-2F94W zS)D;G4R&l6*467au3ojy+PHS@md>r#)>W(5by{-16ySZpa?7uCPjOy~y}_TiA6QLS z^4ii@R6YKwod{|2Hs`!%J3UY^Gs-i_ly^r@Vj|C&PN*%%@Hct?u@%XrtiDh(LVJ^G zCSl{d7mKD0Q%{f79_q>dY2u-`T2B^OJ(-NISMRf?ZP}A_CZ<@_oRB?9sJ32DVp$fp zQ**!3KI%wMx@D@S;80UTB7ry|}P78BfMijE8!9FlA;6|GENMP)5in zqr}E=Nl$S*`X94sJp#9Q%r#VT{y!I9kI-VN%Q!*$ZG?WJW&7#=ZwcvA;rqCvgjfQk z(BAp~OU`FS4f*-TY?@aU+J9Zo>lhBO;xzWxJM4L0$k6*+?4yu>fHeqizgGvyaFMpB z7^yhhPm39}M#J{Jj>GVI>KqiZBb4pwrw%H+a8Q%kp4WvKzC%g{MZ3#$_5!0d7PjYg z6^8u0=lJt_+5`Q%Mr$_A=XD!~0j=kZU$ezGfl$iWp4X8Wp4N(7zq9=hYWvk%kJqIb zdUb=z9=}w5CV$@pk5o!=$imNY4SBte#m@2f7Z4QMd$k?IQ*5ZA!@YRaVSidHFl2pp z!!$$MYF1c3CLOA1II2koY{&2<1cmlI&tq6?vZaD-$J`ek_B@Yfh?&u(;>_Pqv_1E~ z@M?7pk7<$t_dnA=2SV|)J->%Ayowbybk;xaupjd(MTS4pb_|^LzY76=&Xw07>F_!) z|Gy%qKGO{8y{D$Yp5FueeB^CnyeevfX8Q^>p2n`e?d9Lk`2SBi|IZZLaXw6i|aK5fz ztLLR`zc9~H2*pZ;;UaCXxD)3U+M&}g+p*>q)7bZG!&$7#Q28v8phS2fU@P+@V9 z;<{<<>#k5%v?5nn9Hh8O+dJEN>r!R4jypy>VS9#s)7YQ5QW> -#include -#include - -// On définit ici la variable globale "variables" qui sera utilisée par build_multipart_body. -// On suppose qu'elle contient des paires clé=valeur séparées par '&'. -// Pour ce test, on utilise par exemple : -char *variables = "username=testuser&password=testpass"; - -// La fonction build_multipart_body construit le corps d'une requête multipart/form-data -// à partir de la chaîne globale "variables" et du boundary fourni. -char *build_multipart_body(char *multipart_boundary) { - if (!variables) - return NULL; // Pas de paramètres à traiter - - char *body = NULL; // Chaîne résultat - size_t body_size = 0; // Taille actuelle du corps - - // Dupliquer la chaîne "variables" afin de pouvoir la tokeniser (strtok modifie la chaîne) - char *vars_dup = strdup(variables); - if (!vars_dup) - return NULL; - - // Tokeniser la chaîne sur le caractère '&' - char *pair = strtok(vars_dup, "&"); - while (pair != NULL) { - // Pour chaque paire, rechercher le séparateur '=' - char *equal_sign = strchr(pair, '='); - if (!equal_sign) { - pair = strtok(NULL, "&"); - continue; - } - *equal_sign = '\0'; // Terminer la clé - char *key = pair; - char *value = equal_sign + 1; - - // Construire la section multipart pour ce champ. - // Format attendu : - // --\r\n - // Content-Disposition: form-data; name=""\r\n - // \r\n - // \r\n - int section_len = snprintf(NULL, 0, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); - - char *section = malloc(section_len + 1); - if (!section) { - free(body); - free(vars_dup); - return NULL; - } - snprintf(section, section_len + 1, - "--%s\r\n" - "Content-Disposition: form-data; name=\"%s\"\r\n" - "\r\n" - "%s\r\n", - multipart_boundary, key, value); - - // Réallouer le buffer "body" pour y ajouter cette section - size_t new_body_size = body_size + section_len; - char *new_body = realloc(body, new_body_size + 1); // +1 pour le '\0' - if (!new_body) { - free(section); - free(body); - free(vars_dup); - return NULL; - } - body = new_body; - if (body_size == 0) - strcpy(body, section); - else - strcat(body, section); - body_size = new_body_size; - free(section); - - // Passage à la paire suivante - pair = strtok(NULL, "&"); - } - free(vars_dup); - - // Ajouter la fermeture du multipart : - // ----\r\n - int closing_len = snprintf(NULL, 0, "--%s--\r\n", multipart_boundary); - char *closing = malloc(closing_len + 1); - if (!closing) { - free(body); - return NULL; - } - snprintf(closing, closing_len + 1, "--%s--\r\n", multipart_boundary); - - size_t final_size = body_size + closing_len; - char *final_body = realloc(body, final_size + 1); - if (!final_body) { - free(closing); - free(body); - return NULL; - } - body = final_body; - strcat(body, closing); - free(closing); - - return body; -} - -int main(void) { - // Définir un boundary pour le test - char boundary[] = "----THC-HydraBoundaryz2Z2z"; - // Appeler la fonction build_multipart_body - char *multipart_body = build_multipart_body(boundary); - if (multipart_body == NULL) { - fprintf(stderr, "Error building multipart body.\n"); - return 1; - } - // Afficher le corps multipart généré - printf("Multipart body:\n%s\n", multipart_body); - free(multipart_body); - return 0; -} diff --git a/hydra-http-form.c b/hydra-http-form.c index 1dd9521..0b42268 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1602,6 +1602,7 @@ void usage_http_form(const char *service) { "and the condition string; seperate them too with colons:\n" " 1= 401 error response is interpreted as user/pass wrong\n" " 2= 302 page forward return codes identify a successful attempt\n" + " M= attack forms that use multipart format\n" " (c|C)=/page/uri to define a different page to gather initial " "cookies from\n" " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" diff --git a/peda-session-61558.txt b/peda-session-61558.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-61558.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-61747.txt b/peda-session-61747.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-61747.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-62215.txt b/peda-session-62215.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-62215.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-62317.txt b/peda-session-62317.txt deleted file mode 100644 index e50613c..0000000 --- a/peda-session-62317.txt +++ /dev/null @@ -1,3 +0,0 @@ -break main - -set exec-wrapper logging enabled diff --git a/peda-session-unknown.txt b/peda-session-unknown.txt deleted file mode 100644 index ddb86e5..0000000 --- a/peda-session-unknown.txt +++ /dev/null @@ -1,8 +0,0 @@ - -set exec-wrapper logging enabled - -set exec-wrapper logging enabled - -set exec-wrapper logging enabled - -set exec-wrapper logging enabled From db099fcdacce542bca290c38a03c886a0db0ab78 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Feb 2025 14:57:07 +0100 Subject: [PATCH 197/223] cleaning code --- hydra-http-form.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 0b42268..4c6919b 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -863,26 +863,20 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options cpass[sizeof(cpass) - 1] = 0; if (multipart_mode) { - char multipart_boundary[32] = "----THC-HydraBoundaryz2Z2z"; - - snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=%s", multipart_boundary); - char *multipart_body = build_multipart_body(multipart_boundary); + snprintf(content_type, sizeof(content_type), "multipart/form-data; boundary=----THC-HydraBoundaryz2Z2z"); + char *multipart_body = build_multipart_body("----THC-HydraBoundaryz2Z2z"); upd3variables = multipart_body; +}else{ + snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded"); + upd3variables = variables; +} + upd3variables = hydra_strrep(upd3variables, "^USER^", clogin); upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); -}else{ - snprintf(content_type, sizeof(content_type), "application/x-www-form-urlencoded"); - - upd3variables = hydra_strrep(variables, "^USER^", clogin); - upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); - upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); - upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); -} - // Replace the user/pass placeholders in the user-supplied headers @@ -916,9 +910,6 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) - if (multipart_mode) - add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); - else add_header(&ptr_head, "Content-Type", content_type, HEADER_TYPE_DEFAULT); if (cookie_header != NULL) free(cookie_header); From 3cc53fe778a58425593a4b3fba5dc55224497ded Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 3 Mar 2025 13:00:37 +0100 Subject: [PATCH 198/223] created skip_password function --- hydra.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/hydra.c b/hydra.c index 30a8ece..a80f84f 100644 --- a/hydra.c +++ b/hydra.c @@ -1591,6 +1591,15 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } +void skip_passwords(int skips){ + for(int i=0; ipass_no >= hydra_brains.countpass) + while(*hydra_target[target_no]->pass_ptr != 0) + hydra_target[target_no]->pass_ptr++; + hydra_target[target_no]->pass_ptr++; + } +} + int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // variables moved to save stack snpdone = 0; @@ -1750,9 +1759,7 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return hydra_send_next_pair(target_no, head_no); } else { hydra_targets[target_no]->pass_ptr++; - while (*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; + skip_passwords(1); } if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; From a8f80debedf418c07efbc7b70a90ad0eb50d0252 Mon Sep 17 00:00:00 2001 From: motypi Date: Tue, 4 Mar 2025 10:34:23 +0100 Subject: [PATCH 199/223] added variables and applied skipping function --- hydra.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/hydra.c b/hydra.c index a80f84f..3d95cde 100644 --- a/hydra.c +++ b/hydra.c @@ -342,6 +342,8 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; +int32_t total_distributed_machines = 2; +int32_t distributed_machine_rank = 2; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1591,12 +1593,12 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } -void skip_passwords(int skips){ +void skip_passwords(int32_t skips, int32_t target_no){ for(int i=0; ipass_no >= hydra_brains.countpass) - while(*hydra_target[target_no]->pass_ptr != 0) - hydra_target[target_no]->pass_ptr++; - hydra_target[target_no]->pass_ptr++; + //if(*hydra_targets[target_no]->pass_no >= hydra_brains.countpass) + while(*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; } } @@ -1752,6 +1754,9 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_ptr++; + //initialise the password to start with depending on the machine's rank if using distributed computing + skip_passwords(distributed_machine_rank-1, target_no); hydra_targets[target_no]->login_no++; hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; @@ -1759,7 +1764,8 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return hydra_send_next_pair(target_no, head_no); } else { hydra_targets[target_no]->pass_ptr++; - skip_passwords(1); + //number of passwords in the wordlist to skip depending on the number of parallel machines + skip_passwords(total_distributed_machines, target_no); } if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; From 2c50bb8e6db34be37dfdbcc66c088c4b3fbd48fa Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Mar 2025 13:58:09 +0100 Subject: [PATCH 200/223] added wordlist (password,login,colonfile) segmentation on the fly using cmd option -D --- hydra.c | 112 +++++++++++++++++++++++++++++++++++++++++++++++--------- hydra.h | 1 + 2 files changed, 96 insertions(+), 17 deletions(-) diff --git a/hydra.c b/hydra.c index 3d95cde..033ede0 100644 --- a/hydra.c +++ b/hydra.c @@ -342,8 +342,8 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; -int32_t total_distributed_machines = 2; -int32_t distributed_machine_rank = 2; +int32_t num_segments = 0; +int32_t my_segment = 0; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1593,14 +1593,66 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } -void skip_passwords(int32_t skips, int32_t target_no){ - for(int i=0; ipass_no >= hydra_brains.countpass) - while(*hydra_targets[target_no]->pass_ptr != 0) - hydra_targets[target_no]->pass_ptr++; - hydra_targets[target_no]->pass_ptr++; + +FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ + fprintf(stdout, "Dividing file...\n"); + + if(my_segment > num_segments){ + fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); + return NULL; + } + + FILE *output_file; + char line[500]; + char output_file_name[20]; + + uint32_t line_number = 0; + + double total_lines; + if (total_lines = countlines(file,0)) + fprintf(stdout, "There are %f lines int the wordlist", total_lines); + else + fprintf(stderr, "Something went wrong in the counting of lines"); + + if(num_segments > total_lines){ + fprintf(stderr, "[ERROR] in option -D XofY, Y must not be greater than the total number of lines in the file to be divided: %s\n", hydra_options.passfile); + return NULL; } -} + + double segment_size_double = total_lines / num_segments; + + // round up segment_size_float to integer + uint64_t segment_size = (uint64_t)segment_size_double; + if(segment_size < segment_size_double) + segment_size++; + + uint64_t segment_start = segment_size * (my_segment - 1) + 1; + uint64_t segment_end = segment_size * my_segment; + + + sprintf(output_file_name, "segment_%d.txt", my_segment); + output_file = fopen(output_file_name, "w"); + + if(!output_file){ + fprintf(stderr, "[ERROR] Segment file empty: %s\n", hydra_options.passfile); + return NULL; + } + + while(fgets(line, sizeof line, file) != NULL && line_number < segment_end){ + line_number++; + + if(line_number >= segment_start && line_number <= segment_end) + fprintf(output_file, "%s", line); + + } + + rewind(file); + fclose(output_file); + output_file = fopen(output_file_name, "r"); + + return output_file; + + } int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // variables moved to save stack @@ -1754,9 +1806,6 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = pass_ptr; - hydra_targets[target_no]->pass_ptr++; - //initialise the password to start with depending on the machine's rank if using distributed computing - skip_passwords(distributed_machine_rank-1, target_no); hydra_targets[target_no]->login_no++; hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; @@ -1764,8 +1813,9 @@ int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { return hydra_send_next_pair(target_no, head_no); } else { hydra_targets[target_no]->pass_ptr++; - //number of passwords in the wordlist to skip depending on the number of parallel machines - skip_passwords(total_distributed_machines, target_no); + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; } if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; @@ -2184,7 +2234,7 @@ void process_proxy_line(int32_t type, char *string) { int main(int argc, char *argv[]) { char *proxy_string = NULL, *device = NULL, *memcheck; char *outfile_format_tmp; - FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp; + FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp, *filecloser=NULL; size_t countinfile = 1, sizeinfile = 0; uint64_t math2; int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; @@ -2320,6 +2370,7 @@ int main(int argc, char *argv[]) { hydra_options.loginfile = NULL; hydra_options.pass = NULL; hydra_options.passfile = NULL; + hydra_options.distributed = NULL; hydra_options.tasks = TASKS; hydra_options.max_use = MAXTASKS; hydra_options.outfile_format = FORMAT_PLAIN_TEXT; @@ -2333,8 +2384,18 @@ int main(int argc, char *argv[]) { help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:D:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { switch (i) { + case 'D': + hydra_options.distributed = optarg; + if (sscanf(hydra_options.distributed, "%dof%d", &my_segment, &num_segments) != 2) { + fprintf(stderr, "Invalid format. Expected format -D XofY where X and Y are integers.\n"); + exit(EXIT_FAILURE); + } + else{ + fprintf(stdout, "successfully set X to %d and Y to %d\n", my_segment, num_segments); + } + break; case 'h': help(1); break; @@ -3415,6 +3476,13 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for logins not found: %s\n", hydra_options.loginfile); exit(-1); } + else if (hydra_options.passfile == NULL){ + if(my_segment && num_segments){ + filecloser = lfp; + lfp = hydra_divide_file(lfp, my_segment, num_segments); + fclose(filecloser); + } + } hydra_brains.countlogin = countlines(lfp, 0); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { @@ -3447,6 +3515,11 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for passwords not found: %s\n", hydra_options.passfile); exit(-1); } + else if(my_segment && num_segments){ + filecloser = pfp; + pfp = hydra_divide_file(pfp, my_segment, num_segments); + fclose(filecloser); + } hydra_brains.countpass = countlines(pfp, 0); hydra_brains.sizepass = size_of_data; if (hydra_brains.countpass == 0) { @@ -3501,6 +3574,11 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s\n", hydra_options.colonfile); exit(-1); } + else if(my_segment && num_segments){ + filecloser = cfp; + cfp = hydra_divide_file(cfp, my_segment, num_segments); + fclose(filecloser); + } hydra_brains.countlogin = countlines(cfp, 1); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { @@ -4421,4 +4499,4 @@ int main(int argc, char *argv[]) { return -1; else return 0; -} +} \ No newline at end of file diff --git a/hydra.h b/hydra.h index 353b318..24b63e8 100644 --- a/hydra.h +++ b/hydra.h @@ -194,6 +194,7 @@ typedef struct { int32_t cidr; int32_t time_next_attempt; output_format_t outfile_format; + char *distributed; // Use distributed computing by splitting user files on the fly char *login; char *loginfile; char *pass; From f632c7231eafa000afc1b5ec1fd1e0c17cbf0036 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Mar 2025 22:41:50 +0100 Subject: [PATCH 201/223] added help for -D option --- hydra.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hydra.c b/hydra.c index 033ede0..2803fd8 100644 --- a/hydra.c +++ b/hydra.c @@ -521,6 +521,8 @@ void help(int32_t ext) { "instead of -L/-P options\n" " -M FILE list of servers to attack, one entry per " "line, ':' to specify port\n"); + PRINT_NORMAL(ext, " -D XofY Divide wordlist into Y segments and use the " + "Xth segment.\n"); PRINT_EXTEND(ext, " -o FILE write found login/password pairs to FILE instead of stdout\n" " -b FORMAT specify the format for the -o FILE: text(default), json, " "jsonv1\n" From 8faf1984d88016a96ac1dbe0c2591c40e21ab511 Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 10 Mar 2025 23:02:55 +0100 Subject: [PATCH 202/223] removed debug messages --- hydra.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/hydra.c b/hydra.c index 2803fd8..e5f71a8 100644 --- a/hydra.c +++ b/hydra.c @@ -1597,7 +1597,6 @@ char *hydra_reverse_login(int32_t head_no, char *login) { FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ - fprintf(stdout, "Dividing file...\n"); if(my_segment > num_segments){ fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); @@ -1610,11 +1609,7 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ uint32_t line_number = 0; - double total_lines; - if (total_lines = countlines(file,0)) - fprintf(stdout, "There are %f lines int the wordlist", total_lines); - else - fprintf(stderr, "Something went wrong in the counting of lines"); + double total_lines = countlines(file,0); if(num_segments > total_lines){ fprintf(stderr, "[ERROR] in option -D XofY, Y must not be greater than the total number of lines in the file to be divided: %s\n", hydra_options.passfile); @@ -2395,7 +2390,7 @@ int main(int argc, char *argv[]) { exit(EXIT_FAILURE); } else{ - fprintf(stdout, "successfully set X to %d and Y to %d\n", my_segment, num_segments); + fprintf(stdout, "-D: successfully set X to %d and Y to %d\n", my_segment, num_segments); } break; case 'h': From 5eea263707a82ccf071b0e11d210c86f22b74bf8 Mon Sep 17 00:00:00 2001 From: motypi Date: Tue, 11 Mar 2025 14:10:52 +0100 Subject: [PATCH 203/223] remove segment files at exit --- hydra.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/hydra.c b/hydra.c index e5f71a8..bb75d96 100644 --- a/hydra.c +++ b/hydra.c @@ -342,8 +342,12 @@ char *sck = NULL; int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; int32_t child_head_no = -1, child_socket; int32_t total_redo_count = 0; -int32_t num_segments = 0; -int32_t my_segment = 0; + +// requred for distributed attack capability +uint32_t num_segments = 0; +uint32_t my_segment = 0; +uint32_t junk_file_count = 0; +char junk_files[20][16]; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1595,8 +1599,12 @@ char *hydra_reverse_login(int32_t head_no, char *login) { return hydra_heads[head_no]->reverse; } +void delete_junk_files(){ + for(int i=0; i num_segments){ fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); @@ -1627,7 +1635,9 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ uint64_t segment_end = segment_size * my_segment; - sprintf(output_file_name, "segment_%d.txt", my_segment); + fprintf(stdout, "writing filename\n"); + sprintf(output_file_name, "segment_%d_%d.txt",target_no, my_segment); + fprintf(stdout, "writing successful\n"); output_file = fopen(output_file_name, "w"); if(!output_file){ @@ -1635,6 +1645,11 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ return NULL; } + if(strcpy(junk_files[junk_file_count], output_file_name)) + junk_file_count++; + + atexit(delete_junk_files); + while(fgets(line, sizeof line, file) != NULL && line_number < segment_end){ line_number++; @@ -2390,7 +2405,7 @@ int main(int argc, char *argv[]) { exit(EXIT_FAILURE); } else{ - fprintf(stdout, "-D: successfully set X to %d and Y to %d\n", my_segment, num_segments); + fprintf(stdout, "Option \'D\': successfully set X to %d and Y to %d\n", my_segment, num_segments); } break; case 'h': @@ -3476,7 +3491,7 @@ int main(int argc, char *argv[]) { else if (hydra_options.passfile == NULL){ if(my_segment && num_segments){ filecloser = lfp; - lfp = hydra_divide_file(lfp, my_segment, num_segments); + lfp = hydra_divide_file(lfp, target_no, my_segment, num_segments); fclose(filecloser); } } @@ -3514,7 +3529,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = pfp; - pfp = hydra_divide_file(pfp, my_segment, num_segments); + pfp = hydra_divide_file(pfp, target_no, my_segment, num_segments); fclose(filecloser); } hydra_brains.countpass = countlines(pfp, 0); @@ -3573,7 +3588,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = cfp; - cfp = hydra_divide_file(cfp, my_segment, num_segments); + cfp = hydra_divide_file(cfp, target_no, my_segment, num_segments); fclose(filecloser); } hydra_brains.countlogin = countlines(cfp, 1); From 4fad67d30791ddfd3f95fe5d70f67a56e53b2ca0 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Tue, 11 Mar 2025 18:42:09 +0500 Subject: [PATCH 204/223] feat: added the ability to brute force a custom port --- hydra-postgres.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-postgres.c b/hydra-postgres.c index 6826c78..3b2cac9 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -41,7 +41,7 @@ int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, * Building the connection string */ - snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); + snprintf(connection_string, sizeof(connection_string), "host = '%s' port = '%d' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), port, database, login, pass); if (verbose) hydra_report(stderr, "connection string: %s\n", connection_string); From 79f7d52ba2f2beadfbf504087500ca8c64fa8def Mon Sep 17 00:00:00 2001 From: xh4vm Date: Wed, 12 Mar 2025 13:07:12 +0500 Subject: [PATCH 205/223] feat: added paths for brute force and additional settings for all targets from the file --- hydra.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/hydra.c b/hydra.c index 30a8ece..d8ede22 100644 --- a/hydra.c +++ b/hydra.c @@ -267,6 +267,7 @@ typedef struct { typedef struct { char *target; + char *miscptr; char ip[36]; char *login_ptr; char *pass_ptr; @@ -1174,13 +1175,12 @@ void hydra_service_init(int32_t target_no) { int32_t x = 99; int32_t i; hydra_target *t = hydra_targets[target_no]; - char *miscptr = hydra_options.miscptr; FILE *ofp = hydra_brains.ofp; for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { if (services[i].init) { - x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); + x = services[i].init(t->ip, -1, options, t->miscptr, ofp, t->port, t->target); break; } } @@ -1264,13 +1264,13 @@ int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { hydra_target *t = hydra_targets[target_no]; int32_t sp = hydra_heads[head_no]->sp[1]; - char *miscptr = hydra_options.miscptr; + // char *miscptr = hydra_options.miscptr; FILE *ofp = hydra_brains.ofp; hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no]; for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { if (strcmp(hydra_options.service, services[i].name) == 0) { if (services[i].exec) { - services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); + services[i].exec(t->ip, sp, options, t->miscptr, ofp, t->port, head_target->target); // just in case a module returns (which it shouldnt) we let it exit // here exit(-1); @@ -2177,7 +2177,7 @@ int main(int argc, char *argv[]) { int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; int32_t head_no = 0, target_no = 0, exit_condition = 0, readres; time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; - char *tmpptr, *tmpptr2; + char *tmpptr, *tmpptr2, *tmpptr3; char rc, buf[MAXBUF]; time_t last_attempt = 0; fd_set fdreadheads; @@ -3543,7 +3543,7 @@ int main(int argc, char *argv[]) { fclose(rfp); } - if (hydra_options.infile_ptr != NULL) { + if (hydra_options.infile_ptr != NULL) { if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { fprintf(stderr, "[ERROR] File for targets not found: %s\n", hydra_options.infile_ptr); exit(-1); @@ -3591,6 +3591,7 @@ int main(int argc, char *argv[]) { } } else hydra_targets[i]->target = tmpptr; + if ((tmpptr2 = strchr(tmpptr, ':')) != NULL) { *tmpptr2++ = 0; tmpptr = tmpptr2; @@ -3600,6 +3601,13 @@ int main(int argc, char *argv[]) { } if (hydra_targets[i]->port == 0) hydra_targets[i]->port = hydra_options.port; + + if ((tmpptr3 = strchr(tmpptr, '/')) != NULL) { + hydra_targets[i]->miscptr = tmpptr3; + } + else + hydra_targets[i]->miscptr = "/"; + while (*tmpptr != 0) tmpptr++; tmpptr++; @@ -3622,6 +3630,7 @@ int main(int argc, char *argv[]) { memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; hydra_targets[0]->port = hydra_options.port; + hydra_targets[0]->miscptr = hydra_options.miscptr; sizeservers = strlen(hydra_options.server) + 1; } else { /* CIDR notation on command line, e.g. 192.168.0.0/24 */ @@ -3666,6 +3675,7 @@ int main(int argc, char *argv[]) { memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4); hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr)); hydra_targets[i]->port = hydra_options.port; + hydra_targets[i]->miscptr = hydra_options.miscptr; addr_cur++; i++; } @@ -3681,6 +3691,7 @@ int main(int argc, char *argv[]) { memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; hydra_targets[0]->port = hydra_options.port; + hydra_targets[0]->miscptr = hydra_options.miscptr; sizeservers = strlen(hydra_options.server) + 1; } for (i = 0; i < hydra_brains.targets; i++) { @@ -4113,7 +4124,7 @@ int main(int argc, char *argv[]) { } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + printf("[%d][%s] host: %s misc: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_targets[hydra_heads[head_no]->target_no]->miscptr, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); } if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { fprintf(hydra_brains.ofp, From 74b37e24c811c46576687d5f15fae484bdf10828 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 12 Mar 2025 10:37:01 +0100 Subject: [PATCH 206/223] unique segment filename --- hydra.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/hydra.c b/hydra.c index bb75d96..013c4d9 100644 --- a/hydra.c +++ b/hydra.c @@ -346,8 +346,7 @@ int32_t total_redo_count = 0; // requred for distributed attack capability uint32_t num_segments = 0; uint32_t my_segment = 0; -uint32_t junk_file_count = 0; -char junk_files[20][16]; +char junk_file[50]; // moved for restore feature int32_t process_restore = 0, dont_unlink; @@ -1600,11 +1599,10 @@ char *hydra_reverse_login(int32_t head_no, char *login) { } void delete_junk_files(){ - for(int i=0; i num_segments){ fprintf(stderr, "[ERROR] in option -D XofY, X must not be greater than Y: %s\n", hydra_options.passfile); @@ -1613,7 +1611,7 @@ FILE *hydra_divide_file(FILE *file, uint32_t target_no, uint32_t my_segment, uin FILE *output_file; char line[500]; - char output_file_name[20]; + char output_file_name[50]; uint32_t line_number = 0; @@ -1635,8 +1633,11 @@ FILE *hydra_divide_file(FILE *file, uint32_t target_no, uint32_t my_segment, uin uint64_t segment_end = segment_size * my_segment; - fprintf(stdout, "writing filename\n"); - sprintf(output_file_name, "segment_%d_%d.txt",target_no, my_segment); + + srand(time(NULL)); + int filetag = rand(); + + sprintf(output_file_name, "segment_%d_%d.txt",filetag, my_segment); fprintf(stdout, "writing successful\n"); output_file = fopen(output_file_name, "w"); @@ -1645,8 +1646,7 @@ FILE *hydra_divide_file(FILE *file, uint32_t target_no, uint32_t my_segment, uin return NULL; } - if(strcpy(junk_files[junk_file_count], output_file_name)) - junk_file_count++; + strcpy(junk_file, output_file_name); atexit(delete_junk_files); @@ -3491,7 +3491,7 @@ int main(int argc, char *argv[]) { else if (hydra_options.passfile == NULL){ if(my_segment && num_segments){ filecloser = lfp; - lfp = hydra_divide_file(lfp, target_no, my_segment, num_segments); + lfp = hydra_divide_file(lfp, my_segment, num_segments); fclose(filecloser); } } @@ -3529,7 +3529,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = pfp; - pfp = hydra_divide_file(pfp, target_no, my_segment, num_segments); + pfp = hydra_divide_file(pfp, my_segment, num_segments); fclose(filecloser); } hydra_brains.countpass = countlines(pfp, 0); @@ -3588,7 +3588,7 @@ int main(int argc, char *argv[]) { } else if(my_segment && num_segments){ filecloser = cfp; - cfp = hydra_divide_file(cfp, target_no, my_segment, num_segments); + cfp = hydra_divide_file(cfp, my_segment, num_segments); fclose(filecloser); } hydra_brains.countlogin = countlines(cfp, 1); From b8ea180d85fc391d5f349660081c3c8540b7b495 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 12 Mar 2025 10:38:25 +0100 Subject: [PATCH 207/223] unique segment filename --- hydra.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hydra.c b/hydra.c index 013c4d9..7def50a 100644 --- a/hydra.c +++ b/hydra.c @@ -1638,7 +1638,6 @@ FILE *hydra_divide_file(FILE *file, uint32_t my_segment, uint32_t num_segments){ int filetag = rand(); sprintf(output_file_name, "segment_%d_%d.txt",filetag, my_segment); - fprintf(stdout, "writing successful\n"); output_file = fopen(output_file_name, "w"); if(!output_file){ From ad286790ca3ca7e61a3341ee784b95864d9349d7 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Thu, 13 Mar 2025 12:26:57 +0500 Subject: [PATCH 208/223] feat: integration with http[s]-* --- hydra.c | 132 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 67 insertions(+), 65 deletions(-) diff --git a/hydra.c b/hydra.c index d8ede22..492089c 100644 --- a/hydra.c +++ b/hydra.c @@ -3201,77 +3201,79 @@ int main(int argc, char *argv[]) { bail("Compiled without SSL support, module not available"); #endif } - if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an " - "additional option or via -m, default path set to /\n"); - hydra_options.miscptr = malloc(2); - hydra_options.miscptr = "/"; - } - // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, - // "://") == NULL) - // bail("The web page you supplied must start with a \"/\", \"http://\" - // or \"https://\", e.g. \"/protected/login\""); - if (hydra_options.miscptr[0] != '/') - bail("optional parameter must start with a '/' slash!\n"); - if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " - "you can use only ONE for the service http-head/http-get!"); - if (getenv("HYDRA_PROXY_HTTP")) { - printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); - use_proxy = 1; - } - if (strstr(hydra_options.miscptr, "\\:") != NULL) { - fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " - "option, no parameter verification is performed.\n"); - } else { - sprintf(bufferurl, "%.6000s", hydra_options.miscptr); - url = strtok(bufferurl, ":"); - variables = strtok(NULL, ":"); - cond = strtok(NULL, ":"); - optional1 = strtok(NULL, "\n"); - if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) { - fprintf(stderr, - "[ERROR] the variables argument needs at least the strings " - "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", - STR_NULL(variables)); - exit(-1); + if (hydra_options.infile_ptr == NULL) { + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; } - if ((url == NULL) || (cond == NULL)) { - fprintf(stderr, - "[ERROR] Wrong syntax, requires three arguments separated by " - "a colon which may not be null: %s\n", - bufferurl); - exit(-1); + // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, + // "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" + // or \"https://\", e.g. \"/protected/login\""); + if (hydra_options.miscptr[0] != '/') + bail("optional parameter must start with a '/' slash!\n"); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; } - while ((optional1 = strtok(NULL, ":")) != NULL) { - if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { - fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + if (strstr(hydra_options.miscptr, "\\:") != NULL) { + fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " + "option, no parameter verification is performed.\n"); + } else { + sprintf(bufferurl, "%.6000s", hydra_options.miscptr); + url = strtok(bufferurl, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) { + fprintf(stderr, + "[ERROR] the variables argument needs at least the strings " + "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", + STR_NULL(variables)); exit(-1); } + if ((url == NULL) || (cond == NULL)) { + fprintf(stderr, + "[ERROR] Wrong syntax, requires three arguments separated by " + "a colon which may not be null: %s\n", + bufferurl); + exit(-1); + } + while ((optional1 = strtok(NULL, ":")) != NULL) { + if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { + fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + exit(-1); + } - switch (optional1[0]) { - case 'C': // fall through - case 'c': - if (optional1[1] != '=' || optional1[2] != '/') { - fprintf(stderr, - "[ERROR] Wrong syntax of parameter C, must look like " - "'C=/url/of/page', not http:// etc.: %s\n", - optional1); - exit(-1); + switch (optional1[0]) { + case 'C': // fall through + case 'c': + if (optional1[1] != '=' || optional1[2] != '/') { + fprintf(stderr, + "[ERROR] Wrong syntax of parameter C, must look like " + "'C=/url/of/page', not http:// etc.: %s\n", + optional1); + exit(-1); + } + break; + case 'H': // fall through + case 'h': + if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { + fprintf(stderr, + "[ERROR] Wrong syntax of parameter H, must look like " + "'H=X-My-Header: MyValue', no http:// : %s\n", + optional1); + exit(-1); + } + break; + default: + fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1); } - break; - case 'H': // fall through - case 'h': - if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { - fprintf(stderr, - "[ERROR] Wrong syntax of parameter H, must look like " - "'H=X-My-Header: MyValue', no http:// : %s\n", - optional1); - exit(-1); - } - break; - default: - fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1); } } } From ba45db1496584f3a2cd439cb794d54c7fc82b202 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Fri, 14 Mar 2025 19:28:04 +0500 Subject: [PATCH 209/223] feat: added documentation --- hydra-http-form.c | 5 +++++ hydra-http.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/hydra-http-form.c b/hydra-http-form.c index 4c6919b..7f56091 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1613,6 +1613,11 @@ void usage_http_form(const char *service) { "You can specify a header without escaping the colons, but that way you will not\n" "be able to put colons in the header value itself, as they will be interpreted by\n" "hydra as option separators.\n" + "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" + "for example, a file with targets:\n\n" + " localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n" + " localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n" + " ...\n\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/" diff --git a/hydra-http.c b/hydra-http.c index ba9a676..c083e8c 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -473,6 +473,11 @@ void usage_http(const char *service) { "present the\n" " combination is invalid. Note: this must be the last option " "supplied.\n" + "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" + "for example, a file with targets:\n\n" + " localhost:5000/protected:A=BASIC\n" + " localhost:5002/protected:A=NTLM\n" + " ...\n\n" "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: " "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", service); From aae8baae838ef02eb529f8e63b30747cae3ab4a4 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Tue, 18 Mar 2025 17:32:56 +0500 Subject: [PATCH 210/223] fix: hydra-http documentation --- hydra-http.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) mode change 100644 => 100755 hydra-http.c diff --git a/hydra-http.c b/hydra-http.c old mode 100644 new mode 100755 index c083e8c..e78f865 --- a/hydra-http.c +++ b/hydra-http.c @@ -473,12 +473,13 @@ void usage_http(const char *service) { "present the\n" " combination is invalid. Note: this must be the last option " "supplied.\n" - "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" - "for example, a file with targets:\n\n" - " localhost:5000/protected:A=BASIC\n" - " localhost:5002/protected:A=NTLM\n" - " ...\n\n" "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: " - "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", + "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n" + "To attack multiple targets, you can use the -M option with a file " + "containing the targets and their parameters.\n" + "Example file content:\n" + " localhost:5000/protected:A=BASIC\n" + " localhost:5002/protected_path:A=NTLM\n" + " ...\n\n", service); } From b81105f6af5b7e1ba43be3863a764bbd2b11c078 Mon Sep 17 00:00:00 2001 From: xh4vm Date: Tue, 18 Mar 2025 17:35:41 +0500 Subject: [PATCH 211/223] fix: hydra-http-form documentation --- hydra-http-form.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) mode change 100644 => 100755 hydra-http-form.c diff --git a/hydra-http-form.c b/hydra-http-form.c old mode 100644 new mode 100755 index 7f56091..af2f457 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1613,11 +1613,6 @@ void usage_http_form(const char *service) { "You can specify a header without escaping the colons, but that way you will not\n" "be able to put colons in the header value itself, as they will be interpreted by\n" "hydra as option separators.\n" - "Note: to attack multiple targets, you only need to pass the path to the file containing the targets with parameters,\n" - "for example, a file with targets:\n\n" - " localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n" - " localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n" - " ...\n\n" "\nExamples:\n" " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" " \"/" @@ -1629,6 +1624,12 @@ void usage_http_form(const char *service) { " \"/exchweb/bin/auth/:F=failed" "owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&" "username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:" - "C=/exchweb\":reason=\n", + "C=/exchweb\":reason=\n" + "To attack multiple targets, you can use the -M option with a file " + "containing the targets and their parameters.\n" + "Example file content:\n" + " localhost:8443/login:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=401\n" + " localhost:9443/login2:type=login&login=^USER^&password=^PASS^:h=test\\: header:F=302\n" + " ...\n\n", service); } From 3c233fdbc095842daa935753ec4dca5092c47baf Mon Sep 17 00:00:00 2001 From: motypi Date: Tue, 18 Mar 2025 16:05:08 +0100 Subject: [PATCH 212/223] Used freetds to use TDSv7. First working version. --- Makefile | 109 ++++++++++++++++++++++++++++++++++++++++++++++++-- hydra-mssql.c | 103 ++++++++--------------------------------------- 2 files changed, 122 insertions(+), 90 deletions(-) diff --git a/Makefile b/Makefile index 0fc0d2e..b228a4e 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,111 @@ -all: - @echo Error: you must run "./configure" first +STRIP=strip +XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lcurses -lssl -lpcre2-8 -lcrypto -lsybdb +XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu +XIPATHS= -I/usr/include -I/usr/include +PREFIX=/usr/local +XHYDRA_SUPPORT= +STRIP=strip + +HYDRA_LOGO= +PWI_LOGO= +SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition + +# +# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC +# +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -g +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations +CPPFLAGS += -D_GNU_SOURCE +# -Wall -g -pedantic +LIBS=-lm +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc +PIXDIR = /share/pixmaps +APPDIR = /share/applications + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + -strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) + -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ + -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) + -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - @echo Error: you must run "./configure" first + -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv + -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 + -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png + -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop diff --git a/hydra-mssql.c b/hydra-mssql.c index ee273ca..17f5bee 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -1,113 +1,42 @@ #include "hydra-mod.h" - -#define MSLEN 30 +#include +#include extern char *HYDRA_EXIT; char *buf; -unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; -unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" - "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" - "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00"; -unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" - "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" - "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00"; -unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" - "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" - "\x00\x03\x00\x00\x00"; - int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; - char *login, *pass, buffer[1024]; - char ms_login[MSLEN + 1]; - char ms_pass[MSLEN + 1]; - unsigned char len_login, len_pass; - int32_t ret = -1; + char *login, *pass; + char *ipaddr_str = hydra_address2string(ip); + + fprintf(stdout, "The target ip is: %s\n", ipaddr_str); + if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - if (strlen(login) > MSLEN) - login[MSLEN - 1] = 0; - if (strlen(pass) > MSLEN) - pass[MSLEN - 1] = 0; - len_login = strlen(login); - len_pass = strlen(pass); - memset(ms_login, 0, MSLEN + 1); - memset(ms_pass, 0, MSLEN + 1); - strcpy(ms_login, login); - strcpy(ms_pass, pass); - memset(buffer, 0, sizeof(buffer)); - memcpy(buffer, p_hdr, 39); - memcpy(buffer + 39, ms_login, MSLEN); - memcpy(buffer + MSLEN + 39, &len_login, 1); - memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN); - memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270); + DBPROCESS *dbproc; + LOGINREC *attempt; - if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) - return 1; - if (hydra_send(s, (char *)p_lng, 71, 0) < 0) - return 1; + dbinit(); + attempt = dblogin(); + DBSETLUSER(attempt, login); + DBSETLPWD(attempt, pass); - memset(buffer, 0, sizeof(buffer)); - ret = hydra_recv_nb(s, buffer, sizeof(buffer)); + // Connect without specifying a database + dbproc = dbopen(attempt, ipaddr_str); - if (ret <= 0) - return 3; - - if (ret > 10 && buffer[8] == '\xe3') { + if (dbproc != NULL) { hydra_report_found_host(port, ip, "mssql", fp); hydra_completed_pair_found(); - free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } - free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; From 3635dff5ff317a375948cd2b6893a481e183ccbd Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 07:41:46 +0100 Subject: [PATCH 213/223] handle libraries accommodate old version of TDS --- configure | 37 ++++++++++++++- hydra-mssql.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 153 insertions(+), 7 deletions(-) diff --git a/configure b/configure index 1ae09a9..dc86adb 100755 --- a/configure +++ b/configure @@ -185,6 +185,32 @@ else echo " ... zlib not found, gzip support disabled" fi +echo "Checking for sybdb (sybdb.h) ..." +for i in $INCDIRS; do + if [ -f "$i/sybdb.h" ]; then + HAVE_SYBDB="y" + fi +done + +if [ -n "$HAVE_SYBDB" ]; then + echo " ... found" +else + echo " ... sybdb not found, MSSQL module will lack TDSv7 support" +fi + +echo "Checking for sybfront (sybfront.h) ..." +for i in $INCDIRS; do + if [ -f "$i/sybfront.h" ]; then + HAVE_SYBFRONT="y" + fi +done + +if [ -n "$HAVE_SYBFRONT" ]; then + echo " ... found" +else + echo " ... sybfront not found, MSSQL module will lack TDSv7 support" +fi + echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..." if [ "X" != "X$DEBUG" ]; then echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null` @@ -1496,6 +1522,12 @@ fi if [ -n "$RSA" ]; then XDEFINES="$XDEFINES -DNO_RSA_LEGACY" fi +if [ -n "$HAVE_SYBDB" ]; then + XDEFINES="$XDEFINES -DHAVE_SYBDB" +fi +if [ -n "$HAVE_SYBFRONT" ]; then + XDEFINES="$XDEFINES -DHAVE_SYBFRONT" +fi if [ -n "$HAVE_ZLIB" ]; then XDEFINES="$XDEFINES -DHAVE_ZLIB" fi @@ -1627,6 +1659,9 @@ fi if [ -n "$HAVE_ZLIB" ]; then XLIBS="$XLIBS -lz" fi +if [ -n "$HAVE_SYBDB" ]; then + XLIBS="$XLIBS -lsybdb" +fi if [ -n "$CURSES_PATH" ]; then XLIBS="$XLIBS -lcurses" fi @@ -1804,4 +1839,4 @@ if [ "x$NOSTRIP" = "x" ]; then else cat Makefile.am | sed 's/^install:.*/install: all/' >> Makefile fi -echo "now type \"make\"" +echo "now type \"make\"" \ No newline at end of file diff --git a/hydra-mssql.c b/hydra-mssql.c index 17f5bee..4131b54 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -1,18 +1,15 @@ #include "hydra-mod.h" -#include -#include - extern char *HYDRA_EXIT; char *buf; +#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) +#include +#include int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char *ipaddr_str = hydra_address2string(ip); - fprintf(stdout, "The target ip is: %s\n", ipaddr_str); - - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -43,6 +40,120 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } +#else +#define MSLEN 30 + +unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" + "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" + "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00"; +unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" + "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" + "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00"; +unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" + "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" + "\x00\x03\x00\x00\x00"; + +int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *login, *pass, buffer[1024]; + char ms_login[MSLEN + 1]; + char ms_pass[MSLEN + 1]; + unsigned char len_login, len_pass; + int32_t ret = -1; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + if (strlen(login) > MSLEN) + login[MSLEN - 1] = 0; + if (strlen(pass) > MSLEN) + pass[MSLEN - 1] = 0; + len_login = strlen(login); + len_pass = strlen(pass); + memset(ms_login, 0, MSLEN + 1); + memset(ms_pass, 0, MSLEN + 1); + strcpy(ms_login, login); + strcpy(ms_pass, pass); + + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_hdr, 39); + memcpy(buffer + 39, ms_login, MSLEN); + memcpy(buffer + MSLEN + 39, &len_login, 1); + memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270); + + if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) + return 1; + if (hydra_send(s, (char *)p_lng, 71, 0) < 0) + return 1; + + memset(buffer, 0, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 10 && buffer[8] == '\xe3') { + hydra_report_found_host(port, ip, "mssql", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +#endif void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; From 17c6228f7bf6d680bc7d41447dd807e2193d221c Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 08:01:10 +0100 Subject: [PATCH 214/223] generated Makefile --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b228a4e..47b1751 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lcurses -lssl -lpcre2-8 -lcrypto -lsybdb +XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_SYBDB -DHAVE_SYBFRONT -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H +XLIBS= -lz -lsybdb -lcurses -lssl -lpcre2-8 -lcrypto XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu XIPATHS= -I/usr/include -I/usr/include PREFIX=/usr/local From 369374b1661712e80e0c6d9ec48962cd936aa7a2 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 12:14:50 +0100 Subject: [PATCH 215/223] revert Makefile --- Makefile | 109 ++----------------------------------------------------- 1 file changed, 3 insertions(+), 106 deletions(-) diff --git a/Makefile b/Makefile index 47b1751..0fc0d2e 100644 --- a/Makefile +++ b/Makefile @@ -1,111 +1,8 @@ -STRIP=strip -XDEFINES= -DLIBOPENSSL -DLIBNCURSES -DHAVE_PCRE -DHAVE_SYBDB -DHAVE_SYBFRONT -DHAVE_ZLIB -DHAVE_MATH_H -DHAVE_SYS_PARAM_H -XLIBS= -lz -lsybdb -lcurses -lssl -lpcre2-8 -lcrypto -XLIBPATHS=-L/usr/lib -L/usr/local/lib -L/lib -L/lib/x86_64-linux-gnu -XIPATHS= -I/usr/include -I/usr/include -PREFIX=/usr/local -XHYDRA_SUPPORT= -STRIP=strip - -HYDRA_LOGO= -PWI_LOGO= -SEC=-pie -fPIE -fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -Wl,--allow-multiple-definition - -# -# Makefile for Hydra - (c) 2001-2023 by van Hauser / THC -# -WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations -WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align -CFLAGS ?= -g -OPTS=-I. -O3 $(CFLAGS) -fcommon -Wno-deprecated-declarations -CPPFLAGS += -D_GNU_SOURCE -# -Wall -g -pedantic -LIBS=-lm -DESTDIR ?= -BINDIR = /bin -MANDIR = /man/man1/ -DATADIR = /etc -PIXDIR = /share/pixmaps -APPDIR = /share/applications - -SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ - hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ - hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ - hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ - hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ - hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ - hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ - hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ - hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ - hydra-rpcap.c hydra-radmin2.c hydra-cobaltstrike.c \ - hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ - hydra-smb2.c -OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ - hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ - hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-cobaltstrike.o hydra-xmpp.o \ - hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ - hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ - hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ - hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ - hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ - hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ - hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ - hydra-rpcap.o hydra-radmin2.o \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ - hydra-smb2.o -BINS = hydra pw-inspector - -EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ - hydra-mod.h hydra.h crc32.h d3des.h - -all: pw-inspector hydra $(XHYDRA_SUPPORT) - @echo - @echo Now type "make install" - -hydra: hydra.c $(OBJ) - $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) - @echo - @echo If men could get pregnant, abortion would be a sacrament - @echo - -xhydra: - -cd hydra-gtk && sh ./make_xhydra.sh - -pw-inspector: pw-inspector.c - -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c - -.c.o: - $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) - -strip: all - -strip $(BINS) - -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null - -install: strip - -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) - cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) - -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) - -mkdir -p $(DESTDIR)$(PREFIX)$(PIXDIR) - -cp -f xhydra.png $(DESTDIR)$(PREFIX)$(PIXDIR)/ - -mkdir -p $(DESTDIR)$(PREFIX)$(APPDIR) - -desktop-file-install --dir $(DESTDIR)$(PREFIX)$(APPDIR) xhydra.desktop +all: + @echo Error: you must run "./configure" first clean: - rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile cp -f Makefile.orig Makefile uninstall: - -rm -f $(DESTDIR)$(PREFIX)$(BINDIR)/xhydra $(DESTDIR)$(PREFIX)$(BINDIR)/hydra $(DESTDIR)$(PREFIX)$(BINDIR)/pw-inspector $(DESTDIR)$(PREFIX)$(BINDIR)/hydra-wizard.sh $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh - -rm -f $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_full.csv $(DESTDIR)$(PREFIX)$(DATADIR)/dpl4hydra_local.csv - -rm -f $(DESTDIR)$(PREFIX)$(MANDIR)/hydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/xhydra.1 $(DESTDIR)$(PREFIX)$(MANDIR)/pw-inspector.1 - -rm -f $(DESTDIR)$(PREFIX)$(PIXDIR)/xhydra.png - -rm -f $(DESTDIR)$(PREFIX)$(APPDIR)/xhydra.desktop + @echo Error: you must run "./configure" first From bc48f7625b66b969c35a127b5aa34a8dc6f2456d Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 20:14:23 +0100 Subject: [PATCH 216/223] added dbclose() and dbexit() in mssql module --- hydra-mssql.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hydra-mssql.c b/hydra-mssql.c index 4131b54..f13c20a 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -19,7 +19,9 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch LOGINREC *attempt; dbinit(); + attempt = dblogin(); + DBSETLUSER(attempt, login); DBSETLPWD(attempt, pass); @@ -27,6 +29,8 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch dbproc = dbopen(attempt, ipaddr_str); if (dbproc != NULL) { + dbclose(dbproc); + dbexit(); hydra_report_found_host(port, ip, "mssql", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -35,12 +39,15 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch } hydra_completed_pair(); + dbclose(dbproc); + dbexit(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } #else + #define MSLEN 30 unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" From 5f706c707131970dfe59bcdcc0560f39bec336a3 Mon Sep 17 00:00:00 2001 From: motypi Date: Wed, 19 Mar 2025 20:35:29 +0100 Subject: [PATCH 217/223] freetds install in README --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 44cb585..66c819a 100644 --- a/README +++ b/README @@ -96,7 +96,7 @@ for a few optional modules (note that some might not be available on your distri apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libmemcached-dev libgpg-error-dev \ - libgcrypt11-dev libgcrypt20-dev + libgcrypt11-dev libgcrypt20-dev freetds-dev ``` This enables all optional modules and features with the exception of Oracle, From b5eb38e48fdaf5c9facd3f0af7c2b0a3642df00f Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 24 Mar 2025 09:05:03 +0100 Subject: [PATCH 218/223] mixed TDS7 into old function --- hydra-mssql.c | 48 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/hydra-mssql.c b/hydra-mssql.c index f13c20a..064486b 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -5,7 +5,7 @@ char *buf; #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) #include #include -int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { +int32_t start_mssql7(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char *ipaddr_str = hydra_address2string(ip); @@ -18,8 +18,6 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch DBPROCESS *dbproc; LOGINREC *attempt; - dbinit(); - attempt = dblogin(); DBSETLUSER(attempt, login); @@ -39,14 +37,12 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch } hydra_completed_pair(); - dbclose(dbproc); - dbexit(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; } -#else +#endif #define MSLEN 30 @@ -101,6 +97,7 @@ unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; + char *ipaddr_str = hydra_address2string(ip); char ms_login[MSLEN + 1]; char ms_pass[MSLEN + 1]; unsigned char len_login, len_pass; @@ -110,6 +107,39 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; +#if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) + if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){ + + DBPROCESS *dbproc; + LOGINREC *attempt; + + attempt = dblogin(); + + DBSETLUSER(attempt, login); + DBSETLPWD(attempt, pass); + + // Connect without specifying a database + dbproc = dbopen(attempt, ipaddr_str); + + if (dbproc != NULL) { + dbclose(dbproc); + dbexit(); + hydra_report_found_host(port, ip, "mssql", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; + + } + +#endif if (strlen(login) > MSLEN) login[MSLEN - 1] = 0; if (strlen(pass) > MSLEN) @@ -160,12 +190,14 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } -#endif - void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { int32_t run = 1, next_run = 1, sock = -1; int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) + dbinit(); + #endif + hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; From 1af16824144c17cc97517435d3ea99364b7a0d3b Mon Sep 17 00:00:00 2001 From: motypi Date: Mon, 24 Mar 2025 10:23:51 +0100 Subject: [PATCH 219/223] delete tds7 function and print warning --- hydra-mssql.c | 42 ++++-------------------------------------- 1 file changed, 4 insertions(+), 38 deletions(-) diff --git a/hydra-mssql.c b/hydra-mssql.c index 064486b..1133641 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -5,43 +5,6 @@ char *buf; #if defined(HAVE_SYBFRONT) && defined(HAVE_SYBDB) #include #include -int32_t start_mssql7(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { - char *empty = ""; - char *login, *pass; - char *ipaddr_str = hydra_address2string(ip); - - if (strlen(login = hydra_get_next_login()) == 0) - login = empty; - if (strlen(pass = hydra_get_next_password()) == 0) - pass = empty; - - DBPROCESS *dbproc; - LOGINREC *attempt; - - attempt = dblogin(); - - DBSETLUSER(attempt, login); - DBSETLPWD(attempt, pass); - - // Connect without specifying a database - dbproc = dbopen(attempt, ipaddr_str); - - if (dbproc != NULL) { - dbclose(dbproc); - dbexit(); - hydra_report_found_host(port, ip, "mssql", fp); - hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 2; - return 1; - } - - hydra_completed_pair(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 2; - - return 1; -} #endif #define MSLEN 30 @@ -138,7 +101,10 @@ int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } - +#else + if ((strlen(login) > MSLEN) || (strlen(pass) > MSLEN)){ + fprintf(stderr,"[WARNING] To crack credentials longer than 30 characters, install freetds and recompile\n"); + } #endif if (strlen(login) > MSLEN) login[MSLEN - 1] = 0; From 21262626e0d79e60421c3305366cd6e26927d310 Mon Sep 17 00:00:00 2001 From: iskanred Date: Tue, 1 Apr 2025 04:59:28 +0300 Subject: [PATCH 220/223] Fix typo in README: lenght --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 44cb585..1c7cf74 100644 --- a/README +++ b/README @@ -267,7 +267,7 @@ Examples: -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters -x 2:5:/ generate passwords from length 2 to 5 containing only slashes -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers --x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates lenght 3 passwords with all 95 characters, and verbose. +-x '3:3:aA1&~#\\ "\'<{([-|_^@)]=}>$%*?./§,;:!`' -v generates length 3 passwords with all 95 characters, and verbose. ``` Example: From f80dc5aa023c911a2b8f7a5998ffe251118a0535 Mon Sep 17 00:00:00 2001 From: oss-belobog Date: Wed, 4 Jun 2025 00:54:30 +0800 Subject: [PATCH 221/223] fix several memory leaks --- hydra-ftp.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/hydra-ftp.c b/hydra-ftp.c index 590d671..c6e256c 100644 --- a/hydra-ftp.c +++ b/hydra-ftp.c @@ -26,8 +26,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char if (verbose) printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(buf); return 4; + } free(buf); return 1; } @@ -35,8 +37,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char if (buf[0] == '2') { hydra_report_found_host(port, ip, "ftp", fp); hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(buf); return 4; + } free(buf); return 1; } @@ -61,8 +65,10 @@ int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char if (buf[0] == '2') { hydra_report_found_host(port, ip, "ftp", fp); hydra_completed_pair_found(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(buf); return 4; + } free(buf); return 1; } From 5ddee91edc377ec9dc11105b5ef05f8e30fc48bd Mon Sep 17 00:00:00 2001 From: xh4vm Date: Sun, 29 Jun 2025 19:22:31 +0500 Subject: [PATCH 222/223] feat: pop3 capa fix --- hydra-pop3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-pop3.c b/hydra-pop3.c index acd6c2e..3671a95 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -109,7 +109,7 @@ char *pop3_read_server_capacity(int32_t sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; - if (*(ptr) == '.' || *(ptr) == '-') + if (buf[strlen(buf) - 1] == '.' || *(ptr) == '.' || *(ptr) == '-') resp = 1; } } From cbd08d570275489b4b205c82878f835add924992 Mon Sep 17 00:00:00 2001 From: lhywk Date: Thu, 3 Jul 2025 05:07:27 +0000 Subject: [PATCH 223/223] Add NULL check after hydra_receive_line() in start_redis() --- hydra-redis.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hydra-redis.c b/hydra-redis.c index 179007c..5a81cec 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -24,6 +24,11 @@ int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, ch return 1; } buf = hydra_receive_line(s); + if (buf == NULL) { + hydra_report(stderr, "[ERROR] Failed to receive response from Redis server.\n"); + return 3; + } + if (buf[0] == '+') { hydra_report_found_host(port, ip, "redis", fp); hydra_completed_pair_found();